Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox redirect / "Reported Web Forgery" [Solved] [Solved]


  • This topic is locked This topic is locked

#16
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-28 02:00:18 Run:3
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [{1742a5e5-5946-9d7f-b86f-7237e3770c5a}] => C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}.exe [377389 2014-12-26] ()
HKLM\...\Policies\Explorer\Run: [{1742a5e5-5946-9d7f-b86f-7237e3770c5a}] => C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}.exe [377389 2014-12-26] ( ())
C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Kwong\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Kwong\Application Data\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]
C:\Program Files\Common Files\Spigot
S1 auncgfxw; \??\C:\Windows\system32\drivers\auncgfxw.sys [X]
S1 gueekpdn; \??\C:\Windows\system32\drivers\gueekpdn.sys [X]
S1 hqietwrs; \??\C:\Windows\system32\drivers\hqietwrs.sys [X]
S1 jiwuxccq; \??\C:\Windows\system32\drivers\jiwuxccq.sys [X]
S1 ppklhyny; \??\C:\Windows\system32\drivers\ppklhyny.sys [X]
S1 uoevccnc; \??\C:\Windows\system32\drivers\uoevccnc.sys [X]
S1 upvhunsp; \??\C:\Windows\system32\drivers\upvhunsp.sys [X]
C:\Windows\system32\drivers\auncgfxw.sys
C:\Windows\system32\drivers\gueekpdn.sys
C:\Windows\system32\drivers\hqietwrs.sys
C:\Windows\system32\drivers\jiwuxccq.sys
C:\Windows\system32\drivers\ppklhyny.sys
C:\Windows\system32\drivers\uoevccnc.sys
C:\Windows\system32\drivers\upvhunsp.sys
2014-12-27 04:40 - 2014-12-27 04:42 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2014-12-27 04:40 - 2014-12-27 04:40 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\{1742a5e5-5946-9d7f-b86f-7237e3770c5a} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{1742a5e5-5946-9d7f-b86f-7237e3770c5a} => value deleted successfully.
C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a} => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aacbndibbcpajfgnkdkaakeiojmmgmnk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
auncgfxw => Service deleted successfully.
gueekpdn => Service deleted successfully.
hqietwrs => Service deleted successfully.
jiwuxccq => Service deleted successfully.
ppklhyny => Service deleted successfully.
uoevccnc => Service deleted successfully.
upvhunsp => Service deleted successfully.
"C:\Windows\system32\drivers\auncgfxw.sys" => File/Directory not found.
"C:\Windows\system32\drivers\gueekpdn.sys" => File/Directory not found.
"C:\Windows\system32\drivers\hqietwrs.sys" => File/Directory not found.
"C:\Windows\system32\drivers\jiwuxccq.sys" => File/Directory not found.
"C:\Windows\system32\drivers\ppklhyny.sys" => File/Directory not found.
"C:\Windows\system32\drivers\uoevccnc.sys" => File/Directory not found.
"C:\Windows\system32\drivers\upvhunsp.sys" => File/Directory not found.
C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
EmptyTemp: => Removed 268.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 02:01:56 ====

 

Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-28 02:14:39
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal

================== Search: "Chrome;ddnltwutmiw.exe" ===================

C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe
[2014-12-27 04:46][2014-12-27 04:46] 0860488 ____A (Google Inc.) 0BDAE865738D27A4D84D50591C8C9D2D [File is signed]

=== End Of Search ===

 

Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-28 02:23:17
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal

================== Search Registry: "Chrome" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\DelOnUninst0]
""=""C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir10]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome\Content"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir11]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome\Skin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir2]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir3]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir4]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\Dir9]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File1]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File2]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File5]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome\Content\browserrecordloader.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File6]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome\Content\browserrecordloader.xul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File7]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\Chrome\Skin\rp_logo.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\BrowserRecordPlugin:12.0\File8]
""="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\\Ext\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\Playerfiles:12.0\Reg2]
""="-2147483647|Software\RealNetworks\Preferences\DLP|ChromeOffset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0BD1890CAD3A1E4D96E77A45D17EA40]
"26DDC2EC4210AC63483DF9D4FCC5B59D"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\CutePDF Writer]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.micro...schemaframework" xmlns:xsi="http://www.w3.org/20...Schema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://schemas.micro...riverpt/CutePDF Writer/5.0.2195.3305/" xmlns:psk="http://schemas.micro...sf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">QwB1AHQAZQBQAEQARgAgAFcAcgBpAHQAZQByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEAgXcAMQCU++AAQIAAQDqCm8IZAABAA8AWAICAAEAWAIDAAEATABlAHQAdABlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBSSVbiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAQJxAnECcAABAnAAAAAAAAAAAAAMQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAAABAAXEsDAGhDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdaxebQUAAAADAAAA/wD/AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</psf:Value></psf:Property><psf:Property name="psf:Mandatory"><psf:Value xsi:type="xsd:QName">psk:Optional</psf:Value></psf:Property><psf:Property name="psf:MinLength"><psf:Value xsi:type="xsd:integer">0</psf:Value></psf:Property><psf:Property name="psf:MaxLength"><psf:Value xsi:type="xsd:integer">174760</psf:Value></psf:Property></psf:ParameterDef><psf:Feature name="psk:DocumentCollate"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Collate Copies</psf:Value></psf:Property><psf:Option name="psk:Collated"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Yes</psf:Value></psf:Property></psf:Option><psf:Option name="psk:Uncollated"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">No</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageOutputColor"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Color</psf:Value></psf:Property><psf:Option name="psk:Monochrome"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Black &amp; White</psf:Value></psf:Property></psf:Option><psf:Option name="psk:Color"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Color</psf:Value></psf:Property></psf:Option></psf:Feature><psf:ParameterDef name="psk:JobCopiesAllDocuments"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:integer</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">copies</psf:Value></psf:Property><psf:Property name="psf:Multiple"><psf:Value xsi:type="xsd:integer">1</psf:Value></psf:Property><psf:Property name="psf:MaxValue"><psf:Value xsi:type="xsd:integer">9999</psf:Value></psf:Property><psf:Property name="psf:MinValue"><psf:Value xsi:type="xsd:integer">1</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:integer">1</psf:Value></psf:Property><psf:Property name="psf:Mandatory"><psf:Value xsi:type="xsd:QName">psk:Unconditional</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Copy Count</psf:Value></psf:Property></psf:ParameterDef><psf:Feature name="psk:PageICMRenderingIntent"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ICM Intent</psf:Value></psf:Property><psf:Option name="psk:AbsoluteColorimetric"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Colormetric (Matching a particular color)</psf:Value></psf:Property></psf:Option><psf:Option name="psk:RelativeColorimetric"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Colormetric (Matching a particular color)</psf:Value></psf:Property></psf:Option><psf:Option name="psk:Photographs"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Contrast (Photographic images)</psf:Value></psf:Property></psf:Option><psf:Option name="psk:BusinessGraphics"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Saturation (Presentation grahics)</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageColorManagement"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ICM Method</psf:Value></psf:Property><psf:Option name="psk:None"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">None</psf:Value></psf:Property></psf:Option><psf:Option name="psk:System"/><psf:Option name="psk:Driver"/><psf:Option name="psk:Device"/></psf:Feature><psf:Feature name="psk:JobInputBin"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Paper Source</psf:Value></psf:Property><psf:Option name="psk:AutoSelect"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Automatically Select</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000257"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">OnlyOne</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageOrientation"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Orientation</psf:Value></psf:Property><psf:Option name="psk:Portrait"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Portrait</psf:Value></psf:Property></psf:Option><psf:Option name="psk:Landscape"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Landscape</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageMediaSize"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Paper Size</psf:Value></psf:Property><psf:Option name="psk:NorthAmericaLetter"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Letter</psf:Value></psf:Property></psf:Option><psf:Option name="psk:NorthAmericaTabloid"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">431800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Tabloid</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000004"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">431800</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Ledger</psf:Value></psf:Property></psf:Option><psf:Option name="psk:NorthAmericaLegal"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">355600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Legal</psf:Value></psf:Property></psf:Option><psf:Option name="psk:NorthAmericaStatement"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">139700</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Statement</psf:Value></psf:Property></psf:Option><psf:Option name="psk:NorthAmericaExecutive"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">184100</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">266700</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Executive</psf:Value></psf:Property></psf:Option><psf:Option name="psk:ISOA3"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">297000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">420000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">A3</psf:Value></psf:Property></psf:Option><psf:Option name="psk:ISOA4"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">210000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">297000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">A4</psf:Value></psf:Property></psf:Option><psf:Option name="psk:ISOA5"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">148000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">210000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">A5</psf:Value></psf:Property></psf:Option><psf:Option name="psk:ISOA2"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">420000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">594000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">A2</psf:Value></psf:Property></psf:Option><psf:Option name="psk:ISOA6"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">105000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">148000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">A6</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000119"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">431800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">11 x 17</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000120"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">165100</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">131500</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Screen</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000181"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">841000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1188800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ISO A0</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000182"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">594000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">841000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ISO A1</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000183"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">420100</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">594000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ISO A2</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000184"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">728100</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1030100</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">B1 (JIS)</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000185"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">515000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">728100</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">B2 (JIS)</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000186"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">364000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">515000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">B3 (JIS)</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000187"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">257100</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">364000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">B4 (JIS)[257 x 364 mm]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000188"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">182000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">257100</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">B5 (JIS)[182 x 257 mm]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000189"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">104700</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">241300</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">No. 10 Envelope[4.125 x 9.5 in]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000190"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">161900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">228900</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">C5 Envelope[162 x 229 mm]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000191"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">110000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">220100</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">DL Envelope[110 x 220 mm]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000192"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">98400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">190500</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Monarch Envelope[3.87 x 7.5 in]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000193"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">228600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">304800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH A</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000194"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">304800</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">457200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH B</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000195"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">457200</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH C</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000196"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH D</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000197"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1219200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH E</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000198"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">762000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1066800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ARCH E1</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000199"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">330200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Folio[8.5 x 13 in]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000200"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">139700</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Statement[5.5 x 8.5 in]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000201"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">190500</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">254000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Note[7.5 x 10 in]</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000202"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">706900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1000400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">ISO-B1</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000203"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">254000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">8.5 x 10 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000204"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">558800</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">22 x 36 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000205"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1219200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 48 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000206"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1524000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 60 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000207"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1828800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 72 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000208"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2133600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 84 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000209"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2438400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 96 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000210"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">609600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2743200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">24 x 108 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000211"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1066800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 42 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000212"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1524000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 60 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000213"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">1828800</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 72 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000214"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2133600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 84 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000215"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2438400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 96 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000216"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">914400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">2743200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">36 x 108 in</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000000217"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">139700</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Invitation</psf:Value></psf:Property></psf:Option><psf:Option name="ns0000:User0000032767"><psf:ScoredProperty name="psk:MediaSizeWidth"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:MediaSizeHeight"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">PostScript Custom Page Size</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Property name="psk:PageImageableSize"><psf:Property name="psk:ImageableSizeWidth"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:Property><psf:Property name="psk:ImageableSizeHeight"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:Property><psf:Property name="psk:ImageableArea"><psf:Property name="psk:OriginWidth"><psf:Value xsi:type="xsd:integer">0</psf:Value></psf:Property><psf:Property name="psk:OriginHeight"><psf:Value xsi:type="xsd:integer">0</psf:Value></psf:Property><psf:Property name="psk:ExtentWidth"><psf:Value xsi:type="xsd:integer">279400</psf:Value></psf:Property><psf:Property name="psk:ExtentHeight"><psf:Value xsi:type="xsd:integer">215900</psf:Value></psf:Property></psf:Property></psf:Property><psf:Feature name="psk:PageResolution"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Resolution</psf:Value></psf:Property><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">72</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">72</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">72 x 72</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">144</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">144</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">144 x 144</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">300</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">300</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">300 x 300</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">600 x 600</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">1200</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">1200</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">1200 x 1200</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">2400</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">2400</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">2400 x 2400</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">3600</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">3600</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">3600 x 3600</psf:Value></psf:Property></psf:Option><psf:Option><psf:ScoredProperty name="psk:ResolutionX"><psf:Value xsi:type="xsd:integer">4000</psf:Value></psf:ScoredProperty><psf:ScoredProperty name="psk:ResolutionY"><psf:Value xsi:type="xsd:integer">4000</psf:Value></psf:ScoredProperty><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">4000 x 4000</psf:Value></psf:Property></psf:Option></psf:Feature><psf:ParameterDef name="psk:PageScalingScale"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:integer</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">percent</psf:Value></psf:Property><psf:Property name="psf:Multiple"><psf:Value xsi:type="xsd:integer">1</psf:Value></psf:Property><psf:Property name="psf:MaxValue"><psf:Value xsi:type="xsd:integer">32767</psf:Value></psf:Property><psf:Property name="psf:MinValue"><psf:Value xsi:type="xsd:integer">1</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:integer">100</psf:Value></psf:Property><psf:Property name="psf:Mandatory"><psf:Value xsi:type="xsd:QName">psk:Optional</psf:Value></psf:Property></psf:ParameterDef><psf:Feature name="psk:PageScaling"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Scaling</psf:Value></psf:Property><psf:Option name="psk:CustomSquare"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">On</psf:Value></psf:Property><psf:ScoredProperty name="psk:Scale"><psf:ParameterRef name="psk:PageScalingScale"/></psf:ScoredProperty></psf:Option><psf:Option name="psk:None"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Off</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageTrueTypeFontMode"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">TrueType Font</psf:Value></psf:Property><psf:Option name="psk:DownloadAsRasterFont"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Download as Softfont</psf:Value></psf:Property></psf:Option></psf:Feature><psf:Feature name="psk:PageDeviceFontSubstitution"><psf:Property name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">psk:PickOne</psf:Value></psf:Property><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Substitute with Device Font</psf:Value></psf:Property><psf:Option name="psk:On"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">On</psf:Value></psf:Property></psf:Option><psf:Option name="psk:Off"><psf:Property name="psk:DisplayName"><psf:Value xsi:type="xsd:string">Off</psf:Value></psf:Property></psf:Option></psf:Feature></psf:PrintCapabilities>
"
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\RealNetworks\Preferences\DLP]
"ChromeOffset"="78"
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\RealNetworks\rnadmin\Preferences\Chrome]
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe"="Google Chrome"
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe"="Google Chrome"

====== End Of Search ======

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-28 03:50:35
-----------------------------
03:50:35.056    OS Version: Windows 6.0.6002 Service Pack 2
03:50:35.056    Number of processors: 2 586 0xF0D
03:50:35.056    ComputerName: KC03  UserName:
03:50:49.564    Initialize success
03:50:49.657    VM: initialized successfully
03:50:49.657    VM: Intel CPU virtualization not supported
03:53:17.514    AVAST engine defs: 14122800
03:53:32.552    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:53:32.552    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
03:53:32.802    Disk 0 MBR read successfully
03:53:32.802    Disk 0 MBR scan
03:53:32.942    Disk 0 Windows VISTA default MBR code
03:53:32.942    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
03:53:33.052    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 161792
03:53:33.130    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       292365 MB offset 21133312
03:53:33.176    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 619896832
03:53:33.520    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 619898880
03:53:33.707    Disk 0 scanning sectors +625139712
03:53:34.112    Disk 0 scanning C:\Windows\system32\drivers
03:54:04.080    Service scanning
03:54:25.000    Service MpKsl1799bda1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77EB21C2-4B95-406C-96CF-6A51FC4FE8F3}\MpKsl1799bda1.sys **LOCKED** 32
03:54:25.140    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
03:55:01.488    Modules scanning
03:55:01.488    Disk 0 trace - called modules:
03:55:01.566    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:55:01.566    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861ceac8]
03:55:01.582    3 CLASSPNP.SYS[889a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8521a030]
03:55:03.953    AVAST engine scan C:\Windows
03:55:11.784    AVAST engine scan C:\Windows\system32
04:02:57.339    AVAST engine scan C:\Windows\system32\drivers
04:03:23.313    AVAST engine scan C:\Users\Kwong
05:14:07.974    AVAST engine scan C:\ProgramData
05:20:08.890    Disk 0 statistics 3399652/0/0 @ 0.50 MB/s
05:20:08.891    Scan finished successfully
07:55:21.785    Disk 0 MBR has been saved successfully to "C:\Users\Kwong\Desktop\MBR.dat"
07:55:21.909    The log file has been saved successfully to "C:\Users\Kwong\Desktop\aswMBR.txt"

 


  • 0

Advertisements


#17
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you for the logs. It showed where this infection is hiding. Please do the following and let me know how your machine is doing.

 

Step#1 - Remove Google Chrome if found

Please check in Add/Remove programs to see if Google Chrome exists in the list. If it does, please uninstall the program. Instructions for doing so are here. Let me know if you find it.

 

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   857bytes   43 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - Fresh Set of Logs
 
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. Did you find Google Chrome in the Uninstall list?

2. FRST Fix log
3. FRST and Addition logs


Edited by BrianDrab, 28 December 2014 - 09:20 PM.

  • 0

#18
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Here are the logs below.  Google Chrome was not on the uninstall list.  By the way, some other things I noticed is that every tiem I run FRST and then later reopen Firefox, the icons to all of the website shortcut buttons in the toolbar disappear (the shortcut buttons are still there, but the button itself is blank w/o the logo for that particular website).  Although, when I click on that button to go to that website, the graphic returns.  Not sure why this happens.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-28 21:21:09 Run:4
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle
reg: reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F
reg: reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe" /F
reg: reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe" /F
reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Google" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F
reg: reg delete "HKLM\SOFTWARE\Google" /F
EmptyTemp:




*****************

Restore point was successfully created.
C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle => Moved successfully.

========= reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\Kwong\AppData\LocalLow\Adobe\Yharouowle\qnaxqxx\ddnltwutmiw.exe" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Google" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Google" /F =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 21:32:31 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by Kwong (administrator) on KC03 on 28-12-2014 21:44:51
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-02-20] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> DefaultScope {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Garmin Communicator - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Greasemonkey - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [206064 2008-12-16] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-03-14] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 21:44 - 2014-12-28 21:45 - 00013537 _____ () C:\Users\Kwong\Desktop\FRST.txt
2014-12-28 07:55 - 2014-12-28 07:55 - 00000512 _____ () C:\Users\Kwong\Desktop\MBR.dat
2014-12-28 02:24 - 2014-12-28 02:24 - 05198336 _____ (AVAST Software) C:\Users\Kwong\Desktop\aswMBR.exe
2014-12-27 12:48 - 2014-12-27 12:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 12:47 - 2014-12-27 12:47 - 01707646 _____ (Thisisu) C:\Users\Kwong\Desktop\JRT.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00139264 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-12-27 03:29 - 2014-12-27 12:37 - 00000000 ____D () C:\AdwCleaner
2014-12-27 03:28 - 2014-12-27 03:28 - 02173952 _____ () C:\Users\Kwong\Desktop\AdwCleaner.exe
2014-12-27 03:16 - 2014-12-27 03:16 - 00000000 ____D () C:\Users\Kwong\Desktop\FRST-OlderVersion
2014-12-26 08:48 - 2014-12-28 21:44 - 00000000 ____D () C:\FRST
2014-12-26 08:47 - 2014-12-27 03:16 - 01114624 _____ (Farbar) C:\Users\Kwong\Desktop\FRST.exe
2014-12-26 06:27 - 2014-12-26 06:27 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apps\2.0
2014-12-21 18:13 - 2014-12-21 18:17 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-11-18_25 furnace replacement project
2014-12-21 18:11 - 2014-12-21 18:12 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12-16 Christmas Tree
2014-12-16 20:38 - 2014-12-27 12:26 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple
2014-12-13 17:12 - 2014-12-23 23:11 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12 Xmas gifts
2014-12-10 21:55 - 2014-12-10 21:55 - 00143600 _____ () C:\Windows\Minidump\Mini121014-01.dmp
2014-12-05 22:05 - 2014-12-10 22:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Adobe
2014-12-05 19:54 - 2014-12-14 23:15 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple Computer
2014-12-05 19:01 - 2014-12-05 19:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Macromedia
2014-12-04 21:33 - 2014-12-04 21:33 - 00150184 _____ () C:\Users\Kwong\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 21:43 - 2011-09-29 19:44 - 00154613 _____ () C:\Users\Kwong\Application Data\nvModes.001
2014-12-28 21:39 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 21:38 - 2006-11-02 04:52 - 01464028 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 21:34 - 2010-03-13 01:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 21:34 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 21:34 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 21:34 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 21:33 - 2010-05-21 04:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-28 21:33 - 2006-11-02 05:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 21:27 - 2010-03-13 01:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 01:54 - 2012-12-25 16:10 - 00000000 ____D () C:\Users\Kwong\Desktop\iPhone Photos
2014-12-27 12:38 - 2013-12-31 16:04 - 00008878 _____ () C:\Windows\PFRO.log
2014-12-27 12:21 - 2010-04-11 20:35 - 00000000 ____D () C:\Program Files\MSECACHE
2014-12-27 12:19 - 2009-03-05 18:49 - 00000000 ____D () C:\Program Files\Java
2014-12-27 12:07 - 2013-11-05 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-27 03:02 - 2014-09-07 21:16 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-09-06 Wedding
2014-12-24 01:12 - 2009-08-21 12:42 - 00000000 ____D () C:\ThumbsPlus
2014-12-10 22:01 - 2012-06-16 04:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 22:01 - 2011-06-12 22:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:55 - 2009-03-19 11:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 21:54 - 2014-01-04 06:30 - 309505386 _____ () C:\Windows\MEMORY.DMP
2014-12-05 22:14 - 2014-01-21 21:08 - 00000000 ____D () C:\Users\Kwong\Desktop\Wedding Files
2014-11-30 17:41 - 2014-01-11 11:27 - 00004077 _____ () C:\Windows\setupact.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:41

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-28 21:45:52
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

15-12-2014 07:24:46 Windows Update
16-12-2014 20:49:30 Windows Update
17-12-2014 21:38:00 Windows Update
18-12-2014 23:36:38 Windows Update
19-12-2014 02:26:53 Windows Update
20-12-2014 14:45:16 Windows Update
21-12-2014 18:16:20 Windows Update
21-12-2014 21:07:32 Windows Update
22-12-2014 22:58:18 Windows Update
24-12-2014 01:22:50 Windows Update
24-12-2014 23:11:35 Scheduled Checkpoint
25-12-2014 08:31:14 Windows Update
26-12-2014 07:34:15 Revo Uninstaller's restore point - offFerodeeal
26-12-2014 07:55:58 Revo Uninstaller's restore point - ClickNRead
26-12-2014 08:00:21 Revo Uninstaller's restore point - roeckketdueAl
26-12-2014 11:33:44 Windows Update
27-12-2014 03:18:17 Restore Point Created by FRST
27-12-2014 11:48:01 Revo Uninstaller's restore point - Java 7 Update 65
27-12-2014 11:49:17 Removed Java 7 Update 65
27-12-2014 11:57:37 Windows Update
27-12-2014 12:09:55 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
27-12-2014 12:20:27 Revo Uninstaller's restore point - Windows Installer Clean Up
27-12-2014 12:21:02 Removed Windows Installer Clean Up
27-12-2014 12:21:49 Revo Uninstaller's restore point - Windows Installer Clean Up
28-12-2014 02:00:29 Restore Point Created by FRST
28-12-2014 05:45:15 Windows Update
28-12-2014 21:21:11 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {C2038A4A-9F6A-4A8F-9703-1736A4E1BA98} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-08-14 18:14 - 2013-06-18 06:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-10 22:01 - 2014-12-10 22:01 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 09:21:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8df1bb1b-613b-4418-aea9-d3b838a8b6a1}

Error: (12/28/2014 09:21:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4a68e98e-835c-406f-a317-946a326d3be7}

Error: (12/28/2014 09:21:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8df1bb1b-613b-4418-aea9-d3b838a8b6a1}

Error: (12/28/2014 09:18:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 665703

Error: (12/28/2014 09:18:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 665703

Error: (12/28/2014 09:18:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 09:18:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 664392

Error: (12/28/2014 09:18:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 664392

Error: (12/28/2014 09:18:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2014 09:18:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 663394


System errors:
=============
Error: (12/28/2014 09:37:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/28/2014 09:37:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (12/28/2014 09:35:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/28/2014 09:35:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/28/2014 09:34:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/28/2014 02:05:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/28/2014 02:05:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/28/2014 02:04:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/28/2014 02:02:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/27/2014 00:58:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-12-26 10:48:38.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:48:01.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:47:10.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:46:15.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:35:12.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:32:59.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:30:19.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:26:57.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 19:47:12.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 06:34:18.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 49%
Total physical RAM: 2045.31 MB
Available physical RAM: 1029.09 MB
Total Pagefile: 4325.88 MB
Available Pagefile: 3300.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.39 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:11.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0

#19
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

By the way, some other things I noticed is that every tiem I run FRST and then later reopen Firefox, the icons to all of the website shortcut buttons in the toolbar disappear (the shortcut buttons are still there, but the button itself is blank w/o the logo for that particular website).  Although, when I click on that button to go to that website, the graphic returns.  Not sure why this happens.

 

 

I assume you mean when you run an FRST fix. It's likely because we are clearing out all the temp files each time. As long as it comes back after you click on it then we should be OK.

 

Things are looking much better. Following is what I would like you to do.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   143bytes   25 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

 

Step#4 - Fresh Set of Logs
 
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

 

 

  

 

Items for your next post

1. FRST Fix log

2. Malwarebytes log

3. ESET Scan log

4. Fresh FRST and Addition logs

5. How's your machine doing now?


  • 0

#20
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Ok, so I ran FRST and then Malwarebytes, but the computer crashed while running Malwarebytes.  The crash consisted of the entire screen turning blue with some warning/error messages, and then the computer automatically rebooted itself.  Upon rebooting, a window pops up saying, "Windows has recovered from an unexpected shutdown" and in the body of the window was the following message:

 

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.0.6002.2.2.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    24
  BCP1:    001904AA
  BCP2:    A8BD4A1C
  BCP3:    A8BD4718
  BCP4:    888FA24B
  OS Version:    6_0_6002
  Service Pack:    2_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini123014-01.dmp
  C:\Users\Kwong\AppData\Local\temp\WER-145392-0.sysdata.xml
  C:\Users\Kwong\AppData\Local\temp\WER1100.tmp.version.txt

Read our privacy statement:
  http://go.microsoft....63&clcid=0x0409
 

 

 

So what should I do now?  Should I try running Malwarebytes again?


  • 0

#21
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Skip the Malwarebytes scan for now and move on to the ESET Scan. I'll be back to you regarding the Malwarebytes scan. Thanks.


  • 0

#22
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Ok, here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-29 23:51:21 Run:5
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
EmptyTemp:
*****************

Restore point was successfully created.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 28.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 23:52:01 ====

 

C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}.exe a variant of Win32/Kryptik.CUCY trojan
C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{2DF41C1B-BCD4-4770-9A45-87AC44957ADD}\msiexec.exe a variant of MSIL/Injector.GUS trojan
C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{8CA135F8-5ABC-4648-AF21-B84E10CDFFE3}\twain_32fix.dll a variant of Win32/Kryptik.CUHK trojan
C:\FRST\Quarantine\C\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\keymgr.dll a variant of Win32/Kryptik.CUFI trojan
C:\FRST\Quarantine\C\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected]\content\bg.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected]\content\bg.js JS/Kryptik.ATB trojan
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application
C:\ProgramData\4001812108\BIT7A52.tmp a variant of Win32/Adware.MultiPlug.DX application
C:\Users\All Users\4001812108\BIT7A52.tmp a variant of Win32/Adware.MultiPlug.DX application
C:\Users\Visitor\AppData\Roaming\Mozilla\Firefox\Profiles\tgttgsq7.default\extensions\staged\[email protected]\content\bg.js JS/Kryptik.ATB trojan
C:\Users\Visitor\AppData\Roaming\Mozilla\Firefox\Profiles\tgttgsq7.default\extensions\staged\[email protected]\content\bg.js JS/Kryptik.ATB trojan
 

 

 

LastRegBack: 2014-12-30 00:46

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-31 00:37:14
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

18-12-2014 23:36:38 Windows Update
19-12-2014 02:26:53 Windows Update
20-12-2014 14:45:16 Windows Update
21-12-2014 18:16:20 Windows Update
21-12-2014 21:07:32 Windows Update
22-12-2014 22:58:18 Windows Update
24-12-2014 01:22:50 Windows Update
24-12-2014 23:11:35 Scheduled Checkpoint
25-12-2014 08:31:14 Windows Update
26-12-2014 07:34:15 Revo Uninstaller's restore point - offFerodeeal
26-12-2014 07:55:58 Revo Uninstaller's restore point - ClickNRead
26-12-2014 08:00:21 Revo Uninstaller's restore point - roeckketdueAl
26-12-2014 11:33:44 Windows Update
27-12-2014 03:18:17 Restore Point Created by FRST
27-12-2014 11:48:01 Revo Uninstaller's restore point - Java 7 Update 65
27-12-2014 11:49:17 Removed Java 7 Update 65
27-12-2014 11:57:37 Windows Update
27-12-2014 12:09:55 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
27-12-2014 12:20:27 Revo Uninstaller's restore point - Windows Installer Clean Up
27-12-2014 12:21:02 Removed Windows Installer Clean Up
27-12-2014 12:21:49 Revo Uninstaller's restore point - Windows Installer Clean Up
28-12-2014 02:00:29 Restore Point Created by FRST
28-12-2014 05:45:15 Windows Update
28-12-2014 21:21:11 Restore Point Created by FRST
29-12-2014 01:59:32 Windows Update
29-12-2014 23:51:26 Restore Point Created by FRST
30-12-2014 07:34:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {1BB84130-FCA6-4F5D-A282-6CA32E084A57} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-08-14 18:14 - 2013-06-18 06:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-10 22:01 - 2014-12-10 22:01 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Apple Mobile Device Ethernet
Description: Apple Mobile Device Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Apple
Service: Netaapl
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 00:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29094

Error: (12/31/2014 00:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29094

Error: (12/31/2014 00:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 00:28:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (12/31/2014 00:28:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (12/31/2014 00:28:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/30/2014 07:34:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {eb1c9854-0a87-4abf-80d2-bbb6387357ed}

Error: (12/30/2014 00:42:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/30/2014 00:42:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/30/2014 00:41:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (12/30/2014 00:42:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/30/2014 00:42:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (12/30/2014 00:40:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/30/2014 00:40:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/30/2014 00:40:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/30/2014 00:39:05 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%842

Error: (12/30/2014 00:38:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:37:22 AM on 12/30/2014 was unexpected.

Error: (12/29/2014 11:57:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/29/2014 11:57:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (12/29/2014 11:55:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-12-31 00:37:06.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:35:45.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:35:45.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 58%
Total physical RAM: 2045.31 MB
Available physical RAM: 848.16 MB
Total Pagefile: 4327.88 MB
Available Pagefile: 3009.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.31 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:10.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

 

 

 

 

Machine seems to be running OK now, nothing out of the ordinary


  • 0

#23
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I see a few more malware items that we need to clean up. But first it appears that you only posted the Addition.txt log. On your desktop there should be a FRST.txt file. Can you post this please?


  • 0

#24
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Actually, the FRST.txt file literally was just this:

 

 

LastRegBack: 2014-12-30 00:46

==================== End Of Log ============================

 

 

 

I ran it twice and both time this is all that was in the .txt file that was generated.


  • 0

#25
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Would you mind deleting the FRST.exe file off your desktop, re-downloading it from here and running it again?

 

 


  • 0

Advertisements


#26
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Ok, here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by Kwong (administrator) on KC03 on 01-01-2015 13:10:52
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-02-20] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> DefaultScope {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Garmin Communicator - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Greasemonkey - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [206064 2008-12-16] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-03-14] (http://libusb-win32.sourceforge.net)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-30] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R1 MpKslff86006f; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{544B31DB-EC56-4BA2-AC41-697AF0772749}\MpKslff86006f.sys [39464 2014-12-31] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 13:10 - 2015-01-01 13:11 - 00013949 _____ () C:\Users\Kwong\Desktop\FRST.txt
2014-12-30 21:19 - 2014-12-30 21:19 - 00000000 ____D () C:\Program Files\ESET
2014-12-30 00:38 - 2014-12-30 00:39 - 00143648 _____ () C:\Windows\Minidump\Mini123014-01.dmp
2014-12-30 00:00 - 2014-12-30 00:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 23:59 - 2014-12-29 23:59 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-29 23:59 - 2014-12-29 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-29 23:59 - 2014-12-29 23:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-29 23:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-29 23:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-29 23:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-29 23:58 - 2014-12-29 23:59 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kwong\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-28 07:55 - 2014-12-28 07:55 - 00000512 _____ () C:\Users\Kwong\Desktop\MBR.dat
2014-12-28 02:24 - 2014-12-28 02:24 - 05198336 _____ (AVAST Software) C:\Users\Kwong\Desktop\aswMBR.exe
2014-12-27 12:48 - 2014-12-27 12:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 12:47 - 2014-12-27 12:47 - 01707646 _____ (Thisisu) C:\Users\Kwong\Desktop\JRT.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00139264 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-12-27 03:29 - 2014-12-27 12:37 - 00000000 ____D () C:\AdwCleaner
2014-12-27 03:28 - 2014-12-27 03:28 - 02173952 _____ () C:\Users\Kwong\Desktop\AdwCleaner.exe
2014-12-27 03:16 - 2014-12-27 03:16 - 00000000 ____D () C:\Users\Kwong\Desktop\FRST-OlderVersion
2014-12-26 08:48 - 2015-01-01 13:10 - 00000000 ____D () C:\FRST
2014-12-26 08:47 - 2015-01-01 13:10 - 01114624 _____ (Farbar) C:\Users\Kwong\Desktop\FRST.exe
2014-12-26 06:27 - 2014-12-26 06:27 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apps\2.0
2014-12-21 18:13 - 2014-12-21 18:17 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-11-18_25 furnace replacement project
2014-12-21 18:11 - 2014-12-21 18:12 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12-16 Christmas Tree
2014-12-16 20:38 - 2014-12-27 12:26 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple
2014-12-13 17:12 - 2014-12-23 23:11 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12 Xmas gifts
2014-12-10 21:55 - 2014-12-10 21:55 - 00143600 _____ () C:\Windows\Minidump\Mini121014-01.dmp
2014-12-05 22:05 - 2014-12-10 22:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Adobe
2014-12-05 19:54 - 2014-12-14 23:15 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple Computer
2014-12-05 19:01 - 2014-12-05 19:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Macromedia
2014-12-04 21:33 - 2014-12-04 21:33 - 00150184 _____ () C:\Users\Kwong\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 13:08 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 12:36 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 12:36 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 17:27 - 2010-03-13 01:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 16:41 - 2006-11-02 04:52 - 01541682 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 15:38 - 2010-03-13 01:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 00:39 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 00:38 - 2014-01-04 06:30 - 287587738 _____ () C:\Windows\MEMORY.DMP
2014-12-30 00:38 - 2013-12-31 16:04 - 00009242 _____ () C:\Windows\PFRO.log
2014-12-30 00:38 - 2009-03-19 11:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-29 23:59 - 2009-07-16 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 23:52 - 2010-05-21 04:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-29 23:52 - 2006-11-02 05:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 21:43 - 2011-09-29 19:44 - 00154613 _____ () C:\Users\Kwong\Application Data\nvModes.001
2014-12-28 01:54 - 2012-12-25 16:10 - 00000000 ____D () C:\Users\Kwong\Desktop\iPhone Photos
2014-12-27 12:21 - 2010-04-11 20:35 - 00000000 ____D () C:\Program Files\MSECACHE
2014-12-27 12:19 - 2009-03-05 18:49 - 00000000 ____D () C:\Program Files\Java
2014-12-27 12:07 - 2013-11-05 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-27 03:02 - 2014-09-07 21:16 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-09-06 Wedding
2014-12-24 01:12 - 2009-08-21 12:42 - 00000000 ____D () C:\ThumbsPlus
2014-12-10 22:01 - 2012-06-16 04:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 22:01 - 2011-06-12 22:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-05 22:14 - 2014-01-21 21:08 - 00000000 ____D () C:\Users\Kwong\Desktop\Wedding Files

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 00:46

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by Kwong at 2015-01-01 13:12:05
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

20-12-2014 14:45:16 Windows Update
21-12-2014 18:16:20 Windows Update
21-12-2014 21:07:32 Windows Update
22-12-2014 22:58:18 Windows Update
24-12-2014 01:22:50 Windows Update
24-12-2014 23:11:35 Scheduled Checkpoint
25-12-2014 08:31:14 Windows Update
26-12-2014 07:34:15 Revo Uninstaller's restore point - offFerodeeal
26-12-2014 07:55:58 Revo Uninstaller's restore point - ClickNRead
26-12-2014 08:00:21 Revo Uninstaller's restore point - roeckketdueAl
26-12-2014 11:33:44 Windows Update
27-12-2014 03:18:17 Restore Point Created by FRST
27-12-2014 11:48:01 Revo Uninstaller's restore point - Java 7 Update 65
27-12-2014 11:49:17 Removed Java 7 Update 65
27-12-2014 11:57:37 Windows Update
27-12-2014 12:09:55 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
27-12-2014 12:20:27 Revo Uninstaller's restore point - Windows Installer Clean Up
27-12-2014 12:21:02 Removed Windows Installer Clean Up
27-12-2014 12:21:49 Revo Uninstaller's restore point - Windows Installer Clean Up
28-12-2014 02:00:29 Restore Point Created by FRST
28-12-2014 05:45:15 Windows Update
28-12-2014 21:21:11 Restore Point Created by FRST
29-12-2014 01:59:32 Windows Update
29-12-2014 23:51:26 Restore Point Created by FRST
30-12-2014 07:34:43 Windows Update
31-12-2014 15:57:40 Windows Update
31-12-2014 16:39:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {1BB84130-FCA6-4F5D-A282-6CA32E084A57} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-08-14 18:14 - 2013-06-18 06:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-10 22:01 - 2014-12-10 22:01 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 00:36:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66829066

Error: (01/01/2015 00:36:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66829066

Error: (01/01/2015 00:36:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 04:55:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/31/2014 04:45:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/31/2014 04:39:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {22111e80-e3b2-4674-9653-d0a05237ce6f}

Error: (12/31/2014 03:57:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {13a86d6c-12a3-44ec-b03d-f0877c3c20bb}

Error: (12/31/2014 03:56:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 468127

Error: (12/31/2014 03:56:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 468127

Error: (12/31/2014 03:56:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/30/2014 00:42:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/30/2014 00:42:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (12/30/2014 00:40:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/30/2014 00:40:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/30/2014 00:40:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/30/2014 00:39:05 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%835

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: %%842

Error: (12/30/2014 00:38:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:37:22 AM on 12/30/2014 was unexpected.

Error: (12/29/2014 11:57:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (12/29/2014 11:57:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (12/29/2014 11:55:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-01 13:11:51.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 58%
Total physical RAM: 2045.31 MB
Available physical RAM: 858.85 MB
Total Pagefile: 4327.88 MB
Available Pagefile: 3036.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.31 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:10.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS
Drive f: (Seagate External 2) (Fixed) (Total:1397.26 GB) (Free:261.85 GB) NTFS
Drive g: (A-DATA UFD) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 6B360B70)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================


  • 0

#27
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the logs. Please follow the instructions below.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   191bytes   52 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Detect Registry Changes
1. Download procmon.exe from Microsoft and save it to your desktop.
2. Download ProcmonConfiguration.pmc and save it to your desktop.
3. Right-Click on Procmon.exe and select Run as administrator. You may receive a User Account Control prompt. Please allow it to run.
4. Click the File menu and choose Import Configuration....
5. Choose the ProcmonConfiguration.pmc file that you downloaded to your desktop.
6. Registry Changes are now being detected and recorded.

 

 

Step#3 - Manually Remove Internet Proxy
1. Click the Start Orb and choose Control Panel.
ControlPanel.JPG
 
2. Choose Classic View and then Internet Options.
InternetOptions.JPG
 
3. Choose the Connections tab and click the LAN settings button.
LANSettings.JPG
 
4. Click the check box under Proxy server (if it's not already checked) and click the Advanced button.
ProxyServerAdvanced.JPG
 
5. Ensure that there is nothing in any of the fields on this screen. If there is delete the values out.
ProxyServerAdvancedScreen.JPG
 
6. Click OK. You may get the following message about an invalid proxy server. Please click Yes.
InvalidProxyServer.JPG
 
7. At this point ensure that everything is blank and nothing is checked.
LanSettingsBlank.JPG
 
8. Click OK. Then Click OK again on the Internet Properties window.

 

Step#4 - BSOD Log
1. Please download the 32-bit version of Bluescreenview from here and save it to your desktop.
2. Right-click on the downloaded file (bluescreenview.zip) and select Extract All. Click the Extract button and a folder will open with the contents that were extracted.
3. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
4. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
5. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
6. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

Step#5 - Saving a Procmon Log

1. Please click the Capture icon on the toolbar to stop the capture. (it's the icon that looks like a magnifying glass).
Capture.JPG
 
2. Select the file menu and choose Save. Keep all the defaults and click OK. This should save a file named Logfile.PML to your desktop.
3. Please send me the Logfile.PML file. You will need to use dropbox, skydrive or another service such as https://www.sendspace.com/ to attach the file and then send me a link to download it.

 

 

Step#6 - Verify if Proxy is Set Again

1. Follow steps 1 through 4 from Manually Remove Internet Proxy from above and let me know if the Address field on this screen shows 127.0.0.1 or if it's blank.

 

 

 

Items for your next post

1. FRST Fix Log

2. Blue Screen log

3. Logfile.PML file

4. Did the Proxy reset to 127.0.0.1


  • 0

#28
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2015
Ran by Kwong at 2015-01-01 22:49:05 Run:6
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\ProgramData\4001812108
C:\Users\All Users\4001812108
C:\Users\Visitor\AppData\Roaming\Mozilla\Firefox\Profiles\tgttgsq7.default\extensions\staged
EmptyTemp:




*****************

Restore point was successfully created.
C:\ProgramData\4001812108 => Moved successfully.
"C:\Users\All Users\4001812108" => File/Directory not found.
C:\Users\Visitor\AppData\Roaming\Mozilla\Firefox\Profiles\tgttgsq7.default\extensions\staged => Moved successfully.
EmptyTemp: => Removed 91.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:49:34 ====



==================================================
Dump File         : Mini123014-01.dmp
Crash Time        : 12/30/2014 12:37:46 AM
Bug Check String  : NTFS_FILE_SYSTEM
Bug Check Code    : 0x00000024
Parameter 1       : 0x001904aa
Parameter 2       : 0xa8bd4a1c
Parameter 3       : 0xa8bd4718
Parameter 4       : 0x888fa24b
Caused By Driver  : Ntfs.sys
Caused By Address : Ntfs.sys+ef24b
File Description  : NT File System Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : Ntfs.sys+19fff
Stack Address 2   : Ntfs.sys+17292
Stack Address 3   : ntkrnlpa.exe+ad1d8
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini123014-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,648
Dump File Time    : 12/30/2014 12:39:07 AM
==================================================

==================================================
Dump File         : Mini121014-01.dmp
Crash Time        : 12/10/2014 9:52:55 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851dd578
Parameter 3       : 0x86d2b030
Parameter 4       : 0x84a218d8
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini121014-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 12/10/2014 9:55:13 PM
==================================================

==================================================
Dump File         : Mini092914-01.dmp
Crash Time        : 9/28/2014 11:51:25 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851de6b0
Parameter 3       : 0x86ae7030
Parameter 4       : 0x85d5a890
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini092914-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 9/28/2014 11:53:17 PM
==================================================

==================================================
Dump File         : Mini072214-01.dmp
Crash Time        : 7/21/2014 11:36:13 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851dcb70
Parameter 3       : 0x85c36380
Parameter 4       : 0x8500e008
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini072214-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 7/21/2014 11:37:14 PM
==================================================

==================================================
Dump File         : Mini053014-01.dmp
Crash Time        : 5/30/2014 6:36:27 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851dc6b0
Parameter 3       : 0x86be1030
Parameter 4       : 0x84b88a60
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini053014-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 5/30/2014 6:37:49 AM
==================================================

==================================================
Dump File         : Mini050514-01.dmp
Crash Time        : 5/5/2014 9:50:25 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851de578
Parameter 3       : 0x85c3b380
Parameter 4       : 0x85140008
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini050514-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 5/5/2014 9:51:47 PM
==================================================

==================================================
Dump File         : Mini040214-01.dmp
Crash Time        : 4/2/2014 10:58:49 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851de6b0
Parameter 3       : 0x86bef030
Parameter 4       : 0x863696e8
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini040214-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 4/2/2014 10:59:46 PM
==================================================

==================================================
Dump File         : Mini022714-01.dmp
Crash Time        : 2/27/2014 2:44:45 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851de6b0
Parameter 3       : 0x86bf9030
Parameter 4       : 0x84a574e0
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini022714-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 2/27/2014 2:46:11 AM
==================================================

==================================================
Dump File         : Mini011414-01.dmp
Crash Time        : 1/14/2014 8:05:06 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851ef030
Parameter 3       : 0x86c5b030
Parameter 4       : 0x861c0608
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini011414-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 1/14/2014 8:06:26 AM
==================================================

==================================================
Dump File         : Mini011114-01.dmp
Crash Time        : 1/11/2014 12:09:29 PM
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 0x00000007
Parameter 2       : 0x0000110b
Parameter 3       : 0x08290015
Parameter 4       : 0x91fc62f0
Caused By Driver  : NETw4v32.sys
Caused By Address : NETw4v32.sys+2166d0
File Description  : Intel® Wireless WiFi Link Driver
Product Name      : Intel® Wireless WiFi Link Adapter
Company           : Intel Corporation
File Version      : 11.1.0.86
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+ed184
Stack Address 2   : ntkrnlpa.exe+ee9c0
Stack Address 3   : NETw4v32.sys+6897
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini011114-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,648
Dump File Time    : 1/11/2014 12:10:37 PM
==================================================

==================================================
Dump File         : Mini010414-01.dmp
Crash Time        : 1/4/2014 6:29:40 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x851deb70
Parameter 3       : 0x86d6a030
Parameter 4       : 0x86039868
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+cdb0d
Stack Address 1   : ntkrnlpa.exe+313ab
Stack Address 2   : ntkrnlpa.exe+30fc8
Stack Address 3   : ntkrnlpa.exe+aa2eb
Computer Name     :
Full Path         : C:\Windows\Minidump\Mini010414-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 143,600
Dump File Time    : 1/4/2014 6:31:10 AM
==================================================


Here's the Logfile.PML:

https://www.sendspace.com/file/au4nqt



The address field is blank.


  • 0

#29
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please do the following. We're almost done. Let me know how your machine is doing.

 

Step#1 - Uninstall MalwareBytes
Since it caused your machine to crash I don't want to chance that again so please uninstall this program from Add/Remove programs.

 

Step#2 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#3 - Update Internet Explorer

Even though you may not use IE for your browser, leaving it at version 8 is a security risk as the browser can be exploited. Please update to Version 9. You can download/install from here.

 

Step#4- Fresh Set of Logs
 
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. Security Check log
2. FRST and Addition logs

 


  • 0

#30
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 8 Out of date!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java version 32-bit out of Date!
 Adobe Flash Player     16.0.0.235  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Microsoft Security Client Antimalware MsMpEng.exe  
 Microsoft Security Client Antimalware MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 02
Ran by Kwong (administrator) on KC03 on 03-01-2015 07:58:49
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-02-20] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> DefaultScope {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Garmin Communicator - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Greasemonkey - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [206064 2008-12-16] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-03-14] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 07:58 - 2015-01-03 07:59 - 00013847 _____ () C:\Users\Kwong\Desktop\FRST.txt
2015-01-03 03:33 - 2015-01-03 03:33 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-03 03:33 - 2015-01-03 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-03 03:33 - 2015-01-03 03:33 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-03 03:33 - 2015-01-03 03:33 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-03 03:33 - 2015-01-03 03:33 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-03 03:33 - 2015-01-03 03:33 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-03 03:33 - 2015-01-03 03:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-03 03:33 - 2015-01-03 03:33 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-03 03:32 - 2015-01-03 03:32 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00979456 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00797184 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-01-03 03:32 - 2015-01-03 03:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 01554432 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2015-01-03 03:31 - 2015-01-03 03:31 - 00638336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-03 03:31 - 2015-01-03 03:31 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-01-03 03:31 - 2015-01-03 03:31 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-03 03:31 - 2015-01-03 03:31 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2015-01-03 03:30 - 2015-01-03 03:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2015-01-03 03:30 - 2015-01-03 03:30 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-03 03:28 - 2015-01-03 07:50 - 00004023 _____ () C:\Windows\IE9_main.log
2015-01-03 03:28 - 2015-01-03 03:28 - 18005296 _____ (Microsoft Corporation) C:\Users\Kwong\Desktop\IE9-WindowsVista-x86-enu(1).exe
2015-01-03 03:26 - 2015-01-03 03:26 - 00001207 _____ () C:\Users\Kwong\Desktop\checkup.txt
2015-01-03 02:35 - 2015-01-03 02:35 - 00852504 _____ () C:\Users\Kwong\Desktop\SecurityCheck.exe
2015-01-01 23:19 - 2015-01-01 23:21 - 19608628 _____ () C:\Users\Kwong\Desktop\Logfile.PML
2015-01-01 23:17 - 2015-01-01 23:17 - 00023732 _____ () C:\Users\Kwong\Desktop\BSOD.txt
2015-01-01 23:08 - 2015-01-01 23:19 - 00000000 ____D () C:\Users\Kwong\Desktop\bluescreenview
2015-01-01 23:06 - 2015-01-01 23:06 - 00066913 _____ () C:\Users\Kwong\Desktop\bluescreenview.zip
2015-01-01 22:57 - 2015-01-01 22:57 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kwong\Desktop\procmon.exe
2015-01-01 22:57 - 2015-01-01 22:57 - 00002582 _____ () C:\Users\Kwong\Desktop\ProcmonConfiguration.pmc
2015-01-01 22:55 - 2015-01-01 23:33 - 00012819 _____ () C:\Users\Kwong\Desktop\A.txt
2014-12-30 21:19 - 2014-12-30 21:19 - 00000000 ____D () C:\Program Files\ESET
2014-12-30 00:38 - 2014-12-30 00:39 - 00143648 _____ () C:\Windows\Minidump\Mini123014-01.dmp
2014-12-29 23:58 - 2014-12-29 23:59 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kwong\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-28 07:55 - 2014-12-28 07:55 - 00000512 _____ () C:\Users\Kwong\Desktop\MBR.dat
2014-12-28 02:24 - 2014-12-28 02:24 - 05198336 _____ (AVAST Software) C:\Users\Kwong\Desktop\aswMBR.exe
2014-12-27 12:48 - 2014-12-27 12:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 12:47 - 2014-12-27 12:47 - 01707646 _____ (Thisisu) C:\Users\Kwong\Desktop\JRT.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00139264 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-12-27 03:29 - 2014-12-27 12:37 - 00000000 ____D () C:\AdwCleaner
2014-12-27 03:28 - 2014-12-27 03:28 - 02173952 _____ () C:\Users\Kwong\Desktop\AdwCleaner.exe
2014-12-27 03:16 - 2015-01-03 07:58 - 00000000 ____D () C:\Users\Kwong\Desktop\FRST-OlderVersion
2014-12-26 08:48 - 2015-01-03 07:58 - 00000000 ____D () C:\FRST
2014-12-26 08:47 - 2015-01-03 07:58 - 01115136 _____ (Farbar) C:\Users\Kwong\Desktop\FRST.exe
2014-12-26 06:27 - 2014-12-26 06:27 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apps\2.0
2014-12-16 20:38 - 2014-12-27 12:26 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple
2014-12-13 17:12 - 2014-12-23 23:11 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12 Xmas gifts
2014-12-10 21:55 - 2014-12-10 21:55 - 00143600 _____ () C:\Windows\Minidump\Mini121014-01.dmp
2014-12-05 22:05 - 2014-12-10 22:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Adobe
2014-12-05 19:54 - 2014-12-14 23:15 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple Computer
2014-12-05 19:01 - 2014-12-05 19:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Macromedia
2014-12-04 21:33 - 2014-12-04 21:33 - 00150184 _____ () C:\Users\Kwong\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 07:58 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-03 07:57 - 2006-11-02 04:52 - 01588131 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 07:55 - 2010-03-13 01:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 07:55 - 2009-03-05 17:55 - 00000956 _____ () C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 07:54 - 2009-03-05 17:46 - 00000000 ____D () C:\Windows\Panther
2015-01-03 07:54 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 07:54 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 07:52 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 07:50 - 2010-05-21 04:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-03 07:50 - 2006-11-02 05:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-03 07:50 - 2006-11-02 03:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-01-03 07:27 - 2010-03-13 01:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 03:33 - 2006-11-01 22:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2015-01-03 03:33 - 2006-11-01 22:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2015-01-03 02:28 - 2006-11-02 02:23 - 00000254 _____ () C:\Windows\win.ini
2015-01-01 15:17 - 2014-09-07 21:16 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-09-06 Wedding
2015-01-01 15:08 - 2014-01-11 11:27 - 00004872 _____ () C:\Windows\setupact.log
2015-01-01 14:44 - 2009-03-05 19:45 - 00000000 ___RD () C:\Users\Kwong\KC Files
2014-12-30 00:38 - 2014-01-04 06:30 - 287587738 _____ () C:\Windows\MEMORY.DMP
2014-12-30 00:38 - 2013-12-31 16:04 - 00009242 _____ () C:\Windows\PFRO.log
2014-12-30 00:38 - 2009-03-19 11:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-29 23:59 - 2009-07-16 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 21:43 - 2011-09-29 19:44 - 00154613 _____ () C:\Users\Kwong\Application Data\nvModes.001
2014-12-28 01:54 - 2012-12-25 16:10 - 00000000 ____D () C:\Users\Kwong\Desktop\iPhone Photos
2014-12-27 12:21 - 2010-04-11 20:35 - 00000000 ____D () C:\Program Files\MSECACHE
2014-12-27 12:19 - 2009-03-05 18:49 - 00000000 ____D () C:\Program Files\Java
2014-12-27 12:07 - 2013-11-05 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-24 01:12 - 2009-08-21 12:42 - 00000000 ____D () C:\ThumbsPlus
2014-12-10 22:01 - 2012-06-16 04:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 22:01 - 2011-06-12 22:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-03 07:57

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 02
Ran by Kwong at 2015-01-03 07:59:45
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

27-12-2014 11:48:01 Revo Uninstaller's restore point - Java 7 Update 65
27-12-2014 11:49:17 Removed Java 7 Update 65
27-12-2014 11:57:37 Windows Update
27-12-2014 12:09:55 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
27-12-2014 12:20:27 Revo Uninstaller's restore point - Windows Installer Clean Up
27-12-2014 12:21:02 Removed Windows Installer Clean Up
27-12-2014 12:21:49 Revo Uninstaller's restore point - Windows Installer Clean Up
28-12-2014 02:00:29 Restore Point Created by FRST
28-12-2014 05:45:15 Windows Update
28-12-2014 21:21:11 Restore Point Created by FRST
29-12-2014 01:59:32 Windows Update
29-12-2014 23:51:26 Restore Point Created by FRST
30-12-2014 07:34:43 Windows Update
31-12-2014 15:57:40 Windows Update
31-12-2014 16:39:12 Windows Update
01-01-2015 16:41:57 Windows Update
01-01-2015 22:49:07 Restore Point Created by FRST
02-01-2015 18:34:08 Windows Update
03-01-2015 02:33:20 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
03-01-2015 03:30:09 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {8F24A947-1516-44A3-9FA8-31CDD9C71D08} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {B8BC935C-DC7F-432E-ADD3-1D01348B6E75} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-08-14 18:14 - 2013-06-18 06:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-10 22:01 - 2014-12-10 22:01 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2015 07:59:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/03/2015 07:59:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/03/2015 03:30:09 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {814fdac0-c1cd-4d3a-9883-595b9982b9ad}

Error: (01/03/2015 02:33:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {4689b7fb-96e1-4f68-9ed8-0f58412a891b}

Error: (01/03/2015 02:33:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4508ca21-38be-4e2f-a230-f1541d495046}

Error: (01/03/2015 02:33:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {4689b7fb-96e1-4f68-9ed8-0f58412a891b}

Error: (01/03/2015 02:28:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/03/2015 02:28:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/03/2015 02:20:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27592896

Error: (01/03/2015 02:20:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27592896


System errors:
=============
Error: (01/03/2015 07:56:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (01/03/2015 07:56:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (01/03/2015 07:54:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/03/2015 07:53:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/03/2015 07:53:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/03/2015 07:52:36 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%835

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: %%842

Error: (01/03/2015 02:30:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (01/03/2015 02:30:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 120000Google Update Service (gupdate)

Error: (01/03/2015 02:28:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/03/2015 02:28:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-01 13:11:51.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:51.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 13:11:50.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-31 00:37:06.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 50%
Total physical RAM: 2045.31 MB
Available physical RAM: 1015.64 MB
Total Pagefile: 4327.88 MB
Available Pagefile: 3367.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.93 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:16.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP