Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

OTL not responding [Closed]

Started by krzybtchkris , Nov 24 2014 11:09 AM

This topic is locked

#1
krzybtchkris

Posted 24 November 2014 - 11:09 AM

Member

Member
14 posts

Hi, I'm trying to run OTL, as the Virus forum says. Starts to scan, then hits Foxfire & stops responding. Have everything closed, not sure what to do, tried 2 times

#2
Essexboy

Posted 24 November 2014 - 11:18 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi, this may be due to either a corrupted firefox profile or a long malware sequence in the registry

In which case use this scanner instead. What sort of problems are you experiencing ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please post both logs generated.

#3
krzybtchkris

Posted 24 November 2014 - 11:30 AM

Member

Topic Starter
Member
14 posts

Started a week or so ago, slow internet, hangups ect... Yesteray wireless printer quit scanning. Uninstalled, reinstaled, all the normal stuff with no help. Started digging through system logs & found

Event xmlns="http://schemas.micro.../events/event">
- <System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-11-24T00:37:19.824420800Z" />
<EventRecordID>121538</EventRecordID>
<Correlation />
<Execution ProcessID="580" ThreadID="6068" />
<Channel>System</Channel>
<Computer>KrzyBtchKris</Computer>
<Security />
</System>
- <EventData>
<Data Name="param1">Application Experience</Data>
- <EventData> <Data Name="param2">stopped</Data><Binary>410065004C006F006F006B00750070005300760063002F0031000000</Binary>
</EventData>
</Event>

Did a search for the binary to see what it was & found I'm not alone, and found you guys. Tried to run the fsc scan yesterday & cant open Eplorer folders now.... Dont know why I try to fix thing myself.. lol Thanks!

#4
krzybtchkris

Posted 24 November 2014 - 11:44 AM

Member

Topic Starter
Member
14 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Kildare (administrator) on KRZYBTCHKRIS on 24-11-2014 12:35:35
Running from C:\Users\Kildare\Desktop
Loaded Profile: Kildare (Available profiles: Kildare & Kris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(FixBee., (www.fixbee.com)) C:\Program Files (x86)\FixBee\FBDefragSrv64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP ENVY 4500 series\bin\HPScan.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP ENVY 4500 series\bin\HPScan.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
() C:\Program Files (x86)\Design&Print\DesktopDPO.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\MountPoints2: {7038939e-cfb6-11e3-b6f9-984be1a7a736} - H:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-20] (Microsoft Corporation)
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hulu.com/
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
URLSearchHook: HKU\S-1-5-21-3062192331-469696382-193695978-1001 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL = http://www.ask.com/w...}&l=dis&o=uscql
SearchScopes: HKLM -> {F708717D-117C-4A3F-854C-CEADF5034489} URL = http://search.yahoo....psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=11-09-2012
SearchScopes: HKLM-x32 -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL = http://www.ask.com/w...}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> {F708717D-117C-4A3F-854C-CEADF5034489} URL = http://search.yahoo....psg&type=CPNTDF
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> BrowserMngrDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> bProtectorDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {24D50705-AA97-42AF-80AB-526F28384EE6} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B3CEE476-10FB-4D73-8053-AACD38FB5A4D}&mid=aeb45e25d98447d09c094902a7434ec5-ae0b1051610e3bddc3bd2bfefc7da73bd81c291e&lang=en&ds=AVG&pr=fr&d=2012-08-16 13:33:48&v=11.0.0.10&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {F708717D-117C-4A3F-854C-CEADF5034489} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default
FF DefaultSearchUrl: hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amonetizetest1-ff&s_qt=sb&tb_uuid=20120911225636977&tb_oid=11-09-2012&tb_mrud=19-05-2013
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\Extensions\[email protected] [2012-09-11]
FF Extension: Google Translator for Firefox - C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\Extensions\[email protected] [2014-11-15]
FF Extension: Print/Print Preview - C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-01-16]
FF Extension: Image Zoom - C:\Users\Kildare\AppData\Roaming\Mozilla\Firefox\Profiles\4olerk1j.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-10]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx []
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FBDiskOptimizer; C:\Program Files (x86)\FixBee\FBDefragSrv64.exe [630584 2011-08-11] (FixBee., (www.fixbee.com))
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X]
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
S2 Update snipsmart; "C:\Program Files (x86)\snipsmart\updatesnipsmart.exe" [X]
S2 Util snipsmart; "C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 {4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64; C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys [48784 2014-10-28] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 12:35 - 2014-11-24 12:36 - 00020642 _____ () C:\Users\Kildare\Desktop\FRST.txt
2014-11-24 12:34 - 2014-11-24 12:35 - 00000000 ____D () C:\FRST
2014-11-24 12:30 - 2014-11-24 12:30 - 02118144 _____ (Farbar) C:\Users\Kildare\Desktop\FRST64.exe
2014-11-24 11:06 - 2014-11-24 11:06 - 00602112 _____ (OldTimer Tools) C:\Users\Kildare\Desktop\OTL.exe
2014-11-23 20:30 - 2014-11-23 20:30 - 00854414 _____ () C:\Users\Kildare\Desktop\SecurityCheck.exe
2014-11-23 12:19 - 2014-11-23 12:23 - 00000000 ____D () C:\Users\Kildare\Documents\MOVED EBAY ITEMS
2014-11-23 06:38 - 2014-11-23 06:39 - 05152768 _____ () C:\Users\Kildare\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-11-20 09:01 - 2014-11-24 11:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 09:01 - 2014-11-20 09:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-19 07:06 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:06 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:06 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:06 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 20:28 - 2014-11-13 20:42 - 00000270 _____ () C:\Users\Kildare\Desktop\ModemConnectionSummary.txt
2014-11-13 19:14 - 2014-11-13 19:14 - 00000000 ____D () C:\Users\Kildare\AppData\Local\GlassWire
2014-11-13 18:49 - 2014-11-13 18:49 - 00000000 ____D () C:\ProgramData\GlassWire
2014-11-13 18:07 - 2014-11-13 18:11 - 16338360 _____ (SecureMix LLC) C:\Users\Kildare\Downloads\GlassWireSetup.exe
2014-11-13 13:48 - 2014-11-13 13:48 - 00000000 ____D () C:\Users\Kildare\Downloads\ResultReport_files
2014-11-13 13:44 - 2014-11-13 13:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Kildare\Downloads\MicrosoftFixit.Performance.FISC.4233933037440760.9.2.Run.exe
2014-11-13 13:38 - 2014-11-13 13:38 - 00347816 _____ (Microsoft Corporation) C:\Users\Kildare\Downloads\MicrosoftFixit.WinSecurity.FISC.4233933037440760.9.1.Run.exe
2014-11-13 02:08 - 2014-11-13 02:08 - 01068561 _____ () C:\Users\Kildare\Downloads\My eBay Purchase History3.htm
2014-11-12 05:15 - 2014-11-12 05:15 - 00000000 _____ () C:\Windows\SysWOW64\shoB4B2.tmp
2014-11-11 21:51 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:51 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:51 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:51 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:51 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:51 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:51 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:51 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:51 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:51 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:51 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:51 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:51 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:50 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:50 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:50 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:50 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:50 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:50 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:50 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:50 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:50 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:50 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:50 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:50 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:50 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:50 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:50 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:50 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:50 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:50 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:50 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:49 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:49 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:49 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:49 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:49 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:49 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:49 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:49 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:49 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:49 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:49 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:49 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:49 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:49 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:49 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:48 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:48 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:48 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:48 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:48 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:48 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:48 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:48 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:48 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:37 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:37 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:37 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:36 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:36 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:36 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:36 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:36 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:36 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:36 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:36 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:36 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:33 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:33 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:33 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:33 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:32 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:32 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:32 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:32 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:32 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:32 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:32 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:32 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:31 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:31 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 21:29 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:29 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:29 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:29 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:29 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:28 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:28 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\Users\Kildare\AppData\Roaming\FireShot
2014-11-10 10:19 - 2014-11-10 10:20 - 00000000 ___RD () C:\Users\Kildare\Desktop\New Briefcase
2014-11-10 07:49 - 2014-11-10 07:49 - 00855531 _____ () C:\Users\Kildare\Downloads\TCP_UDP Port Number List.htm
2014-11-02 22:37 - 2014-11-02 22:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Kildare\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 22:22 - 2014-11-02 22:22 - 00142264 _____ () C:\Users\Kildare\Downloads\UWT.zip
2014-11-02 18:14 - 2014-11-02 18:14 - 00025668 _____ () C:\Users\Kildare\Desktop\saved_backup_encrypted.cfg
2014-11-02 18:13 - 2014-11-02 18:13 - 00025668 _____ () C:\Users\Kildare\Downloads\saved_backup_encrypted.cfg
2014-10-28 14:23 - 2014-10-28 06:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
2014-10-28 13:18 - 2014-10-28 22:54 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-10-28 10:57 - 2014-10-28 10:57 - 00000328 _____ () C:\Users\Kildare\Desktop\HP Printer Diagnostic Tools.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 09:08 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 09:08 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 09:06 - 2012-08-05 00:37 - 02057207 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 19:37 - 2012-08-04 23:23 - 00093544 _____ () C:\Users\Kildare\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 17:13 - 2014-04-01 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-11-23 12:21 - 2014-03-09 22:13 - 00000000 ____D () C:\Users\Kildare\Documents\Wiccan Herb & Oil Lists
2014-11-23 12:20 - 2014-03-20 06:09 - 00000000 ___RD () C:\Users\Kildare\Documents\HP Photo Creations
2014-11-23 12:18 - 2014-07-10 13:32 - 00000000 ____D () C:\Users\Kildare\Downloads\Schoo
2014-11-23 09:27 - 2014-08-07 11:53 - 00002320 _____ () C:\Windows\setupact.log
2014-11-23 07:35 - 2012-08-14 13:44 - 00000000 ____D () C:\Users\Kildare\AppData\Roaming\SoftGrid Client
2014-11-22 06:22 - 2014-10-03 16:12 - 699004928 _____ () C:\Users\Kildare\Desktop\OfficeProfessionalPlus_x86_en-us.img
2014-11-21 14:51 - 2014-10-24 13:48 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKildare
2014-11-21 14:51 - 2014-10-24 13:48 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForKildare.job
2014-11-21 14:45 - 2013-06-07 13:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-21 14:45 - 2012-08-10 18:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-20 09:51 - 2012-08-13 10:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 09:51 - 2012-08-13 10:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 03:28 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 03:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 03:23 - 2009-07-13 23:45 - 00349112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 18:19 - 2014-09-02 08:46 - 00000000 ____D () C:\Users\Kildare\AppData\Local\Adobe
2014-11-13 12:54 - 2012-08-06 12:56 - 00000000 ____D () C:\Users\Kildare\Incomplete
2014-11-13 12:54 - 2012-08-06 12:55 - 00000000 ____D () C:\Users\Kildare\AppData\Roaming\MP3Rocket
2014-11-12 06:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 05:16 - 2014-04-03 12:06 - 00017406 _____ () C:\Windows\PFRO.log
2014-11-12 05:16 - 2012-08-16 03:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 05:14 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 04:09 - 2013-08-30 02:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:27 - 2013-06-15 19:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 00:51 - 2014-04-06 14:23 - 00007623 _____ () C:\Users\Kildare\AppData\Local\resmon.resmoncfg
2014-11-12 00:05 - 2013-12-10 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-03 19:30 - 2012-08-07 01:34 - 00000000 __RSD () C:\Users\Kildare\Documents\My Stationery
2014-11-02 23:01 - 2014-01-17 01:19 - 00000000 ____D () C:\Users\Kildare\AppData\Roaming\HpUpdate
2014-11-02 22:52 - 2014-03-19 16:20 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-11-02 22:15 - 2014-09-18 07:54 - 00000991 _____ () C:\Users\Kildare\Desktop\PhotoScape.lnk
2014-11-02 21:53 - 2014-04-03 10:48 - 00000000 ____D () C:\Users\Kildare\Downloads\Registry Files
2014-11-02 21:25 - 2014-01-28 09:05 - 00003154 _____ () C:\Windows\System32\Tasks\{B12826D8-5876-4144-8CC9-FA4E3714E9C2}
2014-11-02 21:08 - 2013-08-29 16:07 - 00014286 _____ () C:\ProgramData\hpzinstall.log
2014-11-02 18:36 - 2014-04-03 09:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 06:25 - 2012-08-04 22:58 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 00:03 - 2014-04-23 10:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-29 03:12 - 2014-06-02 18:52 - 00000000 ____D () C:\Users\Kildare\Documents\Originals
2014-10-28 14:23 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-20 03:52

==================== End Of Log ============================

#5
Essexboy

Posted 24 November 2014 - 11:54 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets get at it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-3062192331-469696382-193695978-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
URLSearchHook: HKU\S-1-5-21-3062192331-469696382-193695978-1001 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> BrowserMngrDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> bProtectorDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {24D50705-AA97-42AF-80AB-526F28384EE6} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {F708717D-117C-4A3F-854C-CEADF5034489} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx []
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X]
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
S2 Update snipsmart; "C:\Program Files (x86)\snipsmart\updatesnipsmart.exe" [X]
S2 Util snipsmart; "C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe" [X]
R1 {4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64; C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys [48784 2014-10-28] (StdLib)
2014-11-12 05:15 - 2014-11-12 05:15 - 00000000 _____ () C:\Windows\SysWOW64\shoB4B2.tmp
2014-10-28 14:23 - 2014-10-28 06:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
2014-10-28 13:18 - 2014-10-28 22:54 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-11-02 21:25 - 2014-01-28 09:05 - 00003154 _____ () C:\Windows\System32\Tasks\{B12826D8-5876-4144-8CC9-FA4E3714E9C2}
C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\Movies Toolbar
C:\ProgramData\Browser Manager
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and run farbar service scanner

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#6
krzybtchkris

Posted 24 November 2014 - 12:30 PM

Member

Topic Starter
Member
14 posts

There is also an :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Kildare at 2014-11-24 12:36:45
Running from C:\Users\Kildare\Desktop
Boot Mode: Normal

Let me know if you need that also.

#7
Essexboy

Posted 24 November 2014 - 12:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please that would be handy

#8
krzybtchkris

Posted 24 November 2014 - 12:57 PM

Member

Topic Starter
Member
14 posts

ok, here is the additional.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Kildare at 2014-11-24 12:36:45
Running from C:\Users\Kildare\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DJ_AIO_05_F4400_Software_Min (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FixBee Disk Optimizer (HKLM-x32\...\{CA16B670-D9BD-4051-882A-B5AB057F7128}_is1) (Version: - FixBee)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Deskjet F4400 All-In-One Driver 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Label Designer Plus DELUXE 11 (HKLM-x32\...\LDPD11_is1) (Version: - CAM Development)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 6.4.2 - MP3 TechSupport Inc)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Strongvault Online Backup (HKLM-x32\...\{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}) (Version: 1.0.1.0 - Strongvault) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kildare\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kildare\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kildare\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kildare\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kildare\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3062192331-469696382-193695978-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> No File Path

==================== Restore Points =========================

31-10-2014 04:09:11 Windows Update
03-11-2014 13:15:53 HPSF Restore Point
04-11-2014 04:39:36 Windows Update
07-11-2014 04:50:09 Windows Update
10-11-2014 05:16:40 Windows Update
12-11-2014 08:13:05 Windows Modules Installer
13-11-2014 11:03:22 Windows Update
17-11-2014 10:29:24 Windows Update
20-11-2014 08:00:36 Windows Update
23-11-2014 08:44:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02F231F7-91ED-4BED-A68A-989BDB09ACD2} - System32\Tasks\{FBEAAC08-47C7-45D7-B53C-B0953FD8E5A1} => C:\Users\Kildare\Downloads\microsoft-office.exe [2014-10-03] ()
Task: {122598D6-F9F1-4080-BAA9-5BAE4ACCFEBF} - System32\Tasks\{8C8F11D8-1D01-4832-9FE7-09C46BD81D59} => C:\Users\Kildare\Downloads\hppc-hpcom.12992.exe
Task: {148673F0-FE5E-443B-9C27-91215A7DAC99} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1512DABC-5F1A-40FC-B61A-B4387BB60506} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1F6C4629-0FF6-409D-A758-0253ADDFF26B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {37E33E9F-8BAE-4AF9-8015-6F563A643714} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {392DECAE-B996-43E4-8641-992B31B02873} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {396A81E4-FCC5-4926-B2C0-FC32D2BCC464} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-11-11] (Microsoft)
Task: {4085DDD7-50CD-4FA2-9BC2-56AE817E4463} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {424491BA-9FD7-4BC4-BFB8-6FFED911899C} - System32\Tasks\{9D115445-7265-4B36-9190-2617071D22B9} => C:\Users\Kildare\Downloads\WiccaScript_downloader-ekAZppDp.exe
Task: {42AA36C4-C8F1-412A-AC16-31144CA434FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3982MCTT => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {456B8523-411C-48AC-9ACC-B18BD44376C4} - System32\Tasks\{DF7047D1-1064-498E-8FF4-3A875A30BFF1} => E:\Setup.exe
Task: {4655DBB4-4007-4521-88F9-8C4F4CFFE520} - System32\Tasks\HP AR Program Upload - 1c77a92887514e29917342547a86becd21cd5edfc691411eb73806f11ba9a388 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {4A394F92-3271-41C0-A584-CC93D963DC13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {51319B3A-A5B7-48F0-BFF1-015537DE67BA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {59887D52-EC62-4F6C-9A22-192A404FD6A8} - System32\Tasks\{B87FF92F-7B77-4C9B-B8B2-3B70B55550DA} => C:\Users\Kildare\Downloads\hppc-hpcom.12992.exe
Task: {6EF7A796-4D25-44EF-8564-CDFEDFE15755} - System32\Tasks\HP AR Program Upload - 5e1abf2aa888433da5aa4eefc1a8a5301567b03ac09b489386bea64babe03b4b => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {717D377A-CEA0-4DDC-83CE-D2D3BDAD1252} - System32\Tasks\ScanToPCActivationApp.exe_{77FC6E3F-BF23-4DBC-BC63-724ED555B927} => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {75DFCB7A-9067-4D38-AEB0-FC608FF627B7} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {818B868D-26FA-4CE3-A1F5-119B6F7E69A0} - System32\Tasks\{7A971B5C-49E4-4957-BF84-64057E94200D} => C:\Users\Kildare\Downloads\microsoft-office.exe [2014-10-03] ()
Task: {90FBE2CA-F728-464F-ABFF-999E3765DAD0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9AA49ABF-B260-491A-95C0-531EE8D5A29D} - System32\Tasks\HP AR Program Upload - 7e2516509ef645bf9e48241ae0ee4906dd2bbe8757774421a6e12aed4a7a64d4 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {A48347FE-F611-4B77-AC5E-87D1CC61A67A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {A6C4FD80-4C02-47DB-9612-49D183FD321F} - System32\Tasks\ScanToPCActivationApp.exe_{3B1EB73A-F698-49D2-9751-137E587D808D} => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {B3EF570F-3CD0-460A-A986-F29D1AB11E8F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BC22384A-2464-416F-8839-7B149E8B3294} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C1E0E99D-BB1C-466B-A195-47BC4D24ACA2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {C39020AA-A89C-4228-B191-BD5426690FD0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C619B837-C1B2-409C-818C-8FFB8745F584} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C896BAD0-791F-417C-9A3D-C39689BB5320} - System32\Tasks\HPCeeScheduleForKildare => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CF8E0B36-EDE0-4DFC-BFC1-C0E0D212C6F4} - System32\Tasks\{A9DABB7D-D288-40D1-8C80-CE766127B340} => C:\Users\Kildare\Downloads\hppc-hpcom.12992.exe
Task: {CFCF91D2-E018-4577-9F4E-697A07F59F1D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {D38005ED-9576-4EE7-9239-B3B124BED255} - System32\Tasks\{C78BF4EF-0826-4853-9D4E-9E761FAE1EDC} => C:\Users\Kildare\Downloads\microsoft-office.exe [2014-10-03] ()
Task: {DA31A99A-2B7D-4630-9EED-88AE21718B5B} - System32\Tasks\Toolbox.exe_{C8EA738B-E034-4D79-829B-9613055106DE} => C:\Program Files\HP\HP ENVY 4500 series\Bin\Toolbox.exe [2014-03-06] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKildare.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-06-11 23:55 - 2014-04-30 11:01 - 00131584 _____ () C:\Program Files (x86)\Design&Print\DesktopDPO.exe
2013-12-10 13:02 - 2014-11-12 00:05 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe => C:\Windows\pss\StrongVaultApp.exe.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe.lnk => C:\Windows\pss\StrongVaultApp.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

========================= Accounts: ==========================

Administrator (S-1-5-21-3062192331-469696382-193695978-500 - Administrator - Disabled)
Guest (S-1-5-21-3062192331-469696382-193695978-501 - Limited - Disabled)
Kildare (S-1-5-21-3062192331-469696382-193695978-1001 - Administrator - Enabled) => C:\Users\Kildare
Kris (S-1-5-21-3062192331-469696382-193695978-1004 - Limited - Enabled) => C:\Users\Kris

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 00:10:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17c4

Start Time: 01d0080832742794

Termination Time: 83

Application Path: C:\Users\Kildare\Desktop\OTL.exe

Report Id: dadf67bf-73fb-11e4-a90c-984be1a7a736

Error: (11/24/2014 00:00:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ac

Start Time: 01d00800f93a34a5

Termination Time: 374

Application Path: C:\Users\Kildare\Desktop\OTL.exe

Report Id: 3cbfa780-73fb-11e4-a90c-984be1a7a736

Error: (11/23/2014 07:27:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPDiagnosticCoreUI.exe version 4.5.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b5c

Start Time: 01d00779d7630a9b

Termination Time: 0

Application Path: C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Report Id:

Error: (11/23/2014 07:01:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPDiagnosticCoreUI.exe version 4.5.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12f0

Start Time: 01d007797b0b6d52

Termination Time: 0

Application Path: C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Report Id:

Error: (11/23/2014 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/23/2014 06:59:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPDiagnosticCoreUI.exe version 4.5.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e78

Start Time: 01d007793605132a

Termination Time: 0

Application Path: C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Report Id:

Error: (11/23/2014 06:57:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPDiagnosticCoreUI.exe version 4.5.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1334

Start Time: 01d0076ab74f6eea

Termination Time: 0

Application Path: C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Report Id:

Error: (11/23/2014 05:11:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c5c

Start Time: 01d004c9e14fd97e

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 9b86f261-735d-11e4-a90c-984be1a7a736

Error: (11/23/2014 03:57:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORDC.EXE, version: 14.0.7125.5000, time stamp: 0x537453a9
Faulting module name: wwlibc.dll, version: 14.0.7125.5000, time stamp: 0x537453c2
Exception code: 0xc0000005
Fault offset: 0x0022ec8c
Faulting process id: 0xffc
Faulting application start time: 0xWINWORDC.EXE0
Faulting application path: WINWORDC.EXE1
Faulting module path: WINWORDC.EXE2
Report Id: WINWORDC.EXE3

Error: (11/23/2014 04:19:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GlassWireSetup.exe version 1.0.30.804 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1548

Start Time: 01d006fd0698fc78

Termination Time: 28

Application Path: C:\Users\Kildare\Downloads\GlassWireSetup.exe

Report Id: e9c32447-72f0-11e4-a90c-984be1a7a736

System errors:
=============
Error: (11/20/2014 03:23:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util snipsmart service failed to start due to the following error:
%%2

Error: (11/20/2014 03:23:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update snipsmart service failed to start due to the following error:
%%2

Error: (11/20/2014 03:23:22 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (11/20/2014 03:23:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Datamngr Coordinator service failed to start due to the following error:
%%2

Error: (11/20/2014 03:23:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser Manager service failed to start due to the following error:
%%2

Error: (11/12/2014 05:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util snipsmart service failed to start due to the following error:
%%2

Error: (11/12/2014 05:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update snipsmart service failed to start due to the following error:
%%2

Error: (11/12/2014 05:17:29 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (11/12/2014 05:17:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Datamngr Coordinator service failed to start due to the following error:
%%2

Error: (11/12/2014 05:17:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser Manager service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (11/24/2014 00:10:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.017c401d008083274279483C:\Users\Kildare\Desktop\OTL.exedadf67bf-73fb-11e4-a90c-984be1a7a736

Error: (11/24/2014 00:00:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.01ac01d00800f93a34a5374C:\Users\Kildare\Desktop\OTL.exe3cbfa780-73fb-11e4-a90c-984be1a7a736

Error: (11/23/2014 07:27:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPDiagnosticCoreUI.exe4.5.0.23b5c01d00779d7630a9b0C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Error: (11/23/2014 07:01:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPDiagnosticCoreUI.exe4.5.0.2312f001d007797b0b6d520C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Error: (11/23/2014 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/23/2014 06:59:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPDiagnosticCoreUI.exe4.5.0.23e7801d007793605132a0C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Error: (11/23/2014 06:57:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPDiagnosticCoreUI.exe4.5.0.23133401d0076ab74f6eea0C:\Users\Kildare\AppData\Local\Temp\7zS773C\HPDiagnosticCoreUI.exe

Error: (11/23/2014 05:11:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567c5c01d004c9e14fd97e0C:\Windows\Explorer.EXE9b86f261-735d-11e4-a90c-984be1a7a736

Error: (11/23/2014 03:57:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORDC.EXE14.0.7125.5000537453a9wwlibc.dll14.0.7125.5000537453c2c00000050022ec8cffc01d0073930cc3e24Q:\140066.enu\Office14\WINWORDC.EXEQ:\140066.enu\Office14\wwlibc.dll4e30ead6-7353-11e4-a90c-984be1a7a736

Error: (11/23/2014 04:19:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: GlassWireSetup.exe1.0.30.804154801d006fd0698fc7828C:\Users\Kildare\Downloads\GlassWireSetup.exee9c32447-72f0-11e4-a90c-984be1a7a736

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 52%
Total physical RAM: 3002.92 MB
Available physical RAM: 1424.1 MB
Total Pagefile: 6004.02 MB
Available Pagefile: 3901.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.56 GB) (Free:225.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.24 GB) (Free:0.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D22DE2B2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

working on the rest.

#9
krzybtchkris

Posted 24 November 2014 - 01:03 PM

Member

Topic Starter
Member
14 posts

and here is fixlist.txt :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Kildare at 2014-11-24 13:39:04 Run:1
Running from C:\Users\Kildare\Desktop
Loaded Profile: Kildare (Available profiles: Kildare & Kris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3062192331-469696382-193695978-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
URLSearchHook: HKU\S-1-5-21-3062192331-469696382-193695978-1001 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> BrowserMngrDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> bProtectorDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {24D50705-AA97-42AF-80AB-526F28384EE6} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {F708717D-117C-4A3F-854C-CEADF5034489} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx []
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X]
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
S2 Update snipsmart; "C:\Program Files (x86)\snipsmart\updatesnipsmart.exe" [X]
S2 Util snipsmart; "C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe" [X]
R1 {4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64; C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys [48784 2014-10-28] (StdLib)
2014-11-12 05:15 - 2014-11-12 05:15 - 00000000 _____ () C:\Windows\SysWOW64\shoB4B2.tmp
2014-10-28 14:23 - 2014-10-28 06:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
2014-10-28 13:18 - 2014-10-28 22:54 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-11-02 21:25 - 2014-01-28 09:05 - 00003154 _____ () C:\Windows\System32\Tasks\{B12826D8-5876-4144-8CC9-FA4E3714E9C2}
C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\Movies Toolbar
C:\ProgramData\Browser Manager
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

"HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"c:\progra~2\movies~1\datamngr\x64\mgrldr.dll" => Value Data removed successfully.
"c:\progra~2\movies~1\datamngr\mgrldr.dll" => Value Data removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
"HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key not found.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\BrowserMngrDefaultScope => value deleted successfully.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24D50705-AA97-42AF-80AB-526F28384EE6}" => Key deleted successfully.
"HKCR\CLSID\{24D50705-AA97-42AF-80AB-526F28384EE6}" => Key not found.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
"HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key not found.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C68102C-2C49-4F1C-92DE-1C8E84B583AC}" => Key deleted successfully.
"HKCR\CLSID\{4C68102C-2C49-4F1C-92DE-1C8E84B583AC}" => Key not found.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{825F640C-C4D6-4360-8A66-AB92D899B8E8}" => Key deleted successfully.
"HKCR\CLSID\{825F640C-C4D6-4360-8A66-AB92D899B8E8}" => Key not found.
"HKU\S-1-5-21-3062192331-469696382-193695978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F708717D-117C-4A3F-854C-CEADF5034489}" => Key deleted successfully.
"HKCR\CLSID\{F708717D-117C-4A3F-854C-CEADF5034489}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} => value deleted successfully.
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph" => Key deleted successfully.
"C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx" => File/Directory not found.
Browser Manager => Service deleted successfully.
DatamngrCoordinator => Service deleted successfully.
Update snipsmart => Service deleted successfully.
Util snipsmart => Service deleted successfully.
{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64 => Service stopped successfully.
{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64 => Service deleted successfully.
C:\Windows\SysWOW64\shoB4B2.tmp => Moved successfully.
C:\Windows\system32\Drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys => Moved successfully.
C:\Program Files (x86)\snipsmart => Moved successfully.
C:\Windows\System32\Tasks\{B12826D8-5876-4144-8CC9-FA4E3714E9C2} => Moved successfully.
"C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys" => File/Directory not found.
"C:\Program Files (x86)\snipsmart" => File/Directory not found.
"C:\Program Files (x86)\Movies Toolbar" => File/Directory not found.
C:\ProgramData\Browser Manager => Moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {FB084790-84B2-4B64-90BE-C540226F6C1D}.
{3E1A8F97-2BC8-47C6-8A01-3683EDC6E61F} canceled.
{557E9D7C-7285-4007-8883-A34CA75E16CF} canceled.
{168427DD-6973-4D29-B686-8C976CE4033C} canceled.
{C5DA4A45-096D-4C0D-B204-833676271CCA} canceled.
{B62BAA25-3676-4103-BC2E-AE66BAE90844} canceled.
{B3B670FD-3CE2-4115-8AAF-1D826DF3CDE5} canceled.
{994166FA-A221-453A-AF49-0BB97195BAB6} canceled.
{30D9AD2D-476F-4D2D-B332-957C356E0EA9} canceled.
8 out of 9 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 1.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10
Essexboy

Posted 24 November 2014 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

There is one more in the additions that needs removing but I will wait and see if AdwCleaner gets it

After the AdwCleaner run can you let me know how the computer is behaving

#11
krzybtchkris

Posted 24 November 2014 - 01:52 PM

Member

Topic Starter
Member
14 posts

OK lets get at it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-3062192331-469696382-193695978-1001\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKU\S-1-5-21-3062192331-469696382-193695978-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
URLSearchHook: HKU\S-1-5-21-3062192331-469696382-193695978-1001 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> BrowserMngrDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> bProtectorDefaultScope {24D50705-AA97-42AF-80AB-526F28384EE6}
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {24D50705-AA97-42AF-80AB-526F28384EE6} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {4C68102C-2C49-4F1C-92DE-1C8E84B583AC} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {825F640C-C4D6-4360-8A66-AB92D899B8E8} URL =
SearchScopes: HKU\S-1-5-21-3062192331-469696382-193695978-1001 -> {F708717D-117C-4A3F-854C-CEADF5034489} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKU\S-1-5-21-3062192331-469696382-193695978-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx []
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [X]
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
S2 Update snipsmart; "C:\Program Files (x86)\snipsmart\updatesnipsmart.exe" [X]
S2 Util snipsmart; "C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe" [X]
R1 {4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64; C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys [48784 2014-10-28] (StdLib)
2014-11-12 05:15 - 2014-11-12 05:15 - 00000000 _____ () C:\Windows\SysWOW64\shoB4B2.tmp
2014-10-28 14:23 - 2014-10-28 06:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
2014-10-28 13:18 - 2014-10-28 22:54 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-11-02 21:25 - 2014-01-28 09:05 - 00003154 _____ () C:\Windows\System32\Tasks\{B12826D8-5876-4144-8CC9-FA4E3714E9C2}
C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\Movies Toolbar
C:\ProgramData\Browser Manager
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and run farbar service scanner

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply

You can find the logfile at C:\AdwCleaner[S1].txt as well. I cant find it, did a search & nothing, it popped open but closed it by mistake. It opened in Word I think...

#12
Essexboy

Posted 24 November 2014 - 02:06 PM

GeekU Moderator

Retired Staff
69,964 posts

OK no problem, continue with FSS please so that I can confirm all of your services are running

#13
krzybtchkris

Posted 24 November 2014 - 02:20 PM

Member

Topic Starter
Member
14 posts

Why am I seeing all sorts of "new" folders & files, NetHood, PrintHood in my library tree?

#14
krzybtchkris

Posted 24 November 2014 - 02:23 PM

Member

Topic Starter
Member
14 posts

ok, here is the Fss log:

Farbar Service Scanner Version: 21-07-2014
Ran by Kildare (administrator) on 24-11-2014 at 15:21:27
Running from "C:\Users\Kildare\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#15
Essexboy

Posted 24 November 2014 - 02:37 PM

GeekU Moderator

Retired Staff
69,964 posts

The new folders are hidden system ones, they will be re-hidden once we are done

I will take out the last bits now in case AdwCleaner missed them.. What problems are outstanding ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Task: {A48347FE-F611-4B77-AC5E-87D1CC61A67A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that