Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bugs


  • Please log in to reply

#1
Reddoug

Reddoug

    Member

  • Member
  • PipPipPip
  • 291 posts

Hi All      Vista Home Premium 32bit 3GB RAM

 

This comp had an expired Norton AV running on it for a long time. Computer would not get on the internet. I had downloaded through lockable  flash drive and installed; Malwarebytes, AVG Free, ADWcleaner, Superantispyware and Spybot Ccleaner. After running programs, I can access internet. Had Java 6.25 on it, I was not able to update, get error 1603.Tried removing through add remove programs and Java uninstaller with no luck. 

Computer also had this in proxy    file://C:\Program Files\BatBrowse\bin\Pac9064.js

This computer is my mothers neighbors and I am helping her out.

 

Thanks, Doug

 

 

 

OTL logfile created on: 12/4/2014 2:40:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\James\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.94 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 36.91% Memory free
7.75 Gb Paging File | 6.05 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.15 Gb Total Space | 160.25 Gb Free Space | 72.46% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.95 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
 
Computer Name: RUTH | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/04 12:25:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2014/11/21 12:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/13 11:46:34 | 006,697,752 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe
PRC - [2014/11/09 21:56:14 | 003,653,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgui.exe
PRC - [2014/11/09 21:52:20 | 000,669,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgemcx.exe
PRC - [2014/11/09 21:50:28 | 001,071,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgnsx.exe
PRC - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/11/09 21:46:04 | 000,880,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2015\avgrsx.exe
PRC - [2014/11/09 21:43:46 | 000,691,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgcsrvx.exe
PRC - [2014/09/15 13:19:02 | 000,089,352 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/07/22 17:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/08 18:02:43 | 000,415,184 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/08 18:02:41 | 004,055,504 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 18:01:47 | 001,604,560 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2014/11/30 20:49:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/13 20:42:31 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/09/15 13:19:02 | 000,089,352 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/07/22 17:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 10:20:22 | 000,097,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/12/04 13:38:57 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/10/29 21:34:52 | 000,213,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/10/10 14:13:58 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/10/05 20:42:06 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/08/28 20:43:36 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/07/18 14:55:24 | 000,230,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/18 20:16:30 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/18 20:03:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/18 20:03:34 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/18 20:03:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/26 16:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 16:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 20:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/12/06 14:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 16:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 15:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D0C91CEA-70CC-427A-8390-1FED6A48B4EA}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS487
IE - HKCU\..\SearchScopes\{D0C91CEA-70CC-427A-8390-1FED6A48B4EA}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\CD358932374D4B7985DE68941A023067: "URL" = http://www.google.co...1I7GGHP_enUS487
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "https://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/27 21:00:24 | 000,000,000 | ---D | M]
 
[2011/01/30 12:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\mozilla\Extensions
[2014/11/27 20:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\mozilla\Firefox\Profiles\79fm89g9.default\extensions
[2011/12/05 12:21:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\James\AppData\Roaming\mozilla\Firefox\Profiles\79fm89g9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/05 12:21:07 | 000,000,000 | ---D | M] (iGoogle Tab Remover) -- C:\Users\James\AppData\Roaming\mozilla\Firefox\Profiles\79fm89g9.default\extensions\[email protected]
[2014/11/27 22:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/11/27 21:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/27 21:00:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\James\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_1\
CHR - Extension: Google Wallet = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2011/03/29 17:05:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10E3C097-72AF-4223-BA76-294E58A5CBC1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD3B128F-577B-4D91-85D0-07798C5607F6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\James\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\James\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{43f1243a-5e84-11e4-bbdf-001e68278a9a}\Shell - "" = AutoRun
O33 - MountPoints2\{43f1243a-5e84-11e4-bbdf-001e68278a9a}\Shell\AutoRun\command - "" = G:\KDMv2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/04 06:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/12/04 06:41:42 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/12/03 20:42:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/12/03 20:42:51 | 000,000,000 | -HSD | C] -- \found.000
[2014/11/30 21:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/11/30 21:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/11/30 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/11/30 11:31:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/11/30 11:31:14 | 000,000,000 | ---D | C] -- \Kaspersky Rescue Disk 10.0
[2014/11/27 22:39:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/11/27 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/11/27 21:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/11/27 15:10:47 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/11/27 15:10:47 | 000,000,000 | ---D | C] -- \SUPERDelete
[2014/11/27 10:33:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/27 10:33:41 | 000,000,000 | ---D | C] -- \AdwCleaner
[2014/11/27 10:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/27 10:21:55 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/27 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\AVG2015
[2014/11/27 10:01:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\TuneUp Software
[2014/11/27 10:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/11/27 09:59:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/11/27 09:59:23 | 000,000,000 | -H-D | C] -- \$AVG
[2014/11/27 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/11/27 09:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\MFAData
[2014/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Avg2015
[2014/11/27 09:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/11/27 09:55:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2014/11/27 09:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/11/27 09:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/11/27 09:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/11/27 09:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/27 09:55:23 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/27 09:55:23 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/27 09:55:23 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/27 09:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/27 09:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/27 09:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/04 14:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 14:38:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 14:38:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 14:25:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000UA.job
[2014/12/04 13:49:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/04 13:38:57 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/04 13:38:30 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/04 09:43:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/04 09:25:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000Core.job
[2014/12/04 08:41:37 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/12/04 08:41:37 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/12/04 08:41:18 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2014/12/04 08:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/04 07:21:20 | 000,000,162 | ---- | M] () -- C:\Windows\wininit.ini
[2014/12/04 06:41:43 | 000,001,057 | ---- | M] () -- C:\Users\James\Desktop\Revo Uninstaller.lnk
[2014/12/03 20:49:29 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJames.job
[2014/12/03 20:49:09 | 242,612,684 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/11/30 21:50:25 | 000,000,962 | ---- | M] () -- C:\Users\James\Desktop\Auslogics DiskDefrag.lnk
[2014/11/30 20:35:48 | 000,642,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/30 20:35:47 | 000,120,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/27 22:32:55 | 000,313,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/27 22:05:52 | 000,000,680 | ---- | M] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2014/11/27 21:15:23 | 000,110,747 | ---- | M] () -- C:\Users\James\AppData\Local\census.cache
[2014/11/27 21:15:22 | 000,213,144 | ---- | M] () -- C:\Users\James\AppData\Local\ars.cache
[2014/11/27 21:09:22 | 000,000,010 | ---- | M] () -- C:\Users\James\AppData\Local\sponge.last.runtime.cache
[2014/11/27 21:03:45 | 000,000,036 | ---- | M] () -- C:\Users\James\AppData\Local\housecall.guid.cache
[2014/11/27 21:00:55 | 000,000,870 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/11/27 21:00:51 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/27 10:28:53 | 000,767,002 | ---- | M] () -- C:\Users\James\Documents\cc_20141127_102834.reg
[2014/11/27 10:21:59 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/27 10:01:10 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/27 09:55:34 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/04 06:41:43 | 000,001,057 | ---- | C] () -- C:\Users\James\Desktop\Revo Uninstaller.lnk
[2014/12/03 20:49:09 | 242,612,684 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/11/30 21:50:25 | 000,000,962 | ---- | C] () -- C:\Users\James\Desktop\Auslogics DiskDefrag.lnk
[2014/11/27 21:15:23 | 000,110,747 | ---- | C] () -- C:\Users\James\AppData\Local\census.cache
[2014/11/27 21:15:22 | 000,213,144 | ---- | C] () -- C:\Users\James\AppData\Local\ars.cache
[2014/11/27 21:09:22 | 000,000,010 | ---- | C] () -- C:\Users\James\AppData\Local\sponge.last.runtime.cache
[2014/11/27 21:03:45 | 000,000,036 | ---- | C] () -- C:\Users\James\AppData\Local\housecall.guid.cache
[2014/11/27 21:00:51 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/11/27 16:17:48 | 000,000,162 | ---- | C] () -- C:\Windows\wininit.ini
[2014/11/27 11:01:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/27 10:28:37 | 000,767,002 | ---- | C] () -- C:\Users\James\Documents\cc_20141127_102834.reg
[2014/11/27 10:21:59 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/27 10:01:10 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/27 09:55:34 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/11/27 09:55:26 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/27 15:41:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/20 13:39:19 | 000,003,808 | ---- | C] () -- \{E72D6004-2A42-495C-941C-53302486B8C7}
[2014/09/20 13:38:11 | 000,003,808 | ---- | C] () -- \{A65CECAB-4ED9-41DB-A6DE-8F4E38206544}
[2014/09/20 13:36:13 | 000,004,864 | ---- | C] () -- \{4EAEAAC9-6832-4DB6-9A22-708CE04EF0DE}
[2014/09/20 13:34:48 | 000,002,928 | ---- | C] () -- \{0EFE157E-F26B-4267-8ECE-8867119A2CAE}
[2014/09/20 13:30:54 | 000,003,904 | ---- | C] () -- \{E4DD66E1-E7CD-454E-982A-3A1B453CCDA8}
[2014/09/06 09:43:00 | 000,003,872 | ---- | C] () -- \{1111EF83-4706-4E35-A9A1-52D3BFE70B47}
[2014/09/02 18:29:43 | 000,003,704 | ---- | C] () -- \{03314674-5675-4BC5-9C38-572A52430ED4}
[2014/08/31 21:53:28 | 000,000,044 | ---- | C] () -- C:\Users\James\AppData\Roaming\WB.CFG
[2010/12/30 11:10:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Units
[2010/12/30 11:10:32 | 000,000,268 | RH-- | C] () -- C:\Users\James\AppData\Roaming\Hybrid Synthesizers
[2010/12/30 11:10:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/30 11:06:23 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Capture
[2010/12/30 11:06:23 | 000,000,268 | RH-- | C] () -- C:\Users\James\AppData\Roaming\Hybrid Chords
[2010/12/30 11:06:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/27 12:49:39 | 000,000,680 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2009/02/20 03:14:40 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/20 03:14:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/27 10:44:12 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Roaming\wklnhst.dat
[2008/07/20 12:40:50 | 000,002,121 | ---- | C] () -- C:\Users\James\iP1800 series On-screen Manual.lnk
[2008/04/25 02:07:55 | 000,027,335 | ---- | C] () -- C:\Users\James\AppData\Roaming\nvModes.001
[2008/04/22 14:58:52 | 000,027,335 | ---- | C] () -- C:\Users\James\AppData\Roaming\nvModes.dat
[2008/04/21 11:30:07 | 000,004,608 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/08 00:49:06 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 00:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = \\?\globalroot\Device\HarddiskVolume1\Users\James\AppData\Local\Temp\sqppgss\spwtdxe\wow.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 07:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/11/27 10:02:15 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVG2015
[2014/09/24 10:01:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\BRT
[2009/08/28 10:28:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Canon
[2011/07/29 10:06:59 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\NewSoft
[2008/11/08 09:58:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ScanSoft
[2011/09/25 14:00:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Temp
[2008/12/27 10:44:16 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Template
[2014/11/27 10:01:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TuneUp Software
[2009/11/20 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\W Photo Studio Viewer
 
========== Purity Check ==========
 
 
 
< End of report >
 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Not seeing anything in your log but let's look a bit deeper:
 
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.


  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".


  • The tool will open and start scanning your system.


  • Please be patient as this can take a while to complete depending on your system's specifications.


  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.


  • Post the contents of JRT.txt into your next message.

 
 
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
[color=green]Note: You need to run the version compatible with your system. (32 bit should work for you)  
 

  •  


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 


  • Press Scan button. 


  • It will produce a log called FRST.txt in the same directory the tool is run from.  


  • Please copy and paste log back here. 


  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
 
 
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#3
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts

Hi

 

I attached the data you asked for.

 

Thanks, Doug

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Looks like you might have had Zero Access but it does not appear to be active.  Please do not attach your posts.  Easier for me if you copy and paste them.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Let's also run TDSSKiller to make sure:
 

Download TDSSKiller:
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.  
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 
 
and also Combofix:
 

ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
 
 
 

  • 0

#5
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts

Hi

 

The link for TD Killer dies not work. Error "redirect loop" when I click on link. Was able to download Combofix, have not run it yet.

 

Thanks, Doug


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

See if:

 

http://support.kaspe...iruses/utility#

 

will work for you.  Click on the TDSSKiller.zip button then check the box to agree to the terms and then Download.  The EXE file isn't working today so you will have to save the zip then right click on it and Extract All to the desktop.

 

If you can't get it to work go ahead and run Combofix first.


  • 0

#7
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Hi
 
 
Kaspersky did not find any problems. 
 
ComboFix 14-12-07.01 - James 12/10/2014  19:21:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3006.1549 [GMT -6:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-11 to 2014-12-11  )))))))))))))))))))))))))))))))
.
.
2014-12-11 01:31 . 2014-12-11 01:32 -------- d-----w- c:\users\James\AppData\Local\temp
2014-12-11 01:31 . 2014-12-11 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-06 16:35 . 2014-12-06 16:35 -------- d-----w- c:\program files\Speccy
2014-12-06 15:58 . 2014-12-06 16:23 -------- d-----w- C:\FRST
2014-12-06 15:38 . 2014-12-06 15:38 -------- d-----w- c:\windows\ERUNT
2014-12-06 14:22 . 2014-12-06 14:22 -------- d-----w- c:\users\James\AppData\Local\Macromedia
2014-12-04 12:41 . 2014-12-04 12:41 -------- d-----w- c:\program files\VS Revo Group
2014-12-04 02:42 . 2014-12-04 02:42 -------- d-----w- C:\found.000
2014-12-01 03:50 . 2014-12-01 03:50 -------- d-----w- c:\programdata\Auslogics
2014-12-01 03:50 . 2014-12-01 03:50 -------- d-----w- c:\program files\Auslogics
2014-11-30 17:31 . 2014-11-30 20:24 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-11-28 04:21 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-28 04:21 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-28 04:21 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-28 04:21 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-28 04:20 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-28 04:20 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-28 04:19 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-28 04:18 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-28 04:18 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-28 04:16 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-28 04:15 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-28 04:15 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-28 04:15 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-28 04:15 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-28 04:14 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-28 04:08 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-28 02:51 . 2014-10-27 19:20 149712 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-11-27 21:10 . 2014-11-27 21:10 -------- d-----w- C:\SUPERDelete
2014-11-27 17:01 . 2014-12-01 02:49 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-27 16:33 . 2014-12-06 21:59 -------- d-----w- C:\AdwCleaner
2014-11-27 16:21 . 2014-11-27 16:22 -------- d-----w- c:\program files\CCleaner
2014-11-27 16:21 . 2014-12-07 14:31 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-27 16:02 . 2014-11-27 16:02 -------- d-----w- c:\users\James\AppData\Roaming\AVG2015
2014-11-27 16:01 . 2014-11-27 16:01 -------- d-----w- c:\users\James\AppData\Roaming\TuneUp Software
2014-11-27 15:59 . 2014-11-27 15:59 -------- d-----w- C:\$AVG
2014-11-27 15:59 . 2014-11-27 16:13 -------- d-----w- c:\programdata\AVG2015
2014-11-27 15:57 . 2014-11-27 15:57 -------- d-----w- c:\program files\AVG
2014-11-27 15:56 . 2014-12-11 01:05 -------- d-----w- c:\programdata\MFAData
2014-11-27 15:56 . 2014-11-27 22:18 -------- d-----w- c:\users\James\AppData\Local\Avg2015
2014-11-27 15:56 . 2014-11-27 15:56 -------- d-----w- c:\users\James\AppData\Local\MFAData
2014-11-27 15:55 . 2014-12-04 13:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-11-27 15:55 . 2014-11-27 15:55 -------- d-----w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com
2014-11-27 15:55 . 2014-12-08 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-11-27 15:55 . 2014-11-27 15:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-11-27 15:55 . 2014-12-04 19:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-27 15:55 . 2014-11-27 15:55 -------- d-----w- c:\programdata\Malwarebytes
2014-11-27 15:55 . 2014-11-21 12:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-27 15:55 . 2014-11-21 12:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-27 15:55 . 2014-11-21 12:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-27 15:43 . 2014-12-04 12:55 -------- d-----w- c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-01 02:49 . 2011-08-29 21:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 03:34 . 2014-10-30 03:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-10 20:13 . 2014-10-10 20:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-06 02:42 . 2014-10-06 02:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-13 6697752]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-10 3653136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-06 21720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-7-14 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 17:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 21:18 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-04 20:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 14:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94157692
*Deregistered* - 94157692
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27 02:49]
.
2014-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 20:57]
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 20:57]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:45]
.
2014-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:45]
.
2014-12-06 c:\windows\Tasks\HPCeeScheduleForJames.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-10 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\79fm89g9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-10 19:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\James\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-12-10  19:33:57
ComboFix-quarantined-files.txt  2014-12-11 01:33
.
Pre-Run: 160,934,883,328 bytes free
Post-Run: 160,930,807,808 bytes free
.
- - End Of File - - F03A461DE2D0A526AFB387C01FBB7F50
1A1A06F62E891045814007163C1C76C3
 

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Not seeing anything so I think you are OK.

 

The folder:

 

 C:\found.000

 

was created by the disk check.  It contains the recovered files that it found but didn't know what to do with.  You can look inside and see if there are a lot and if they have real names.  Sometimes you will get files with just a few ?'s in the file name  so you can figure out what the file was.  Normally these are pretty worthless but sometimes you get some text out of them.  If there are a lot of tiles then either your hard drive is getting sick or your RAM is faulty.

 

You have a lot of stuff unchecked in MSCONFIG.  One of these is Adobe Reader,  It's version 8 which is very old.  Make sure you go back into msconfig before you uninstall it and get the latest version from adobe.com.  Do not install the optional garbage program.  Uncheck it before the download.

 

It's always a good idea to run the Norton Removal tool after uninstalling their anti-virus.  For some reason Norton's uninstaller is sloppy and doesn't do a good job of removing the pieces of the program.  These can cause strange problems so:  Download and save the norton removal tool

 
Run the Norton Removal tool.  (Right click and Run As Admin on Win 7 and Vista)
 
Reboot
 
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
What problems do you still have?  
 
 

 


  • 0

#9
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts

Thanks for your help, Doug

 

Computer seems to be running good. I am able to access internet through wireless connection now. Was able to install latest version of Java. Installed latest Adobe reader. I had run Norton uninstaller when I started on this computer after I installed AVG Free, I did run it again. Not 100% sure I ran the fixit correctly. 

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2014
Ran by James at 2014-12-12 22:06:45
Running from C:\Users\James\Desktop\AV programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Canon iP1800 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series) (Version:  - )
Canon iP1800 series User Registration (HKLM\...\Canon iP1800 series User Registration) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Canon MX300 series User Registration (HKLM\...\Canon MX300 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
EA Link (HKLM\...\InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}) (Version: 3.1.1.4 - Electronic Arts)
EA Link (Version: 3.1.1.4 - Electronic Arts) Hidden
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (HKU\S-1-5-21-384804571-3047648762-875681166-1000\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0088 (HKLM\...\{8347A7A5-4AB8-433F-82AA-496B0D189A9B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
LightScribe System Software  1.10.13.1 (Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
SaveTheChildren Reminder by We-Care.com v4.0.18.4 (HKLM\...\{DF6742E3-EA39-48C1-9343-CC3651C9E6BA}) (Version: 4.0.18.4 - We-Care.com)
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Super Granny® 6 (HKLM\...\753047b336ff56500c72b4a85eae6a8b) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
The Sims™ Life Stories (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
 
==================== Restore Points  =========================
 
28-11-2014 04:07:58 Windows Update
01-12-2014 03:29:32 Scheduled Checkpoint
04-12-2014 03:50:47 Scheduled Checkpoint
04-12-2014 13:20:29 Revo Uninstaller's restore point - Spybot - Search & Destroy
04-12-2014 18:20:32 Installed HP Support Solutions Framework
06-12-2014 19:53:26 Scheduled Checkpoint
06-12-2014 20:37:47 Revo Uninstaller's restore point - Speccy
07-12-2014 14:17:42 Scheduled Checkpoint
11-12-2014 01:46:25 Windows Update
13-12-2014 03:18:20 Revo Uninstaller's restore point - Adobe Reader 8.1.2
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 04:23 - 2014-12-10 19:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {109C2406-9E83-4075-8596-70CAD0BCE65A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {39098E33-E45E-4D8B-B3CB-2F5B7EDE19D7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {43175F4F-FD4D-4275-B41E-AAFB47BFD6EF} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {53CCF440-9F58-4234-80C0-7CF81B846ACE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {56866E6F-2F5C-4EB7-B817-C86C2DBF4CC6} - System32\Tasks\HPCeeScheduleForJames => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28] (Hewlett-Packard)
Task: {5942359D-27CD-430A-B108-E50490F9DACD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {6372A92C-E08F-45F4-A3F4-0D595105FBD6} - System32\Tasks\Total Domination => Chrome.exe --app=http://totaldominati...EyB0CtByEtCtDyB --app-window-size=102
Task: {76BE426B-D0D0-4EA1-9B14-0EF2F4DF6885} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {9F1C0A55-5C9A-4247-AE99-2F21DC6E6510} - System32\Tasks\Total Domination t => Chrome.exe --app=http://totaldominati...EyB0CtByEtCtDyB --app-window-size=102
Task: {B5510BE1-DF59-41EC-AC67-A4F76D03F4D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {BCE88EBF-B82A-45B5-8EF5-321EC2750DCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {E8034DE2-19B5-49FD-90AA-898CEEF48B3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {F305F749-D4F8-4BF8-89FB-7FCF4E4571CB} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {F9FD3037-C91F-4FAB-BE0F-F46E5895DC6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384804571-3047648762-875681166-1000UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJames.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-03-14 23:30 - 2007-12-19 20:28 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-03-14 23:30 - 2007-12-19 20:28 - 00251288 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-03-14 23:30 - 2007-12-19 20:28 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2008-03-10 12:07 - 2007-01-09 04:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-03-14 23:30 - 2007-12-19 20:28 - 00112016 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2008-11-08 10:03 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2008-11-08 10:03 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2007-05-16 11:43 - 2007-05-16 11:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2013-10-20 10:42 - 2013-10-08 18:02 - 04055504 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-20 10:42 - 2013-10-08 18:02 - 00415184 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-20 10:42 - 2013-10-08 18:01 - 01604560 _____ () C:\Users\James\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-384804571-3047648762-875681166-500 - Administrator - Disabled)
Guest (S-1-5-21-384804571-3047648762-875681166-501 - Limited - Disabled)
James (S-1-5-21-384804571-3047648762-875681166-1000 - Administrator - Enabled) => C:\Users\James
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2014 09:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.5.5443, time stamp 0x5475dd5d, faulting module mozalloc.dll, version 34.0.5.5443, time stamp 0x5475d664, exception code 0x80000003, fault offset 0x00001425,
process id 0x1700, application start time 0xplugin-container.exe0.
 
Error: (12/12/2014 09:18:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8884ab72-5aa3-4484-9a70-cbaa760e8c1c}
 
Error: (12/12/2014 09:10:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 22.254.168.192.in-addr.arpa. PTR Ruth.local.
 
Error: (12/12/2014 09:10:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.22:5353   14 22.254.168.192.in-addr.arpa. PTR Ruth-2.local.
 
Error: (12/10/2014 08:01:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 22.254.168.192.in-addr.arpa. PTR Ruth.local.
 
Error: (12/10/2014 08:01:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.22:5353   14 22.254.168.192.in-addr.arpa. PTR Ruth-2.local.
 
Error: (12/10/2014 07:44:45 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (12/10/2014 07:44:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (12/10/2014 07:20:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x800706be).
 
Error: (12/07/2014 07:35:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 3.0.0.10.in-addr.arpa. PTR Ruth.local.
 
 
System errors:
=============
Error: (12/12/2014 09:54:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (12/12/2014 09:33:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (12/12/2014 09:33:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (12/12/2014 09:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (12/12/2014 09:20:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (12/12/2014 09:20:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/12/2014 09:11:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.6 for the Network Card with network address 001F3A5547C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/12/2014 09:10:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (12/10/2014 08:32:40 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" -Embedding3{2F0E2680-9FF5-43C0-B76E-114A56E93598}
 
Error: (12/10/2014 08:26:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-12 22:06:39.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:38.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:37.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:36.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:35.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:34.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:34.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:33.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:03.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-12 22:06:02.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of memory in use: 40%
Total physical RAM: 3006.18 MB
Available physical RAM: 1787.25 MB
Total Pagefile: 7936.6 MB
Available Pagefile: 6628.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.15 GB) (Free:145.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A602A602)
Partition 1: (Active) - (Size=221.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
Fixlog
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2014
Ran by James at 2014-12-12 21:59:50 Run:1
Running from C:\Users\James\Desktop\AV programs
Loaded Profile: James (Available profiles: James)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyServer: localhost:21320
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-07-04] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
S3 hpqwmiex; 
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
Task: {3E61AE64-0809-4D19-91FC-E89602101DDD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-10-15] (IObit)
Task: {43906D32-72F8-4EB9-84FD-22471AA0884A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)
Task: {496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
Task: {6B026375-BCB7-498B-ACA9-EBD05EEF8CC6} - \BackgroundContainer Startup Task No Task File
Task: {77D02D23-2882-4103-A493-8B4BB916D478} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-06-20] ()
Task: {F8781616-5534-4F40-A524-9D3E273A72BB} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-01] (IObit)
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
 
*****************
 
HKU\ProxyServer: localhost:21320\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
"HKCR\CLSID\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) => Error: No automatic fix found for this entry.
\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
\\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => Value not found.
"HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2}" => Key not found.
LiveUpdateSvc => Service not found.
WinRing0_1_2_0 => Service not found.
SmartDefragDriver => Service not found.
HOSTS Anti-PUPs => Service not found.
hpqwmiex => Service stopped successfully.
hpqwmiex => Service deleted successfully.
"C:\ProgramData\PKP_DLeo.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLes.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLet.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLev.DAT" => File/Directory not found.
"C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E61AE64-0809-4D19-91FC-E89602101DDD}" => Key not found.
C:\Windows\System32\Tasks\SmartDefrag_Startup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43906D32-72F8-4EB9-84FD-22471AA0884A}" => Key not found.
C:\Windows\System32\Tasks\Driver Booster Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE}" => Key not found.
C:\Windows\System32\Tasks\Driver Booster Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B026375-BCB7-498B-ACA9-EBD05EEF8CC6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D02D23-2882-4103-A493-8B4BB916D478}" => Key not found.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8781616-5534-4F40-A524-9D3E273A72BB}" => Key not found.
C:\Windows\System32\Tasks\SmartDefragUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefragUpdate" => Key not found.
C:\Windows\Tasks\Driver Booster Update.job not found.
 
==== End of Fixlog ====
 

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Norton left a bunch of tasks in the task scheduler so let's remove them and some deadwood with another Fixlist:  Download and save it to the same place you have Frst then right click on FRST and Run as Admin.  HIt Fix.

 

 

You need to update Adobe Reader.  It should be version 11 and yours is version 10.  You can uninstall Speccy.

 

 


  • 0

Advertisements


#11
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Thanks
 
Here is the Fixit log.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by James at 2014-12-13 20:20:21 Run:2
Running from C:\Users\James\Desktop\AV programs
Loaded Profile: James (Available profiles: James)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyServer: localhost:21320
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-07-04] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
S3 hpqwmiex; 
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
Task: {3E61AE64-0809-4D19-91FC-E89602101DDD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-10-15] (IObit)
Task: {43906D32-72F8-4EB9-84FD-22471AA0884A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)
Task: {496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
Task: {6B026375-BCB7-498B-ACA9-EBD05EEF8CC6} - \BackgroundContainer Startup Task No Task File
Task: {77D02D23-2882-4103-A493-8B4BB916D478} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-06-20] ()
Task: {F8781616-5534-4F40-A524-9D3E273A72BB} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-01] (IObit)
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
 
*****************
 
HKU\ProxyServer: localhost:21320\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
"HKCR\CLSID\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) => Error: No automatic fix found for this entry.
\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
\\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => Value not found.
"HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2}" => Key not found.
LiveUpdateSvc => Service not found.
WinRing0_1_2_0 => Service not found.
SmartDefragDriver => Service not found.
HOSTS Anti-PUPs => Service not found.
hpqwmiex => Service not found.
"C:\ProgramData\PKP_DLeo.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLes.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLet.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLev.DAT" => File/Directory not found.
"C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E61AE64-0809-4D19-91FC-E89602101DDD}" => Key not found.
C:\Windows\System32\Tasks\SmartDefrag_Startup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43906D32-72F8-4EB9-84FD-22471AA0884A}" => Key not found.
C:\Windows\System32\Tasks\Driver Booster Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE}" => Key not found.
C:\Windows\System32\Tasks\Driver Booster Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B026375-BCB7-498B-ACA9-EBD05EEF8CC6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D02D23-2882-4103-A493-8B4BB916D478}" => Key not found.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8781616-5534-4F40-A524-9D3E273A72BB}" => Key not found.
C:\Windows\System32\Tasks\SmartDefragUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefragUpdate" => Key not found.
C:\Windows\Tasks\Driver Booster Update.job not found.
 
==== End of Fixlog ====

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Somehow I grabbed an old fixlist instead of the new one.  Sorry.  Didn't hurt anything just didn't work.  Try this one:


  • 0

#13
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts
Thanks, Doug
 
Here is the new Fixit log
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by James at 2014-12-14 13:40:52 Run:3
Running from C:\Users\James\Desktop\AV programs
Loaded Profile: James (Available profiles: James)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
Task: {39098E33-E45E-4D8B-B3CB-2F5B7EDE19D7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {76BE426B-D0D0-4EA1-9B14-0EF2F4DF6885} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {F305F749-D4F8-4BF8-89FB-7FCF4E4571CB} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
 
 
 
*****************
 
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key not found.
"HKU\S-1-5-21-384804571-3047648762-875681166-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39098E33-E45E-4D8B-B3CB-2F5B7EDE19D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39098E33-E45E-4D8B-B3CB-2F5B7EDE19D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76BE426B-D0D0-4EA1-9B14-0EF2F4DF6885}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76BE426B-D0D0-4EA1-9B14-0EF2F4DF6885}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F305F749-D4F8-4BF8-89FB-7FCF4E4571CB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F305F749-D4F8-4BF8-89FB-7FCF4E4571CB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
 
==== End of Fixlog ====

  • 0

#14
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts

Hi

 

I have a question, I looked through the fixit script and it said it would delete or move files. I could not tell where the files would be moved too, where do they go?

 

Thanks, Doug


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Items moved by the fix are kept in %systemdrive%\FRST\Quarantine, in most cases this will be C:\FRST\Quarantine until clean up and deletion of FRST

 

 

I'm not sure that includes registry items but if not there is a backup of the registry at  C:\FRST\Hives.

 

Was there something we removed that you wanted to recover?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP