Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Intermitent lock up on internet, high cpu & high disk write usage


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a different way ..

At the command prompt type cd k:
That should not take you to the USB
Then type frst.exe

That should start frst
  • 0

Advertisements


#17
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, at the command prompt I type -- cd k:frst.exe -----The device is not ready


Edited by Falcor2, 23 November 2014 - 08:52 AM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you have it on the USB could you boot to normal windows and then try to run it from there, if that fails then do the following

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#19
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, downloaded combofix to the desktop, disabled Norton antivirus and smart firewall until restart.

Started ComboFix----It stated Norton Antispyware is active and continued anyway---I forgot about Win Patrol being on

ComboFix stopped after step 2 stating NirCmd has stopped working------A problem caused the program to stop working correctly, Please close the program


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm this is obviously sent to try me ...


Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme and run
Select Step 5 : Back up your registry and create a system restore point
waiobackup.JPG

Then select the Repairs tab

waiorepairs.JPG

Select Open repairs

Select the following repair number items :

1
2
10



Click Start

waiorepair.JPG


Once it has completed then reboot the system
  • 0

#21
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, we have a winner-----Windows All In One Repair downloaded and ran with no problems With repairs 1,2 & 10


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now try FRST again from the desktop
  • 0

#23
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, FRST downloaded and ran from desktop.

 

Both logs to follow

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Owner (administrator) on OWNER-PC on 23-11-2014 14:43:23
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: IUSR_NMPR & Owner & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\ConfigurationWizard.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [815104 2007-07-31] (brother)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-11-16] (Corel, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files\PrintMaster Platinum 18\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1371034432-2163038012-706413920-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {5CC4072C-F0A3-4E1C-80D9-A3B5F4CF6F55} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {5CC4072C-F0A3-4E1C-80D9-A3B5F4CF6F55} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {F1B7CDF3-6949-4C6B-90B6-A5C93B35D08A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpIdfPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1082
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\28\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-11-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-26]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-28]
FF HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.co...pe=prefix&li=ff
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-21]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-21]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-21]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-21]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-21]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-21]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-29] (WildTangent)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141121.001\IDSvix86.sys [479448 2014-11-17] (Symantec Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141122.002\NAVENG.SYS [95704 2014-11-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141122.002\NAVEX15.SYS [1636696 2014-11-20] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [4608 2006-07-13] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 14:43 - 2014-11-23 14:44 - 00024872 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-23 14:40 - 2014-11-23 14:43 - 00000000 ____D () C:\FRST
2014-11-23 14:40 - 2014-11-23 14:40 - 01110016 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-11-23 13:19 - 2014-11-23 13:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-11-23 13:19 - 2014-11-23 13:19 - 00000000 ____D () C:\RegBackup
2014-11-23 13:03 - 2014-11-23 13:03 - 00001914 _____ () C:\Users\Owner\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-11-23 13:03 - 2014-11-23 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-23 13:03 - 2014-11-23 13:03 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-23 12:59 - 2014-11-23 13:00 - 09817304 _____ () C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-11-23 11:35 - 2014-11-23 11:35 - 00000558 _____ () C:\Windows\PFRO.log
2014-11-23 11:27 - 2014-11-23 11:34 - 00000000 ___SD () C:\ComboFix
2014-11-23 11:27 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 11:27 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 11:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 11:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 11:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 11:27 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 11:27 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 11:27 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 11:24 - 2014-11-23 11:27 - 00000000 ____D () C:\Qoobox
2014-11-23 11:23 - 2014-11-23 11:27 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-23 11:23 - 2014-11-23 11:23 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 11:21 - 2014-11-23 11:21 - 05598306 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-11-22 13:23 - 2014-11-22 15:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-22 12:39 - 2014-11-22 12:46 - 126310400 _____ () C:\Users\Owner\Desktop\vista32 rc.iso
2014-11-22 12:31 - 2014-11-22 12:31 - 00640424 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Owner\Desktop\rufus-1.4.12.exe
2014-11-20 03:00 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:44 - 2014-11-19 09:44 - 00053158 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-11-19 09:42 - 2014-11-19 09:42 - 00076962 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-11-19 09:23 - 2014-11-19 09:23 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-11-13 02:32 - 2014-11-13 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-13 02:29 - 2014-11-13 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-13 02:28 - 2014-11-13 02:29 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-13 02:28 - 2014-11-13 02:28 - 00000000 ____D () C:\Program Files\iPod
2014-11-12 03:17 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 03:17 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 03:16 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 03:16 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 03:16 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:16 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 03:15 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 03:14 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:12 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 03:11 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 03:11 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:00 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 17:20 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 17:20 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 17:20 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 17:20 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 17:20 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 17:20 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 17:20 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 17:20 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 17:20 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 17:20 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 17:20 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 17:20 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 17:20 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 17:20 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 17:20 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 17:20 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 17:20 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 17:20 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 17:19 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 17:19 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 17:19 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-27 02:32 - 2014-10-27 02:32 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-27 02:32 - 2014-10-27 02:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-27 02:32 - 2014-10-27 02:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-27 02:32 - 2014-10-27 02:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-27 02:32 - 2014-10-27 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 02:32 - 2014-10-27 02:32 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 14:23 - 2014-10-21 21:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 14:09 - 2006-11-02 05:33 - 00772866 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 14:03 - 2010-09-26 13:14 - 00296032 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 14:02 - 2014-10-21 21:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 14:02 - 2012-05-20 07:44 - 00000358 _____ () C:\Windows\Brownie.ini
2014-11-23 14:02 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 14:02 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 14:01 - 2013-08-24 20:33 - 00000284 _____ () C:\Windows\Tasks\pcreg.job
2014-11-23 14:01 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 14:01 - 2006-11-02 07:47 - 00905400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 14:00 - 2006-11-02 08:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-23 14:00 - 2006-11-02 07:52 - 01703695 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 13:53 - 2014-10-21 21:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 13:46 - 2013-06-08 21:42 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-23 11:34 - 2011-05-27 09:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-11-22 13:42 - 2007-03-30 01:58 - 00000000 ____D () C:\ProgramData\Roxio
2014-11-22 13:23 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-22 10:09 - 2012-02-06 19:52 - 00002587 _____ () C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2014-11-22 00:47 - 2014-10-21 21:43 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-21 08:20 - 2014-05-23 15:13 - 00000766 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-21 08:20 - 2014-05-23 15:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-16 12:20 - 2013-02-20 19:33 - 00000000 ____D () C:\Users\Owner\Documents\KATIE'S STUFF
2014-11-13 02:33 - 2012-09-12 21:29 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-13 02:32 - 2012-09-12 21:29 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-13 02:29 - 2012-10-03 23:10 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-13 02:29 - 2012-10-03 23:09 - 00000000 ____D () C:\Program Files\iTunes
2014-11-13 02:28 - 2012-10-03 23:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-13 02:28 - 2011-07-07 20:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-13 02:24 - 2010-09-26 13:10 - 00000000 ____D () C:\Users\Owner
2014-11-12 08:23 - 2014-10-21 21:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 08:23 - 2014-10-21 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 07:21 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 03:38 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:16 - 2007-03-30 02:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:10 - 2013-08-03 04:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 10:20 - 2012-02-23 15:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Symantec
2014-11-07 15:58 - 2010-10-04 23:31 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-11-06 02:14 - 2014-09-06 06:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-11-02 19:42 - 2010-09-26 13:22 - 00000000 ____D () C:\Users\Owner\Documents\JEANNE'S STUFF
2014-10-27 02:33 - 2013-10-17 13:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 02:32 - 2010-12-26 08:10 - 00000000 ____D () C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-23 14:12

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by Owner at 2014-11-23 14:44:29
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4 Elements (HKLM\...\4 Elements_is1) (Version: 1.0 - Media Contact LLC)
4 Elements (Version: 2.2.0.95 - WildTangent) Hidden
4 Elements II (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Age Of Emerald (HKLM\...\Travel Agency_is1) (Version: 1.0 - Media Contact LLC)
AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atlantis (HKLM\...\Atlantis_is1) (Version: 1.0 - Media Contact LLC)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Bejeweled 2 Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version:  - Oberon Media)
Bicycle Canasta (Version: 2.2.0.98 - WildTangent) Hidden
Big City Adventures Paris (Version: 3.0.2.38 - WildTangent) Hidden
Blasterball 2 from WildGames (remove only) (HKLM\...\6FE5CFCA-DD69-4E25-9502-237386466C2E) (Version:  - WildTangent)
Blasterball 2: Holidays (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2140 (HKLM\...\{49F450C3-EBDC-40A9-8CF8-4149326169AB}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
C4100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
c4100_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
Call Of Atlantis (HKLM\...\Call Of Atlantis_is1) (Version: 1.0 - Media Contact LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Code-X 2014 (HKLM\...\com.adobe.air.aaos.Code-X2014) (Version: 1.0.14 - AAOS)
Code-X 2014 (Version: 1.0.14 - AAOS) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro Photo XI (HKLM\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.31 - Corel, Inc.)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Deer Avenger 3 (HKLM\...\Deer Avenger 3) (Version:  - )
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Everyday Jigsaw (HKLM\...\Everyday Jigsaw) (Version:  - )
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GOG.com Downloader version 3.5.8 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.5.8 - GOG.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GreatArcadeHits (HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4262.12 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.8.0 - Hewlett-Packard Company)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Support Solutions Framework (HKLM\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JigsawBoom (HKLM\...\JigsawBoom_is1) (Version: 1.0 - Media Contact LLC)
KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version:  - )
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Mahjong Garden Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}) (Version:  - Oberon Media)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Morrowind (HKLM\...\{B42F73D4-AFDA-4761-B3F4-23A872D11339}) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
muvee autoProducer 5.0 (HKLM\...\{77CA976C-403C-47E2-940B-733ECAB6F62B}) (Version: 5.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1505 - WildTangent)
Myst III EXILE Patch 1.22 (HKLM\...\{A4B28C95-9883-11D5-9E9D-0050DA1EA555}) (Version:  - )
Myst III: Exile (HKLM\...\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}) (Version:  - )
Myst IV - Revelation (HKLM\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1.03 - )
Myst Masterpiece Edition (HKLM\...\Myst Masterpiece Edition_is1) (Version:  - GOG.com)
Myst Uru - Complete Chronicles (HKLM\...\{69BA7792-853B-45A3-A29F-539C0D7A2A62}) (Version:  - )
Myst Uru Complete Chronicles (HKLM\...\Myst Uru Complete Chronicles_is1) (Version:  - GOG.com)
Myst V End Of Ages (HKLM\...\Myst V End Of Ages_is1) (Version:  - GOG.com)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Plug-in (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PrintMaster Platinum 18 (HKLM\...\{EBD9A954-6C1A-4E9F-A098-C98653035381}) (Version: 18.00.0000 - Broderbund Software)
PrintMaster Scrapbook Creator (HKLM\...\{4832057A-3216-4E7C-A3A5-F4D9C8ADED32}) (Version:  - ArcSoft)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
realMyst (HKLM\...\realMyst_is1) (Version:  - GOG.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Riven The sequel to Myst (HKLM\...\Riven The sequel to Myst_is1) (Version:  - GOG.com)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Seven Gates (HKLM\...\Seven Gates_is1) (Version: 1.0 - Media Contact LLC)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-1371034432-2163038012-706413920-1001\...\Smilebox) (Version: 1.0.0.26501 - Smilebox, Inc.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spirit of Wandering (HKLM\...\Spirit of Wandering_is1) (Version: 1.0 - Media Contact LLC)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TES Construction Set (HKLM\...\{FF70923C-8A51-47F4-A7E9-893C6D54EB68}) (Version:  - )
The Elder Scrolls I: Arena, ArenaSetup 1.5b (HKLM\...\ArenaSetup_is1) (Version:  - Bethesda Softworks)
The Rise Of Atlantis (HKLM\...\The Rise Of Atlantis_is1) (Version: 1.0 - Media Contact LLC)
The Witch's Green Amulet (HKLM\...\The Witch's Green Amulet_is1) (Version: 1.0 - Media Contact LLC)
TheLostKingdomProphecy (HKLM\...\TheLostKingdomProphecy_is1) (Version: 1.0 - Media Contact LLC)
Tomb Raider: Underworld 1.1 (HKLM\...\Tomb Raider: Underworld) (Version:  - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VideoPlayer v2.0.6 (HKLM\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Version: 4.0.11.2 - WildTangent) Hidden
WildTangent Games App for HP (Version: 4.0.11.2 - WildTangent) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Wizard Land (HKLM\...\Wizard Land_is1) (Version: 1.0 - Media Contact LLC)
Wizard's Spell (HKLM\...\Wizard's Spell_is1) (Version: 1.0 - Media Contact LLC)
Wrye Mash (HKLM\...\Wrye Mash) (Version:  - Wrye)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
Yahoo! Toolbar for Internet Explorer (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1371034432-2163038012-706413920-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll No File

==================== Restore Points  =========================

21-10-2014 18:54:52 Scheduled Checkpoint
24-10-2014 21:08:23 Scheduled Checkpoint
25-10-2014 22:00:25 Scheduled Checkpoint
27-10-2014 07:31:15 Installed Java 7 Update 71
29-10-2014 13:24:32 Scheduled Checkpoint
30-10-2014 12:49:00 Scheduled Checkpoint
31-10-2014 07:54:29 Scheduled Checkpoint
01-11-2014 12:16:05 Scheduled Checkpoint
02-11-2014 13:30:16 Scheduled Checkpoint
03-11-2014 13:42:27 Scheduled Checkpoint
06-11-2014 12:01:42 Scheduled Checkpoint
08-11-2014 03:13:37 Scheduled Checkpoint
09-11-2014 05:00:12 Scheduled Checkpoint
11-11-2014 14:01:13 Scheduled Checkpoint
12-11-2014 08:00:34 Windows Update
13-11-2014 05:41:27 Scheduled Checkpoint
13-11-2014 07:24:36 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
14-11-2014 16:45:25 Scheduled Checkpoint
16-11-2014 18:41:46 Scheduled Checkpoint
18-11-2014 19:53:36 Scheduled Checkpoint
19-11-2014 20:47:32 Scheduled Checkpoint
20-11-2014 08:00:12 Windows Update
23-11-2014 18:19:09 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2013-12-15 00:40 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {178F2B30-EFB7-4F6D-97B4-0C11F977CDA7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1945CBF6-ECF9-4CDC-B414-819CCDD5266E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {276FE2D2-715D-40A8-A2E1-6F07A7E76766} - System32\Tasks\{90BAA44B-4BA9-402D-835F-7B36397CCE3F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {2F657ECE-6CD3-41B2-859F-5BA6D0C6932F} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-11-19] ()
Task: {3279E148-2C0B-4141-A2F3-1DD27FDF5385} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {3C884BE1-EF6E-4E4F-88D0-1D4B3D5EA9E0} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {3CE3DC00-D31C-4BCB-965C-6C5531934D99} - System32\Tasks\{6EF59737-CA91-4052-A8F7-32105262E92E} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {45993267-DE73-4A0F-A51E-B22C7EF5E449} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51B411FE-CA67-4686-9DBE-57663967E7BF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {61433BD8-D017-43B7-96A2-E418E8522521} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {639AFF70-41EA-4A39-9A6D-2A99FADE7CA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {68E7AAAC-C55E-424B-B898-700059F7B506} - System32\Tasks\{5A39075C-AE86-408A-B09E-73D83F284A95} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {68F9C3DA-CCA3-49C9-B573-5728AB305808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7A14C2F4-481A-4E92-96F4-6E57DB227717} - System32\Tasks\{B9185F1B-033F-48F5-9A13-8F9E925294DE} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-15] (Skype Technologies S.A.)
Task: {8D488E2A-7D75-4446-B230-1E9D7DB1CBC2} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-24] (Hewlett-Packard)
Task: {900683B2-6560-4DDF-BC64-35B014A9E11F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {90337BEC-7757-4F1A-8C52-9765DD7D521D} - System32\Tasks\{A85BED8D-1C51-4595-B253-C5E8D21B3091} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A11173C6-3209-46AE-81B3-46D1DB7E93F4} - System32\Tasks\GreatArcadeHits => C:\Users\Owner\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {A2462162-B2E1-4F8B-B7DF-31CD884FA756} - System32\Tasks\At2 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {CF0D677D-D91D-42DB-B993-E13D94DBEB0C} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe <==== ATTENTION
Task: {FADD0E62-C5BE-4454-ABAE-EF79C8597566} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-03 12:32 - 2006-09-03 12:32 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2012-03-23 13:25 - 2012-03-23 13:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-05-21 21:39 - 2002-11-26 12:43 - 00106496 _____ () C:\Windows\system32\BrMuSNMP.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00065536 ____R () C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 20:51 - 2006-12-10 20:51 - 00077824 ____R () C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: WildTangent CDA => "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

========================= Accounts: ==========================

Administrator (S-1-5-21-1371034432-2163038012-706413920-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1371034432-2163038012-706413920-1003 - Limited - Enabled)
Guest (S-1-5-21-1371034432-2163038012-706413920-501 - Limited - Disabled)
IUSR_NMPR (S-1-5-21-1371034432-2163038012-706413920-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
Owner (S-1-5-21-1371034432-2163038012-706413920-1001 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-1371034432-2163038012-706413920-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 11:32:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NircmdB.exe, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00009f5d,
process id 0xd44, application start time 0xNircmdB.exe0.

Error: (11/23/2014 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NIRCMD.exe, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00009f5d,
process id 0x1094, application start time 0xNIRCMD.exe0.

Error: (11/23/2014 01:51:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9251

Error: (11/23/2014 01:51:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9251

Error: (11/23/2014 01:51:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2014 01:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8253

Error: (11/23/2014 01:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8253

Error: (11/23/2014 01:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2014 01:51:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7254

Error: (11/23/2014 01:51:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7254

System errors:
=============
Error: (11/23/2014 02:04:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/23/2014 02:04:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (11/23/2014 02:03:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (11/23/2014 02:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ProtexisLicensing%%1053

Error: (11/23/2014 02:03:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000ProtexisLicensing

Error: (11/23/2014 02:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/23/2014 02:02:00 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Broderbund PDF Creator with shared resource name Broderbund PDF Creator. Error 2114. The printer cannot be used by others on the network.

Error: (11/23/2014 02:02:00 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Brother HL-2140 series with shared resource name Brother HL-2140 series. Error 2114. The printer cannot be used by others on the network.

Error: (11/23/2014 02:01:59 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Brother MFC-6490CW Printer with shared resource name Brother MFC-6490CW Printer. Error 2114. The printer cannot be used by others on the network.

Error: (11/23/2014 02:01:59 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Brother PC-FAX v.2 with shared resource name Brother PC-FAX v.2. Error 2114. The printer cannot be used by others on the network.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-19 09:38:47.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:46.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:46.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:46.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:46.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:46.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:45.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:45.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:45.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-19 09:38:45.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3581.57 MB
Available physical RAM: 2182.72 MB
Total Pagefile: 7368.14 MB
Available Pagefile: 6108.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.46 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:458.31 GB) (Free:283.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.45 GB) (Free:0.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=458.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
More than one way to skin a cat :)

Hi you will need to fully uninstall Chrome as it has been changed to developer build. This means there are no security restrictions on it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {F1B7CDF3-6949-4C6B-90B6-A5C93B35D08A} URL =
2014-11-23 14:01 - 2013-08-24 20:33 - 00000284 _____ () C:\Windows\Tasks\pcreg.job
CustomCLSID: HKU\S-1-5-21-1371034432-2163038012-706413920-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll No File
Task: {3279E148-2C0B-4141-A2F3-1DD27FDF5385} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {3C884BE1-EF6E-4E4F-88D0-1D4B3D5EA9E0} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {A11173C6-3209-46AE-81B3-46D1DB7E93F4} - System32\Tasks\GreatArcadeHits => C:\Users\Owner\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {A2462162-B2E1-4F8B-B7DF-31CD884FA756} - System32\Tasks\At2 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {CF0D677D-D91D-42DB-B993-E13D94DBEB0C} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe <==== ATTENTION
c:\Program Files\wrapper_inst
C:\Users\Owner\AppData\Local\GreatArcadeHits
C:\Program Files\PC Registry Shield
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#25
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, Chrome is removed by Windows add and remove

Run FRST with fix-----OK

Run AdwCleaner --scan then clean---OK

Run FSS---OK

After running Windows All In One Repair I couldn't use the printer----no comunication---Fixed

 

Thank you for being paient with me and with the quick response---This had me ready to pull what little hair I have left out!

 

Logs to follow

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Owner at 2014-11-23 16:20:17 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: IUSR_NMPR & Owner & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371034432-2163038012-706413920-1001 -> {F1B7CDF3-6949-4C6B-90B6-A5C93B35D08A} URL =
2014-11-23 14:01 - 2013-08-24 20:33 - 00000284 _____ () C:\Windows\Tasks\pcreg.job
CustomCLSID: HKU\S-1-5-21-1371034432-2163038012-706413920-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll No File
Task: {3279E148-2C0B-4141-A2F3-1DD27FDF5385} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {3C884BE1-EF6E-4E4F-88D0-1D4B3D5EA9E0} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {A11173C6-3209-46AE-81B3-46D1DB7E93F4} - System32\Tasks\GreatArcadeHits => C:\Users\Owner\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {A2462162-B2E1-4F8B-B7DF-31CD884FA756} - System32\Tasks\At2 => c:\Program Files\wrapper_inst\service.exe <==== ATTENTION
Task: {CF0D677D-D91D-42DB-B993-E13D94DBEB0C} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe <==== ATTENTION
c:\Program Files\wrapper_inst
C:\Users\Owner\AppData\Local\GreatArcadeHits
C:\Program Files\PC Registry Shield
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-1371034432-2163038012-706413920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F1B7CDF3-6949-4C6B-90B6-A5C93B35D08A}" => Key deleted successfully.
"HKCR\CLSID\{F1B7CDF3-6949-4C6B-90B6-A5C93B35D08A}" => Key not found.
C:\Windows\Tasks\pcreg.job => Moved successfully.
"HKU\S-1-5-21-1371034432-2163038012-706413920-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3279E148-2C0B-4141-A2F3-1DD27FDF5385}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3279E148-2C0B-4141-A2F3-1DD27FDF5385}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C884BE1-EF6E-4E4F-88D0-1D4B3D5EA9E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C884BE1-EF6E-4E4F-88D0-1D4B3D5EA9E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A11173C6-3209-46AE-81B3-46D1DB7E93F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A11173C6-3209-46AE-81B3-46D1DB7E93F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\GreatArcadeHits => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2462162-B2E1-4F8B-B7DF-31CD884FA756}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2462162-B2E1-4F8B-B7DF-31CD884FA756}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF0D677D-D91D-42DB-B993-E13D94DBEB0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF0D677D-D91D-42DB-B993-E13D94DBEB0C}" => Key deleted successfully.
C:\Windows\System32\Tasks\PcRegistryShield_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PcRegistryShield_Start" => Key deleted successfully.
c:\Program Files\wrapper_inst => Moved successfully.
"C:\Users\Owner\AppData\Local\GreatArcadeHits" => File/Directory not found.
C:\Program Files\PC Registry Shield => Moved successfully.
C:\Windows\Tasks\pcreg.job not found.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Reseting Echo Request, OK!
Reseting Interface, OK!
A reboot is required to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2602:306:247d:439:dd92:62c4:fa04:307
   Temporary IPv6 Address. . . . . . : 2602:306:247d:439:e483:b011:9016:27a2
   Link-local IPv6 Address . . . . . : fe80::dd92:62c4:fa04:307%8
   Default Gateway . . . . . . . . . : fe80::7644:1ff:fe0a:72e7%8

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3836:32b3:3f57:fea1
   Link-local IPv6 Address . . . . . : fe80::3836:32b3:3f57:fea1%10
   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2602:306:247d:439:dd92:62c4:fa04:307
   Temporary IPv6 Address. . . . . . : 2602:306:247d:439:e483:b011:9016:27a2
   Link-local IPv6 Address . . . . . : fe80::dd92:62c4:fa04:307%8
   IPv4 Address. . . . . . . . . . . : 192.168.1.94
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::7644:1ff:fe0a:72e7%8
                                       192.168.1.254

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3836:32b3:3f57:fea1
   Link-local IPv6 Address . . . . . : fe80::3836:32b3:3f57:fea1%10
   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 194.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

# AdwCleaner v4.101 - Report created 23/11/2014 at 16:53:55
# Updated 09/11/2014 by Xplode
# Database : 2014-11-23.7 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Uninstaller

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.2

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

*************************

AdwCleaner[R0].txt - [2288 octets] - [23/11/2014 16:45:26]
AdwCleaner[R1].txt - [2348 octets] - [23/11/2014 16:50:16]
AdwCleaner[S0].txt - [2273 octets] - [23/11/2014 16:53:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2333 octets] ##########

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 23-11-2014 at 17:02:02
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now, are you getting any errors or weird occurrences ?

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark is not placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quarantine All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#27
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

The computer is doing alot better, still has intermitent lock ups tho not as bad or as long. When i tried to copy the MBAM log to the clipboard nothing happened, so i did it the same way i posted other logs. The lock ups seem to happen about every hour.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/24/2014
Scan Time: 1:07:12 PM
Logfile: MBAM -Last Scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.24.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390498
Time Elapsed: 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.AppBario.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0cc09160-108c-4759-bab1-5c12c216e005}, Quarantined, [0295053ad3a9c2740c34566c3bc7c23e],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [425562dd7309cf67dc612e9735cdd12f],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [12853f00d2aa7cba201dcdf87e84ef11],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [cec9013e5824f442d1a0d369bc479b65],
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [f7a0d6694537ec4a2d904a22b74c738d],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyFunCards_5m, Quarantined, [2e6960df90ec01351876db8414ef0000],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [3562b28d5e1e46f08788b08d38cbd12f],
PUP.Optional.ScorpionSaver.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ScorpionSaver, Quarantined, [fe990d32d4a8ab8b526c551744bfe21e],
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [90075fe06913bc7aaf0ed19b16ed48b8],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [8e0964db4d2f8bab87ea023a6e958f71],
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [22754ff0cbb1112507b6f27a8c777888],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyFunCards_5m, Quarantined, [20774bf488f4c373bdd1dc8327dccd33],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [098e2e11aad251e5f81753eaaf541de3],
PUP.Optional.ScorpionSaver.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ScorpionSaver, Quarantined, [e2b5f74895e747ef5866cba121e2eb15],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [b5e2f54a1b61f046591868d47e854bb5],
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [9ff86ed184f870c66c514626966dcf31],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyFunCards_5m, Quarantined, [99fe87b8344889ad2b63c8972dd6cc34],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [d3c4cd72423a9a9cf21d48f563a024dc],
PUP.Optional.ScorpionSaver.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ScorpionSaver, Quarantined, [920589b6a5d759dd28968edefb0840c0],

Registry Values: 1
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-1371034432-2163038012-706413920-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49}, C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\, Quarantined, [8b0c300f2b5179bd3638178c0ff530d0]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.ClientConnect, C:\Program Files\PC-Doctor 5 for Windows\IPC.dll, Quarantined, [c3d4112ea9d3d95d0db28f36ab594db3],
PUP.Optional.Adpeak, C:\temp\InstallServices32.msi, Quarantined, [4e490d3288f4bb7bddf0ac1f35cfe51b],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Part of that may be that you have a lot of non-essential programmes running at start up

Lets turn them off temporarily and see if that helps :)

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK. If any are related to your antivirus (Norton) then replace the tick
6.When you are prompted, click Restart.

Let me know how it is behaving then
  • 0

#29
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Ok, after setting the selective startup the computer seems more responsive and boot time is quicker but, we still have intermitent lock ups on the internet. When i shift from full screen to normal screen seems to be when it happens most. Its almost like something is hogging the bandwidth or the resorces. I thought it might be Norton Antivirus as it updates every hour, but when i checked it wasn't updating. Other than that its looking good.


Edited by Falcor2, 25 November 2014 - 06:47 AM.

  • 0

#30
Falcor2

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Ok, i just got a message that the Internet Explorer was not responding  when i had a lock up.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP