Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to remove suspected malware - cannot download malware removal t


  • This topic is locked This topic is locked

#1
CaptFeathers

CaptFeathers

    Member

  • Member
  • PipPip
  • 15 posts
Hello,

I'm new here, so pardon my lack of knowledge on the matter, but here's my issue:

This is my grandmother's computer, so I'm not too familiar with it. She uses Avast and has been getting a lot of doomsday messages... Hundreds of allegedly infected files. Here are the two "threats" that stuck out to me: win32.malware-gen and win32.evo-gen [Susp]. I've tried to run scans via Avast with no success, as well as attempting to download Malwarebytes and using ESet Online Scanner. After several tries, I was eventually able to find an RKill link that worked. The report didn't show anything out of the ordinary and even after using it, still couldn't download Malwarebytes or any other malware/virus removal method. I am currently running in Safe Mode with Networking. Below is the OTL log:


OTL logfile created on: 01/23/15 4:10:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nora\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.93 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 77.37% Memory free
5.86 Gb Paging File | 5.24 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 189.18 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 1.76 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Computer Name: NORA-PC | User Name: Nora | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/23 16:10:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nora\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/21 10:00:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/21 10:00:09 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/17 19:25:08 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/26 17:51:18 | 000,254,016 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/10/26 17:51:18 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/09/23 15:43:26 | 000,297,272 | ---- | M] (Green search security) [Auto | Stopped] -- C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe -- (internethelper_antiphishing)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe -- (HawkesUpdater)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/11/22 10:35:14 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/21 10:00:35 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/21 10:00:35 | 000,267,632 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/21 10:00:35 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/21 10:00:35 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/21 10:00:35 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/21 10:00:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/21 10:00:35 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/21 10:00:17 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/11/21 10:00:09 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/09/23 22:22:54 | 000,941,784 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/21 02:47:32 | 004,022,272 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 21:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 21:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 21:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/25 18:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 20:40:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/03 20:40:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/01/26 18:17:52 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/29 19:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [1999/12/31 19:00:00 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [1999/12/31 19:00:00 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2014/05/09 09:51:08 | 000,051,912 | ---- | M] (Green search security) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingd.sys -- (internethelper_antiphishingd)
DRV - [2010/02/11 13:44:06 | 000,676,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/01/26 18:34:26 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/10/28 17:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {742255DC-73E8-4859-BFC9-8B299F3DFF63}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://vosteran.com/...ults.php?f=4&q={searchTerms}&a=vst_cmi_15_01_ff&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtAzztDzytDtCyE0FtB0EtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0Czy0D0FyBtAyDtGzyzzyB0AtGtA0C0B0FtG0FzyyEzztGyBtA0AzzzyyBtBtAtCtB0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0D0A0EyCzyyBtGyDzz0E0FtGyEyE0ByDtGzz0F0F0DtG0E0CtAtAtDzzyC0Ezzzz0D0A2Q&cr=384700468&ir=
IE:64bit: - HKLM\..\SearchScopes\{1F80BEF6-49F6-43D5-B221-99778CAD6094}: "URL" = http://www.ask.com/w...64bit:</strong> - HKLM\..\SearchScopes\{742255DC-73E8-4859-BFC9-8B299F3DFF63}: "URL" = http://www.bing.com/...rchBox<br /> IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.c...sp-006<br /> IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...Terms}<br /> IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...sp-006<br /> IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{1F80BEF6-49F6-43D5-B221-99778CAD6094}: "URL" = http://www.ask.com/w...=ushpl<br /> IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...C=AV01<br /> IE - HKLM\..\SearchScopes\{742255DC-73E8-4859-BFC9-8B299F3DFF63}: "URL" = http://www.bing.com/...rchBox<br /> IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...Terms}<br /> IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.c...chTerms}<br />
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.c...sp-006<br /> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...Terms}<br /> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 C4 FB 6A 9E 36 D0 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://vosteran.com/...68&ir=<br /> IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...C=AV01<br /> IE - HKCU\..\SearchScopes\{742255DC-73E8-4859-BFC9-8B299F3DFF63}: "URL" = http://www.bing.com/...rchBox<br /> IE - HKCU\..\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}: "URL" = https://www.google.c...Terms}<br /> IE - HKCU\..\SearchScopes\{86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E}: "URL" = http://us.yhs4.searc...Terms}<br /> IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...Terms}<br /> IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.c...Terms}<br /> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Vosteran"
FF - prefs.js..browser.startup.homepage: "http://vosteran.com/?f=1&a=vst_cmi_15_01_ff&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtAzztDzytDtCyE0FtB0EtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0Czy0D0FyBtAyDtGzyzzyB0AtGtA0C0B0FtG0FzyyEzztGyBtA0AzzzyyBtBtAtCtB0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0D0A0EyCzyyBtGyDzz0E0FtGyEyE0ByDtGzz0F0F0DtG0E0CtAtAtDzzyC0Ezzzz0D0A2Q&cr=384700468&ir="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@ei.MyWebFace_5a.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/07/06 15:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/26 18:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/07/06 15:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015/01/22 12:45:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/26 18:32:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/23 09:40:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/02 12:23:12 | 000,000,000 | ---D | M]

[2015/01/04 12:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions
[2010/02/01 06:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/01/04 02:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\extensions
[2015/01/02 14:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\extensions\staged
[2014/12/04 17:12:54 | 000,042,073 | ---- | M] () (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\extensions\[email protected]
[2015/01/02 14:11:33 | 000,001,223 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\searchplugins\Vosteran.xml
[2015/01/23 09:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/14 13:01:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/12/14 13:01:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/12/14 13:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/14 13:01:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {2299856A-6506-42E3-A34F-CD35A47C1B19} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2299856A-6506-42E3-A34F-CD35A47C1B19} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Boost] C:\Program Files (x86)\Boost\Boost.exe (Boost Shopping)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e344e34-170e-11df-8b89-00262db3de5a}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/23 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\Nora\Desktop\Speclean
[2015/01/23 14:40:52 | 000,000,000 | ---D | C] -- C:\Users\Nora\Desktop\rkill
[2015/01/22 12:45:22 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/01/19 18:33:40 | 000,000,000 | ---D | C] -- C:\inetpub
[2015/01/15 14:19:47 | 000,000,000 | R--D | C] -- C:\Users\Nora\Music
[2015/01/12 14:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/11 18:48:53 | 000,000,000 | ---D | C] -- C:\WebGuard
[2015/01/04 16:09:50 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\Deployment
[2015/01/04 02:37:20 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\Boost
[2015/01/04 02:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boost
[2015/01/04 02:12:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2015/01/03 19:17:38 | 000,941,784 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2015/01/03 14:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2015/01/02 13:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\internethelper_antiphishing
[2015/01/02 13:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2015/01/02 13:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WebGuard
[2014/12/31 17:09:00 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Roaming\com.adobe.mauby
[2014/12/31 17:06:26 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\StormFall
[2014/12/31 11:44:22 | 000,000,000 | -HSD | C] -- C:\Users\Nora\AppData\Local\EmieBrowserModeList
[2014/12/31 11:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ver0BlockAndSurf
[2014/12/31 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Roaming\VooUpdate
[2014/12/31 11:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[2014/12/31 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\gmsd_us_54
[2014/12/31 11:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gmsd_us_54
[2014/12/31 11:17:04 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\WorldofTanks
[2014/12/31 11:16:41 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Local\Sparta
[2014/12/31 10:48:49 | 000,000,000 | ---D | C] -- C:\Users\Nora\AppData\Roaming\CompuClever
[2014/12/31 10:45:30 | 000,358,736 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2014/12/31 10:45:26 | 000,312,424 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll

========== Files - Modified Within 30 Days ==========

[2015/01/23 15:12:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2015/01/23 15:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/23 15:11:59 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/23 14:42:14 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 14:42:14 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 14:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/23 14:16:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/23 10:15:00 | 000,000,000 | -H-- | M] () -- C:\Users\Nora\Documents\Default.rdp
[2015/01/23 09:40:29 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/01/22 23:02:36 | 002,359,296 | ---- | M] () -- C:\Users\Nora\.ghost-ntfs-3g-00000000000000000009
[2015/01/22 12:56:53 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk
[2015/01/22 12:47:54 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2015/01/19 18:39:16 | 000,000,632 | RHS- | M] () -- C:\Users\Nora\ntuser.pol
[2015/01/19 18:34:20 | 000,667,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/19 18:34:20 | 000,124,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/04 16:10:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/31 14:28:53 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/31 12:21:08 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Voo Update.job
[2014/12/31 12:21:08 | 000,000,045 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\WB.CFG
[2014/12/31 10:45:50 | 000,004,688 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/31 10:45:50 | 000,002,520 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/31 10:45:50 | 000,002,520 | ---- | M] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/30 15:46:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNora.job
[2014/12/26 13:55:51 | 000,002,016 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2015/01/23 10:15:00 | 000,000,000 | -H-- | C] () -- C:\Users\Nora\Documents\Default.rdp
[2015/01/23 09:40:29 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/01/23 09:40:29 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/01/22 15:27:24 | 002,359,296 | ---- | C] () -- C:\Users\Nora\.ghost-ntfs-3g-00000000000000000009
[2014/12/31 12:21:08 | 000,000,045 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\WB.CFG
[2014/12/31 11:21:07 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Voo Update.job
[2014/12/31 10:45:50 | 000,004,688 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/31 10:45:50 | 000,002,520 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/31 10:45:50 | 000,002,520 | ---- | C] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/11/25 11:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2014/11/25 11:52:23 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll
[2014/02/25 20:08:49 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 18:30:18 | 000,000,000 | ---- | C] () -- C:\Users\Nora\AppData\Local\{EE4DDEA8-849B-40BA-ADC6-84C2146798CF}
[2011/01/27 10:15:11 | 000,001,854 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\GhostObjGAFix.xml
[2010/08/28 17:49:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/03 13:44:04 | 000,000,632 | RHS- | C] () -- C:\Users\Nora\ntuser.pol
[2010/02/06 12:08:07 | 000,002,016 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\wklnhst.dat
[2010/01/26 19:01:06 | 000,007,614 | ---- | C] () -- C:\Users\Nora\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/26 08:27:04 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\AVAST Software
[2014/12/31 17:09:00 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\com.adobe.mauby
[2010/05/25 08:50:54 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/12/31 10:48:49 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\CompuClever
[2014/03/31 12:10:28 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Dropbox
[2014/03/31 12:10:27 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\DropboxMaster
[2014/06/01 11:11:15 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\gnupg
[2010/02/10 17:09:36 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\LimeWire
[2014/04/25 10:43:41 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Nico Mak Computing
[2013/09/22 09:31:53 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Sammsoft
[2012/09/05 09:56:17 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\suddenlinktoolbar
[2012/09/05 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\suddenlinktoolbartb
[2010/02/06 12:08:09 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Template
[2010/01/26 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Tific
[2014/12/31 11:21:06 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\VooUpdate
[2014/01/20 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\WildTangent
[2011/03/19 11:41:59 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I can see a part of the problem but I will need to use a different tool to remove that

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the FRST.txt log:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Nora (administrator) on NORA-PC on 23-01-2015 16:40:24
Running from C:\Users\Nora\Downloads
Loaded Profiles: Nora (Available profiles: Nora)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] =&gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-22] (AVAST Software)
HKLM-x32\...\Run: [WirelessAssistant] =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] =&gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] =&gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Run: [Boost] =&gt; C:\Program Files (x86)\Boost\Boost.exe [406232 2014-11-18] (Boost Shopping)
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Bar = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?... URLSearchHook: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -&gt; DefaultScope {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKLM -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -&gt; DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKLM-x32 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM-x32 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKLM-x32 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...Terms}<br> BHO: No Name -&gt; {2299856A-6506-42E3-A34F-CD35A47C1B19} -&gt; No File
BHO: avast! Online Security -&gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -&gt; C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -&gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&gt; C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -&gt; {02478D38-C3F9-4efb-9B51-7695ECA05670} -&gt; No File
BHO-x32: No Name -&gt; {2299856A-6506-42E3-A34F-CD35A47C1B19} -&gt; No File
BHO-x32: Symantec NCO BHO -&gt; {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -&gt; {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -&gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -&gt; C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -&gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -&gt; C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -&gt; {D4027C7F-154A-4066-A1AD-4243D8127440} -&gt; No File
BHO-x32: Java™ Plug-In 2 SSV Helper -&gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&gt; C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\rnwp8442.default
FF Plugin: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -&gt; C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -&gt; C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -&gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -&gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -&gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -&gt; C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -&gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-04]
FF HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: Default -&gt; bing.com
CHR DefaultSearchURL: Default -&gt; https://www.bing.com...hTerms}<br> CHR DefaultNewTabURL: Default -&gt; https://www.bing.com...t=en-US<br> CHR DefaultSuggestURL: Default -&gt; http://api.bing.com/...nguage}<br> CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]
CHR Extension: (Google Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]
CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]
CHR Extension: (Avast SafePrice) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-04]
CHR Extension: (Google Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]
CHR HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [104416 2014-11-21] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1caa7387dcd1374; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
S2 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] () [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security)
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [126392 2010-02-25] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [676912 2010-02-11] (Symantec Corporation)
S1 ccHP; C:\Windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys [615040 2010-02-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-26] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S3 internethelper_antiphishingd; C:\ProgramData\Internet Helper Anti-phishing\internethelper_antiphishingd.sys [51912 2014-05-09] (Green search security)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1106000.020\SRTSP64.SYS [505392 2010-02-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1106000.020\SRTSPX64.SYS [32304 2010-02-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1106000.020\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1106000.020\SYMEFA64.SYS [221232 2010-02-03] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-01-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS [149552 2010-02-26] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1106000.020\SYMTDIV.SYS [451120 2010-02-03] (Symantec Corporation)
U4 eabfiltr; No ImagePath
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\EX64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 16:40 - 2015-01-23 16:40 - 00023332 _____ () C:\Users\Nora\Downloads\FRST.txt
2015-01-23 16:39 - 2015-01-23 16:40 - 00000000 ____D () C:\FRST
2015-01-23 16:39 - 2015-01-23 16:39 - 02126848 _____ (Farbar) C:\Users\Nora\Downloads\FRST64.exe
2015-01-23 16:24 - 2015-01-23 16:24 - 00062664 _____ () C:\Users\Nora\Downloads\Extras.Txt
2015-01-23 16:22 - 2015-01-23 16:22 - 00094652 _____ () C:\Users\Nora\Downloads\OTL.Txt
2015-01-23 16:10 - 2015-01-23 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Nora\Downloads\OTL.exe
2015-01-23 15:53 - 2015-01-23 15:53 - 00000000 ____D () C:\Users\Nora\Desktop\Speclean
2015-01-23 15:36 - 2015-01-23 15:36 - 01761992 _____ (ESET) C:\Users\Nora\Downloads\eset_nod32_antivirus_live_installer.exe
2015-01-23 14:40 - 2015-01-23 14:42 - 00002636 _____ () C:\Users\Nora\Desktop\Rkill.txt
2015-01-23 14:40 - 2015-01-23 14:40 - 00000000 ____D () C:\Users\Nora\Desktop\rkill
2015-01-23 10:15 - 2015-01-23 10:15 - 00000000 ____H () C:\Users\Nora\Documents\Default.rdp
2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}
2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985}
2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}
2015-01-23 09:40 - 2015-01-23 09:40 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-23 09:40 - 2015-01-23 09:40 - 00001094 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 09:15 - 2015-01-23 09:34 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{07ECFF7E-6435-4F78-8371-F2FE9A20F981}
2015-01-22 20:34 - 2015-01-22 20:34 - 00804568 _____ (Download Helper) C:\Users\Nora\Downloads\ChromeSetup (1).exe
2015-01-22 15:27 - 2015-01-22 23:02 - 91750400 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-01-22 15:27 - 2015-01-22 23:02 - 16777216 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2015-01-22 15:27 - 2015-01-22 23:02 - 02359296 _____ () C:\Users\Nora\.ghost-ntfs-3g-00000000000000000009
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D}
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98}
2015-01-22 12:45 - 2014-11-21 10:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 16:40 - 2015-01-21 16:40 - 00002980 _____ () C:\Windows\System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5}
2015-01-20 07:30 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-20 07:30 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-20 07:30 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-20 07:30 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-20 07:30 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-20 07:30 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-19 18:34 - 2015-01-20 10:01 - 00022619 _____ () C:\Windows\iis7.log
2015-01-19 18:33 - 2015-01-19 18:33 - 00000000 ____D () C:\inetpub
2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}
2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp
2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp
2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A}
2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289}
2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}
2015-01-14 21:02 - 2014-04-29 11:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-14 21:02 - 2014-04-29 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-14 21:02 - 2014-04-29 09:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-14 21:02 - 2014-04-29 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-14 11:02 - 2015-01-14 11:02 - 02167615 _____ () C:\Users\Nora\Downloads\Unconfirmed 849476.crdownload
2015-01-13 15:09 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:09 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:09 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:09 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 14:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:15 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:15 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 14:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 14:32 - 2015-01-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E}
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard
2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html
2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}
2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D}
2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log
2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}
2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}
2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3}
2015-01-09 13:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-09 13:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29}
2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA}
2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE
2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}
2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD}
2015-01-04 16:09 - 2015-01-04 16:10 - 00000000 ____D () C:\Users\Nora\AppData\Local\Deployment
2015-01-04 02:41 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-04 02:41 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-04 02:41 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-04 02:41 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-04 02:41 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-04 02:40 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-04 02:40 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-04 02:37 - 2015-01-04 14:32 - 00000000 ____D () C:\Program Files (x86)\Boost
2015-01-04 02:37 - 2015-01-04 02:37 - 00000000 ____D () C:\Users\Nora\AppData\Local\Boost
2015-01-04 02:12 - 2015-01-04 02:12 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-03 19:17 - 2014-09-23 22:22 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-03 19:17 - 2014-09-23 22:22 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C}
2015-01-03 14:38 - 2015-01-15 14:38 - 00000000 ____D () C:\ProgramData\Browser
2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm
2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files
2015-01-02 13:39 - 2015-01-23 15:08 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard
2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe
2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe
2014-12-31 17:09 - 2014-12-31 17:09 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\com.adobe.mauby
2014-12-31 17:06 - 2014-12-31 17:06 - 00000000 ____D () C:\Users\Nora\AppData\Local\StormFall
2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe
2014-12-31 12:21 - 2014-12-31 12:21 - 00000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList
2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job
2014-12-31 11:21 - 2014-12-31 11:21 - 00003224 _____ () C:\Windows\System32\Tasks\Voo Update
2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\VooUpdate
2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Program Files (x86)\ver0BlockAndSurf
2014-12-31 11:20 - 2015-01-05 13:33 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_54
2014-12-31 11:20 - 2015-01-04 19:12 - 00000000 ____D () C:\Users\Nora\AppData\Local\gmsd_us_54
2014-12-31 11:17 - 2014-12-31 11:17 - 00000000 ____D () C:\Users\Nora\AppData\Local\WorldofTanks
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ____D () C:\Users\Nora\AppData\Local\Sparta
2014-12-31 10:48 - 2014-12-31 10:48 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\CompuClever
2014-12-31 10:45 - 2014-12-31 10:45 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-31 10:45 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-25 10:51 - 2014-12-25 10:51 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 15:12 - 2012-09-13 21:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-23 15:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 15:09 - 2009-07-13 23:51 - 00254665 _____ () C:\Windows\setupact.log
2015-01-23 15:08 - 2009-12-17 13:29 - 01959350 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 14:42 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 14:42 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 14:39 - 2013-02-24 18:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 14:34 - 2012-07-06 06:55 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 14:16 - 2010-02-06 09:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 09:40 - 2014-12-14 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 02:05 - 2010-01-26 18:11 - 00000000 ____D () C:\Users\Nora
2015-01-23 01:37 - 2010-02-11 00:23 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-22 23:04 - 2014-06-01 10:59 - 00000000 ____D () C:\Windows\jumpshot.com
2015-01-22 22:20 - 2010-07-28 19:58 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-01-22 22:04 - 2009-07-14 00:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 20:13 - 2010-02-06 09:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 18:03 - 2014-06-01 11:11 - 00000000 __SHD () C:\Jumpshot
2015-01-22 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 16:42 - 2012-09-30 13:24 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-22 15:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-01-22 15:29 - 2010-01-27 02:04 - 00264204 _____ () C:\Windows\PFRO.log
2015-01-22 12:56 - 2014-11-21 10:02 - 00002187 ____C () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-22 12:51 - 2012-05-12 11:08 - 00000000 ____D () C:\avast! sandbox
2015-01-22 12:47 - 2014-11-21 10:02 - 00002001 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-01-20 09:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-19 18:39 - 2010-04-03 13:44 - 00000632 __RSH () C:\Users\Nora\ntuser.pol
2015-01-18 14:59 - 2013-03-29 22:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 11:53 - 2013-01-10 12:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-16 18:35 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-15 18:58 - 2014-07-28 08:18 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-01-15 14:45 - 2013-03-13 13:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-15 14:45 - 2010-06-04 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-15 14:45 - 2009-11-01 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-14 21:02 - 2013-08-15 18:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:56 - 2010-01-27 15:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 16:32 - 2010-01-26 18:31 - 00005427 _____ () C:\ProgramData\hpzinstall.log
2015-01-11 20:29 - 2009-11-01 03:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-06 04:36 - 2010-05-05 08:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 16:10 - 2010-02-06 09:39 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 16:10 - 2010-02-06 09:39 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 16:10 - 2010-02-06 09:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 16:09 - 2014-05-07 18:53 - 00000000 ____D () C:\Users\Nora\AppData\Local\Apps\2.0
2015-01-04 12:37 - 2014-11-21 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-04 10:54 - 2010-05-27 22:13 - 00000000 ___DC () C:\Users\Nora\AppData\Local\MigWiz
2015-01-04 01:58 - 2010-01-26 18:18 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\Adobe
2015-01-03 19:17 - 2009-11-01 01:24 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-03 19:14 - 2009-09-06 19:40 - 00000000 ____D () C:\SwSetup
2015-01-02 13:43 - 2010-05-05 15:18 - 00000000 ____D () C:\Users\Nora\AppData\Local\CrashDumps
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-31 14:28 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 15:46 - 2011-07-08 16:32 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNora
2014-12-30 15:46 - 2011-07-08 16:32 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNora.job
2014-12-26 13:55 - 2010-02-06 12:08 - 00002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======
2011-01-27 10:15 - 2011-06-17 10:17 - 0001854 _____ () C:\Users\Nora\AppData\Roaming\GhostObjGAFix.xml
2014-12-31 12:21 - 2014-12-31 12:21 - 0000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2010-02-06 12:08 - 2014-12-26 13:55 - 0002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\AtStart.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\DSwitch.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\QSwitch.txt
2010-01-26 19:01 - 2014-10-12 09:35 - 0007614 _____ () C:\Users\Nora\AppData\Local\Resmon.ResmonCfg
2011-06-04 18:30 - 2011-06-04 18:30 - 0000000 _____ () C:\Users\Nora\AppData\Local\{EE4DDEA8-849B-40BA-ADC6-84C2146798CF}
2010-08-28 17:49 - 2010-08-28 17:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-26 18:16 - 2015-01-23 14:34 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2010-01-26 18:31 - 2015-01-13 16:32 - 0005427 _____ () C:\ProgramData\hpzinstall.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital &amp; volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe =&gt; File is digitally signed
C:\Windows\System32\wininit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe =&gt; File is digitally signed
C:\Windows\explorer.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe =&gt; File is digitally signed
C:\Windows\System32\svchost.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe =&gt; File is digitally signed
C:\Windows\System32\services.exe =&gt; File is digitally signed
C:\Windows\System32\User32.dll =&gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll =&gt; File is digitally signed
C:\Windows\System32\userinit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe =&gt; File is digitally signed
C:\Windows\System32\rpcss.dll =&gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys =&gt; File is digitally signed


LastRegBack: 2015-01-14 13:31

==================== End Of Log ============================

Edited by CaptFeathers, 23 January 2015 - 03:44 PM.

  • 0

#4
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the Addition log:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Nora at 2015-01-23 16:41:11
Running from C:\Users\Nora\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9EFC40E3-5F31-4F75-8445-286273F74D8E}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARO 2011 (HKLM-x32\...\ARO 2011_is1) (Version: 7.0 - Support.com)
ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.51 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Facebook Plug-In (HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Facebook Plug-In) (Version: - Facebook, Inc.)
GamesDesktop 025.54 (HKLM-x32\...\gmsd_us_54_is1) (Version: - GAMESDESKTOP) &lt;==== ATTENTION
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hawkes Update Service Manager (HKLM-x32\...\Hawkes Update Service Manager) (Version: 1.0.0 - Hawkes Learning Systems)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center &amp; Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 2.0.1.1 - Internet Helper (Powered by Panda Security))
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{39107B20-EA1C-4974-881C-607300BB3C99}) (Version: 2.6.0.29 - Apple Inc.)
Mozilla Firefox 8.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 8.0 (x86 en-US)) (Version: 8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 17.6.0.32 - Symantec Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0300}) (Version: 12.3.0.859 - APN, LLC)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0A00}) (Version: 12.10.0.3221 - APN, LLC)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5280 - APN, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Suddenlink Toolbar (HKLM-x32\...\suddenlinktoolbar) (Version: - Suddenlink Communications)
Support.com Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) &lt;==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -&gt; C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-01-2015 11:49:11 Restore Operation
19-01-2015 18:31:44 Windows Modules Installer
19-01-2015 19:07:02 ARO 2011 Mon, Jan 19, 15 19:06
19-01-2015 19:18:37 ARO 2011 Mon, Jan 19, 15 19:18
19-01-2015 19:19:07 ARO 2011 Mon, Jan 19, 15 19:19
20-01-2015 07:30:29 Windows Update
20-01-2015 10:00:12 Windows Update
20-01-2015 17:10:13 Restore Operation
20-01-2015 17:44:00 Removed Google Earth Plug-in.
21-01-2015 17:10:28 Restore Operation
21-01-2015 17:48:53 ARO 2011 Wed, Jan 21, 15 17:48
21-01-2015 17:50:15 ARO 2011 Wed, Jan 21, 15 17:50
21-01-2015 19:10:15 ARO 2011 Wed, Jan 21, 15 19:10
22-01-2015 12:43:35 avast! antivirus system restore point
22-01-2015 12:47:25 Device Driver Package Install: Avast Network Service
22-01-2015 16:56:44 Restore Operation
22-01-2015 18:33:16 ARO 2011 Thu, Jan 22, 15 18:33
22-01-2015 21:03:02 Restore Operation
22-01-2015 22:07:52 ARO 2011- Before One Click
22-01-2015 22:25:45 ARO 2011 Thu, Jan 22, 15 22:25
22-01-2015 22:26:40 ARO 2011 Thu, Jan 22, 15 22:26

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D3157B-E629-49C4-980B-043E06AC4241} - System32\Tasks\{CFB0932A-B25A-4025-8611-C88D2EBA1739} =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {0C32D74B-6BC5-41B2-8B5E-7752218138DC} - System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} =&gt; Firefox.exe
Task: {0CE266A1-6753-4410-8308-3174BC943865} - System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} =&gt; Firefox.exe
Task: {0CF2ACB0-21A2-49CB-8F44-56CC48BA110D} - System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} =&gt; Chrome.exe
Task: {117A1FE6-CF6A-4150-A521-E9D332060487} - System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E} =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29] (Hewlett-Packard)
Task: {12E00B55-0D43-4B4A-AB0B-3BA1478AF6F7} - System32\Tasks\HPCeeScheduleForNora =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {15A4C8C8-B948-4175-8BBC-8AB68A26B74F} - System32\Tasks\{1B28F8DC-A564-407F-93F5-337688E722C1} =&gt; C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {1B6058DE-3D8C-47DE-B6EF-2F6E8F266564} - System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} =&gt; Chrome.exe
Task: {1BFF48BF-3C65-43F9-A78E-60AE044B2A5B} - System32\Tasks\GoogleUpdateTaskMachineCore =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {212E1AA7-2BA4-43F2-9BA2-E21F7E103C64} - System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} =&gt; Firefox.exe
Task: {2E62B6EE-D013-4FAD-81C9-22DB8E34A64E} - System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} =&gt; Chrome.exe
Task: {30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 =&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {311AEFA0-F450-449B-8209-B22F29446AD3} - System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {348E3055-6456-48CF-934F-D9E99EC65A3A} - System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} =&gt; Chrome.exe
Task: {37273D47-1C3C-4F47-938A-B8E182AD8EFE} - System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} =&gt; Chrome.exe
Task: {391E164A-053E-4DB5-9270-38CA5344D9E8} - System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {3F36AC41-E031-4CE2-8A24-B87FA6650E4D} - System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} =&gt; Chrome.exe
Task: {421774C5-3C2E-47CB-A692-412DB13458D8} - System32\Tasks\GoogleUpdateTaskMachineUA =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {42F825BF-2DD4-4FB3-BBAA-B407720DEE7E} - System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} =&gt; Chrome.exe
Task: {44A4146E-390F-428F-8E0D-6CED24DA281E} - System32\Tasks\ARO 2011 =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {4EF6C105-3AF4-423B-8F9E-F531B41E1EA2} - System32\Tasks\{94665F5F-F84D-4668-9C3D-574FD9E217B0} =&gt; C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {53CEC116-048F-4E74-B4C1-7E6BC5DE00B6} - System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} =&gt; Chrome.exe
Task: {55B23DA9-7846-40C8-8178-C80AFA77B71B} - System32\Tasks\{E1DCCEB2-550E-4EC4-9AA7-DABD97D88A37} =&gt; C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {58932495-C9B4-456B-9C5A-D1581D8F51B0} - System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} =&gt; pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {5F9A9550-5E4E-4101-AD0B-9765963B4F0A} - System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} =&gt; Firefox.exe
Task: {62628C81-322B-48E6-9C92-70BB6143EB48} - System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {65F014BF-117F-490C-A5B4-A9BA6BC5417A} - System32\Tasks\{AD220CE8-9A7E-4CA3-8FA6-93D1B0F4BA7D} =&gt; C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {68109C6A-F1A9-429D-9C93-0365F5F11059} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade =&gt; C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {68E37F23-3EAD-4600-86B0-7A4068681C5A} - System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} =&gt; Chrome.exe
Task: {6D83D45C-7F41-46EB-A876-8FFD883EFF30} - System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} =&gt; Chrome.exe
Task: {6E9A1C87-53BD-42C3-B3D2-E6B263EF871D} - System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} =&gt; Firefox.exe
Task: {70440AE7-9ECB-44B3-92FE-87C1DD9308BA} - System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {7B6730DD-C895-4FB4-AB35-658A911EC171} - System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} =&gt; Firefox.exe
Task: {7C878211-EBBB-4BAD-9328-0125122874B0} - System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} =&gt; Chrome.exe
Task: {7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36} - System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {7D46CB65-C39B-40FC-94A5-B2E0AE998A20} - System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 =&gt; Firefox.exe
Task: {7DCE117F-34B2-41F4-A4B5-E281E627D42B} - System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} =&gt; Firefox.exe
Task: {8326BACA-18FA-40EE-80A7-9AD5D2495919} - System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} =&gt; Firefox.exe
Task: {85414E55-F451-4F20-9293-0C0600E920AD} - System32\Tasks\avast! Emergency Update =&gt; C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {8ADBAD1F-8099-4787-B74F-82B2BE70AE6E} - System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} =&gt; Firefox.exe
Task: {9070E9D0-457A-4C01-AB71-286B6571F703} - System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {93B988FC-D71A-4900-A0E5-F81460BA1A0C} - System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} =&gt; Firefox.exe
Task: {95F7B2BD-5928-44C0-843F-86A9F5B732E8} - System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {98DED753-9C5F-41E1-AD1B-5676FB876F72} - System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} =&gt; Firefox.exe
Task: {A2693FB0-B40A-4865-82A8-80FB208E5EC8} - System32\Tasks\Voo Update =&gt; C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE &lt;==== ATTENTION
Task: {AA652F5F-CD59-4C3B-BC9C-E02427CBDD17} - System32\Tasks\{E64FC190-389E-4FD1-8F0D-449DEC000F1D} =&gt; Firefox.exe
Task: {B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2} - System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {B5B26CD4-96AE-4A68-AA04-6699893ABB18} - System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} =&gt; Chrome.exe
Task: {BD4D13DC-E390-493B-90D9-8B7089EF2845} - System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} =&gt; Firefox.exe
Task: {C135C496-DF68-40E0-B67C-878BD8BF2769} - System32\Tasks\LaunchApp =&gt; C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe &lt;==== ATTENTION
Task: {D1F8E589-DF3D-47AB-A057-9C8D7318AB42} - System32\Tasks\Adobe Flash Player Updater =&gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {D484B062-16AD-468E-A46E-2427773EDC8E} - System32\Tasks\{4C692D40-8403-4910-A293-DDF8BF62DF47} =&gt; Firefox.exe
Task: {D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD} - System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} =&gt; Firefox.exe
Task: {D90D12E8-83F3-4712-8B3F-494101135373} - System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {D94AD8FB-435C-4203-B42D-DBEB782153E9} - System32\Tasks\Adobe Acrobat Update Task =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA0E4271-29CA-49C9-9CF5-C149B999D199} - System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {DA543196-8FD4-4AE9-A087-F010CBAD93B5} - System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {DC84F3C8-A22A-4A1A-812B-06D0861FD5B6} - System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} =&gt; Chrome.exe
Task: {DF94DC17-57E1-4BA2-B51A-C93A0FC617BE} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 =&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {E04042A5-0FE1-495F-B08F-CC5B95D277DE} - System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} =&gt; Firefox.exe
Task: {E55BC515-6EBC-4D1A-922A-42D0D98157EB} - System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} =&gt; Firefox.exe
Task: {E69C7172-B9E9-46FF-B812-40B47695252C} - System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {F09319E1-EB0B-4864-B872-1D96D750D118} - System32\Tasks\Apple\AppleSoftwareUpdate =&gt; C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD} - System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} =&gt; Firefox.exe
Task: {F30C72E3-A4CE-4AAB-BE14-E69989855411} - System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} =&gt; Firefox.exe
Task: {F6ECC49B-D038-40B2-88B4-031B4677F8E2} - System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} =&gt; Chrome.exe
Task: {F994897F-240D-44C9-A9D3-F93A7686EF49} - System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} =&gt; Firefox.exe
Task: {FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6} - System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} =&gt; Firefox.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =&gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ARO 2011.job =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNora.job =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Voo Update.job =&gt; C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE &lt;==== ATTENTION

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Nora\Downloads\document.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option =&gt; "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk =&gt; C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM =&gt; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon =&gt; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater =&gt; "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier =&gt; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon =&gt; "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper =&gt; "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QlbCtrl.exe =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task =&gt; "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-533477281-2566771568-2164580434-500 - Administrator - Disabled)
Guest (S-1-5-21-533477281-2566771568-2164580434-501 - Limited - Disabled)
Nora (S-1-5-21-533477281-2566771568-2164580434-1001 - Administrator - Enabled) =&gt; C:\Users\Nora

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Vista Network Dispatch Driver
Description: Symantec Vista Network Dispatch Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SYMTDIv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 10:43:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 10:22:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 10:21:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 09:08:41 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/22/2015 05:29:28 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/22/2015 05:02:54 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Device Driver Package Install: Avast Network Service).

Error: (01/21/2015 05:46:52 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Removed Microsoft Silverlight).

Error: (01/21/2015 05:19:10 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/20/2015 05:15:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (avast! antivirus system restore point). Additional information: 0x80070002.

Error: (01/20/2015 04:37:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (01/23/2015 03:53:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (01/23/2015 03:13:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/23/2015 03:13:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/23/2015 03:12:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/23/2015 03:12:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 21

Error: (01/23/2015 03:12:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/23/2015 03:12:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
BHDrvx64
ccHP
discache
eeCtrl
IDSVia64
spldr
SRTSPX
SymIRON
SYMTDIv
Wanarpv6

Error: (01/23/2015 03:10:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
SymIRON

Error: (01/23/2015 03:10:08 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (01/23/2015 03:09:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bonjour Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 3003.19 MB
Available physical RAM: 2029.56 MB
Total Pagefile: 6004.57 MB
Available Pagefile: 5217.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.51 GB) (Free:189.06 GB) NTFS ==&gt;[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.39 GB) (Free:1.76 GB) NTFS ==&gt;[System with boot components (obtained from reading drive)]

==================== MBR &amp; Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0393754D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by CaptFeathers, 23 January 2015 - 03:44 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm looks a bit of a mess. Once you have run these fixes could I have a fresh FRST scan please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Bar = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?... URLSearchHook: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKLM -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...Terms}<br> BHO: No Name -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security)
2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}
2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985}
2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D}
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98}
2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}
2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp
2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp
2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A}
2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289}
2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}
2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E}
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard
2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html
2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}
2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D}
2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log
2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}
2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}
2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3}
2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29}
2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA}
2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE
2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}
2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD}
2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C}
2015-01-03 14:38 - 2015-01-15 14:38 - 00000000 ____D () C:\ProgramData\Browser
2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm
2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files
2015-01-02 13:39 - 2015-01-23 15:08 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard
2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe
2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe
2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe
2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList
2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job
2014-12-31 11:21 - 2014-12-31 11:21 - 00003224 _____ () C:\Windows\System32\Tasks\Voo Update
2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\VooUpdate
2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Program Files (x86)\ver0BlockAndSurf
2014-12-31 11:20 - 2015-01-05 13:33 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_54
2014-12-31 11:20 - 2015-01-04 19:12 - 00000000 ____D () C:\Users\Nora\AppData\Local\gmsd_us_54
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Task: {0C32D74B-6BC5-41B2-8B5E-7752218138DC} - System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} => Firefox.exe
Task: {0CE266A1-6753-4410-8308-3174BC943865} - System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} => Firefox.exe
Task: {0CF2ACB0-21A2-49CB-8F44-56CC48BA110D} - System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} => Chrome.exe
Task: {1B6058DE-3D8C-47DE-B6EF-2F6E8F266564} - System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} => Chrome.exe
Task: {1BFF48BF-3C65-43F9-A78E-60AE044B2A5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {212E1AA7-2BA4-43F2-9BA2-E21F7E103C64} - System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} => Firefox.exe
Task: {2E62B6EE-D013-4FAD-81C9-22DB8E34A64E} - System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} => Chrome.exe
Task: {30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {311AEFA0-F450-449B-8209-B22F29446AD3} - System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {348E3055-6456-48CF-934F-D9E99EC65A3A} - System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} => Chrome.exe
Task: {37273D47-1C3C-4F47-938A-B8E182AD8EFE} - System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} => Chrome.exe
Task: {3F36AC41-E031-4CE2-8A24-B87FA6650E4D} - System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} => Chrome.exe
Task: {421774C5-3C2E-47CB-A692-412DB13458D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {42F825BF-2DD4-4FB3-BBAA-B407720DEE7E} - System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} => Chrome.exe
Task: {44A4146E-390F-428F-8E0D-6CED24DA281E} - System32\Tasks\ARO 2011 => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {53CEC116-048F-4E74-B4C1-7E6BC5DE00B6} - System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} => Chrome.exe
Task: {58932495-C9B4-456B-9C5A-D1581D8F51B0} - System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {5F9A9550-5E4E-4101-AD0B-9765963B4F0A} - System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} => Firefox.exe
Task: {68E37F23-3EAD-4600-86B0-7A4068681C5A} - System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} => Chrome.exe
Task: {6D83D45C-7F41-46EB-A876-8FFD883EFF30} - System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} => Chrome.exe
Task: {6E9A1C87-53BD-42C3-B3D2-E6B263EF871D} - System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} => Firefox.exe
Task: {7B6730DD-C895-4FB4-AB35-658A911EC171} - System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} => Firefox.exe
Task: {7C878211-EBBB-4BAD-9328-0125122874B0} - System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} => Chrome.exe
Task: {7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36} - System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {7D46CB65-C39B-40FC-94A5-B2E0AE998A20} - System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 => Firefox.exe
Task: {7DCE117F-34B2-41F4-A4B5-E281E627D42B} - System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} => Firefox.exe
Task: {8326BACA-18FA-40EE-80A7-9AD5D2495919} - System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} => Firefox.exe
Task: {85414E55-F451-4F20-9293-0C0600E920AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {8ADBAD1F-8099-4787-B74F-82B2BE70AE6E} - System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} => Firefox.exe
Task: {9070E9D0-457A-4C01-AB71-286B6571F703} - System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {93B988FC-D71A-4900-A0E5-F81460BA1A0C} - System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} => Firefox.exe
Task: {95F7B2BD-5928-44C0-843F-86A9F5B732E8} - System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {98DED753-9C5F-41E1-AD1B-5676FB876F72} - System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} => Firefox.exe
Task: {A2693FB0-B40A-4865-82A8-80FB208E5EC8} - System32\Tasks\Voo Update => C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {AA652F5F-CD59-4C3B-BC9C-E02427CBDD17} - System32\Tasks\{E64FC190-389E-4FD1-8F0D-449DEC000F1D} => Firefox.exe
Task: {B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2} - System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {B5B26CD4-96AE-4A68-AA04-6699893ABB18} - System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} => Chrome.exe
Task: {BD4D13DC-E390-493B-90D9-8B7089EF2845} - System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} => Firefox.exe
Task: {C135C496-DF68-40E0-B67C-878BD8BF2769} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {D484B062-16AD-468E-A46E-2427773EDC8E} - System32\Tasks\{4C692D40-8403-4910-A293-DDF8BF62DF47} => Firefox.exe
Task: {D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD} - System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} => Firefox.exe
Task: {D90D12E8-83F3-4712-8B3F-494101135373} - System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {D94AD8FB-435C-4203-B42D-DBEB782153E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA0E4271-29CA-49C9-9CF5-C149B999D199} - System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {DA543196-8FD4-4AE9-A087-F010CBAD93B5} - System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {DC84F3C8-A22A-4A1A-812B-06D0861FD5B6} - System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} => Chrome.exe
Task: {DF94DC17-57E1-4BA2-B51A-C93A0FC617BE} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {E04042A5-0FE1-495F-B08F-CC5B95D277DE} - System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} => Firefox.exe
Task: {E55BC515-6EBC-4D1A-922A-42D0D98157EB} - System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} => Firefox.exe
Task: {E69C7172-B9E9-46FF-B812-40B47695252C} - System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {F09319E1-EB0B-4864-B872-1D96D750D118} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD} - System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} => Firefox.exe
Task: {F30C72E3-A4CE-4AAB-BE14-E69989855411} - System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} => Firefox.exe
Task: {F6ECC49B-D038-40B2-88B4-031B4677F8E2} - System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} => Chrome.exe
Task: {F994897F-240D-44C9-A9D3-F93A7686EF49} - System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} => Firefox.exe
Task: {FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6} - System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} => Firefox.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ARO 2011.job => C:\Program Files (x86)\ARO 2011\ARO.exe
Task: C:\Windows\Tasks\Voo Update.job => C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Run a fresh FRST scan please
  • 0

#6
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Attached is the Fix Log... I will go ahead with the second step and post those logs when I'm done. Thank you for your help and patience, by the way!
  • 0

#7
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015 Ran by Nora at 2015-01-23 17:53:57 Run:3 Running from C:\Users\Nora\Downloads Loaded Profiles: Nora (Available profiles: Nora) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CreateRestorePoint: HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Bar = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?... URLSearchHook: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> DefaultScope {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKLM -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...> SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...Terms}
BHO: No Name -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> No File BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation) BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File S2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security) 2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} 2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} 2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} 2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} 2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} 2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} 2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp 2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp 2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A} 2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} 2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} 2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E} 2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard 2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html 2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} 2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} 2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log 2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} 2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} 2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} 2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} 2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} 2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29} 2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA} 2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE 2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} 2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} 2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} 2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} 2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} 2015-01-03 14:38 - 2015-01-15 14:38 - 00000000 ____D () C:\ProgramData\Browser 2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm 2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files 2015-01-02 13:39 - 2015-01-23 15:08 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing 2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing 2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard 2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe 2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe 2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe 2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList 2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job 2014-12-31 11:21 - 2014-12-31 11:21 - 00003224 _____ () C:\Windows\System32\Tasks\Voo Update 2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\VooUpdate 2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Program Files (x86)\ver0BlockAndSurf 2014-12-31 11:20 - 2015-01-05 13:33 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_54 2014-12-31 11:20 - 2015-01-04 19:12 - 00000000 ____D () C:\Users\Nora\AppData\Local\gmsd_us_54 2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Task: {0C32D74B-6BC5-41B2-8B5E-7752218138DC} - System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} => Firefox.exe Task: {0CE266A1-6753-4410-8308-3174BC943865} - System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} => Firefox.exe Task: {0CF2ACB0-21A2-49CB-8F44-56CC48BA110D} - System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} => Chrome.exe Task: {1B6058DE-3D8C-47DE-B6EF-2F6E8F266564} - System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} => Chrome.exe Task: {1BFF48BF-3C65-43F9-A78E-60AE044B2A5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {212E1AA7-2BA4-43F2-9BA2-E21F7E103C64} - System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} => Firefox.exe Task: {2E62B6EE-D013-4FAD-81C9-22DB8E34A64E} - System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} => Chrome.exe Task: {30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation) Task: {311AEFA0-F450-449B-8209-B22F29446AD3} - System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com) Task: {348E3055-6456-48CF-934F-D9E99EC65A3A} - System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} => Chrome.exe Task: {37273D47-1C3C-4F47-938A-B8E182AD8EFE} - System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} => Chrome.exe Task: {3F36AC41-E031-4CE2-8A24-B87FA6650E4D} - System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} => Chrome.exe Task: {421774C5-3C2E-47CB-A692-412DB13458D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {42F825BF-2DD4-4FB3-BBAA-B407720DEE7E} - System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} => Chrome.exe Task: {44A4146E-390F-428F-8E0D-6CED24DA281E} - System32\Tasks\ARO 2011 => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com) Task: {53CEC116-048F-4E74-B4C1-7E6BC5DE00B6} - System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} => Chrome.exe Task: {58932495-C9B4-456B-9C5A-D1581D8F51B0} - System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {5F9A9550-5E4E-4101-AD0B-9765963B4F0A} - System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} => Firefox.exe Task: {68E37F23-3EAD-4600-86B0-7A4068681C5A} - System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} => Chrome.exe Task: {6D83D45C-7F41-46EB-A876-8FFD883EFF30} - System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} => Chrome.exe Task: {6E9A1C87-53BD-42C3-B3D2-E6B263EF871D} - System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} => Firefox.exe Task: {7B6730DD-C895-4FB4-AB35-658A911EC171} - System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} => Firefox.exe Task: {7C878211-EBBB-4BAD-9328-0125122874B0} - System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} => Chrome.exe Task: {7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36} - System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com) Task: {7D46CB65-C39B-40FC-94A5-B2E0AE998A20} - System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 => Firefox.exe Task: {7DCE117F-34B2-41F4-A4B5-E281E627D42B} - System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} => Firefox.exe Task: {8326BACA-18FA-40EE-80A7-9AD5D2495919} - System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} => Firefox.exe Task: {85414E55-F451-4F20-9293-0C0600E920AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software) Task: {8ADBAD1F-8099-4787-B74F-82B2BE70AE6E} - System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} => Firefox.exe Task: {9070E9D0-457A-4C01-AB71-286B6571F703} - System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software) Task: {93B988FC-D71A-4900-A0E5-F81460BA1A0C} - System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} => Firefox.exe Task: {95F7B2BD-5928-44C0-843F-86A9F5B732E8} - System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software) Task: {98DED753-9C5F-41E1-AD1B-5676FB876F72} - System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} => Firefox.exe Task: {A2693FB0-B40A-4865-82A8-80FB208E5EC8} - System32\Tasks\Voo Update => C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {AA652F5F-CD59-4C3B-BC9C-E02427CBDD17} - System32\Tasks\{E64FC190-389E-4FD1-8F0D-449DEC000F1D} => Firefox.exe Task: {B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2} - System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com) Task: {B5B26CD4-96AE-4A68-AA04-6699893ABB18} - System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} => Chrome.exe Task: {BD4D13DC-E390-493B-90D9-8B7089EF2845} - System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} => Firefox.exe Task: {C135C496-DF68-40E0-B67C-878BD8BF2769} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION Task: {D484B062-16AD-468E-A46E-2427773EDC8E} - System32\Tasks\{4C692D40-8403-4910-A293-DDF8BF62DF47} => Firefox.exe Task: {D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD} - System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} => Firefox.exe Task: {D90D12E8-83F3-4712-8B3F-494101135373} - System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software) Task: {D94AD8FB-435C-4203-B42D-DBEB782153E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {DA0E4271-29CA-49C9-9CF5-C149B999D199} - System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software) Task: {DA543196-8FD4-4AE9-A087-F010CBAD93B5} - System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com) Task: {DC84F3C8-A22A-4A1A-812B-06D0861FD5B6} - System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} => Chrome.exe Task: {DF94DC17-57E1-4BA2-B51A-C93A0FC617BE} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation) Task: {E04042A5-0FE1-495F-B08F-CC5B95D277DE} - System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} => Firefox.exe Task: {E55BC515-6EBC-4D1A-922A-42D0D98157EB} - System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} => Firefox.exe Task: {E69C7172-B9E9-46FF-B812-40B47695252C} - System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software) Task: {F09319E1-EB0B-4864-B872-1D96D750D118} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD} - System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} => Firefox.exe Task: {F30C72E3-A4CE-4AAB-BE14-E69989855411} - System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} => Firefox.exe Task: {F6ECC49B-D038-40B2-88B4-031B4677F8E2} - System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} => Chrome.exe Task: {F994897F-240D-44C9-A9D3-F93A7686EF49} - System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} => Firefox.exe Task: {FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6} - System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} => Firefox.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ARO 2011.job => C:\Program Files (x86)\ARO 2011\ARO.exe Task: C:\Windows\Tasks\Voo Update.job => C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Error: Restore point can only be created in normal mode.
  • 0

#8
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the AdwCleaner log:


# AdwCleaner v4.108 - Report created 23/01/2015 at 18:14:48
# Updated 17/01/2015 by Xplode
# Database : 2015-01-23.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nora - NORA-PC
# Running from : C:\Users\Nora\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Boost
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\ver0BlockAndSurf
Folder Deleted : C:\Program Files (x86)\gmsd_us_54
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Nora\AppData\Local\Boost
Folder Deleted : C:\Users\Nora\AppData\Local\PackageAware
Folder Deleted : C:\Users\Nora\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nora\AppData\Local\gmsd_us_54
Folder Deleted : C:\Users\Nora\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Nora\AppData\Roaming\VooUpdate
[!] Folder Deleted : C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\Extensions\[email protected]
Folder Deleted : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\Extensions\[email protected]
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\user.js
File Deleted : C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\nlqk1f83.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchApp
Task Deleted : Voo Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Boost]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F80BEF6-49F6-43D5-B221-99778CAD6094}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F80BEF6-49F6-43D5-B221-99778CAD6094}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_54_is1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v8.0 (en-US)

[nlqk1f83.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[nlqk1f83.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://vosteran.com/?f=1&amp;a=vst_cmi_15_01_ff&amp;cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtAzztDzytDtCyE0FtB0EtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN[...]

-\\ Google Chrome v

[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&amp;tb=X-SD&amp;o=13959&amp;src=kw&amp;q={searchTerms}&amp;locale=en_US&amp;apn_ptnrs=SV&amp;apn_dtid=YYYYYYYYUS&amp;apn_uid=29908a59-f12d-4580-8349-abafaceec5c0&amp;apn_sauid=5A01C1FA-034D-4DFD-A390-13DA039FEE7C
[C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&amp;tb=X-SD&amp;o=13959&amp;src=kw&amp;q={searchTerms}&amp;locale=en_US&amp;apn_ptnrs=SV&amp;apn_dtid=YYYYYYYYUS&amp;apn_uid=29908a59-f12d-4580-8349-abafaceec5c0&amp;apn_sauid=5A01C1FA-034D-4DFD-A390-13DA039FEE7C

*************************

AdwCleaner[R0].txt - [15131 octets] - [23/01/2015 18:12:59]
AdwCleaner[S0].txt - [14567 octets] - [23/01/2015 18:14:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14628 octets] ##########

Edited by CaptFeathers, 23 January 2015 - 05:27 PM.

  • 0

#9
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Fresh FRST scan:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Nora (administrator) on NORA-PC on 23-01-2015 18:20:50
Running from C:\Users\Nora\Downloads
Loaded Profiles: Nora (Available profiles: Nora)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
(Hawkes Learning Systems ) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Green search security) C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] =&gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-22] (AVAST Software)
HKLM-x32\...\Run: [WirelessAssistant] =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] =&gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] =&gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -&gt; {472083B0-C522-11CF-8763-00608CC02F24} =&gt; C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Bar = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...> SearchScopes: HKLM -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKLM-x32 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...> SearchScopes: HKLM-x32 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...> SearchScopes: HKU\.DEFAULT -&gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -&gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -&gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...> SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...Terms}<br> BHO: avast! Online Security -&gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -&gt; C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -&gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&gt; C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Symantec NCO BHO -&gt; {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -&gt; {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -&gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -&gt; C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -&gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -&gt; C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -&gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&gt; C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\rnwp8442.default
FF Plugin: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -&gt; C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -&gt; C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -&gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -&gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -&gt; disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -&gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -&gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -&gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -&gt; C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -&gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-04]
FF HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: Default -&gt; bing.com
CHR DefaultSearchURL: Default -&gt; https://www.bing.com...hTerms}<br> CHR DefaultNewTabURL: Default -&gt; https://www.bing.com...t=en-US<br> CHR DefaultSuggestURL: Default -&gt; http://api.bing.com/...nguage}<br> CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]
CHR Extension: (Google Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]
CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]
CHR Extension: (Google Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]
CHR HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [104416 2014-11-21] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1caa7387dcd1374; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
R2 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [126392 2010-02-25] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [676912 2010-02-11] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys [615040 2010-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R3 internethelper_antiphishingd; C:\ProgramData\Internet Helper Anti-phishing\internethelper_antiphishingd.sys [51912 2014-05-09] (Green search security)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1106000.020\SRTSP64.SYS [505392 2010-02-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1106000.020\SRTSPX64.SYS [32304 2010-02-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1106000.020\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1106000.020\SYMEFA64.SYS [221232 2010-02-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-01-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS [149552 2010-02-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1106000.020\SYMTDIV.SYS [451120 2010-02-03] (Symantec Corporation)
U4 eabfiltr; No ImagePath
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\EX64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:12 - 2015-01-23 18:14 - 00000000 ____D () C:\AdwCleaner
2015-01-23 18:12 - 2015-01-23 18:12 - 02186752 _____ () C:\Users\Nora\Desktop\AdwCleaner.exe
2015-01-23 17:33 - 2015-01-23 17:33 - 00019180 _____ () C:\Users\Nora\Downloads\fixlist.txt
2015-01-23 16:41 - 2015-01-23 16:41 - 00040778 _____ () C:\Users\Nora\Downloads\Addition.txt
2015-01-23 16:40 - 2015-01-23 18:20 - 00022729 _____ () C:\Users\Nora\Downloads\FRST.txt
2015-01-23 16:39 - 2015-01-23 18:21 - 00000000 ____D () C:\FRST
2015-01-23 16:39 - 2015-01-23 16:39 - 02126848 _____ (Farbar) C:\Users\Nora\Downloads\FRST64.exe
2015-01-23 16:24 - 2015-01-23 16:24 - 00062664 _____ () C:\Users\Nora\Downloads\Extras.Txt
2015-01-23 16:22 - 2015-01-23 16:22 - 00094652 _____ () C:\Users\Nora\Downloads\OTL.Txt
2015-01-23 16:10 - 2015-01-23 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Nora\Downloads\OTL.exe
2015-01-23 15:53 - 2015-01-23 15:53 - 00000000 ____D () C:\Users\Nora\Desktop\Speclean
2015-01-23 14:40 - 2015-01-23 14:42 - 00002636 _____ () C:\Users\Nora\Desktop\Rkill.txt
2015-01-23 14:40 - 2015-01-23 14:40 - 00000000 ____D () C:\Users\Nora\Desktop\rkill
2015-01-23 10:15 - 2015-01-23 10:15 - 00000000 ____H () C:\Users\Nora\Documents\Default.rdp
2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}
2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985}
2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}
2015-01-23 09:40 - 2015-01-23 09:40 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-23 09:40 - 2015-01-23 09:40 - 00001094 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 09:15 - 2015-01-23 09:34 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{07ECFF7E-6435-4F78-8371-F2FE9A20F981}
2015-01-22 20:34 - 2015-01-22 20:34 - 00804568 _____ (Download Helper) C:\Users\Nora\Downloads\ChromeSetup (1).exe
2015-01-22 15:27 - 2015-01-22 23:02 - 91750400 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-01-22 15:27 - 2015-01-22 23:02 - 16777216 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2015-01-22 15:27 - 2015-01-22 23:02 - 02359296 _____ () C:\Users\Nora\.ghost-ntfs-3g-00000000000000000009
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D}
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98}
2015-01-22 12:45 - 2014-11-21 10:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 16:40 - 2015-01-21 16:40 - 00002980 _____ () C:\Windows\System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5}
2015-01-20 07:30 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-20 07:30 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-20 07:30 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-20 07:30 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-20 07:30 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-20 07:30 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-19 18:34 - 2015-01-20 10:01 - 00022619 _____ () C:\Windows\iis7.log
2015-01-19 18:33 - 2015-01-19 18:33 - 00000000 ____D () C:\inetpub
2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}
2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp
2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp
2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A}
2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289}
2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}
2015-01-14 21:02 - 2014-04-29 11:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-14 21:02 - 2014-04-29 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-14 21:02 - 2014-04-29 09:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-14 21:02 - 2014-04-29 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-14 11:02 - 2015-01-14 11:02 - 02167615 _____ () C:\Users\Nora\Downloads\Unconfirmed 849476.crdownload
2015-01-13 15:09 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:09 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:09 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:09 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 14:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:15 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:15 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 14:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 14:32 - 2015-01-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E}
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard
2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html
2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}
2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D}
2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log
2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}
2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}
2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3}
2015-01-09 13:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-09 13:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29}
2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA}
2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE
2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}
2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD}
2015-01-04 16:09 - 2015-01-04 16:10 - 00000000 ____D () C:\Users\Nora\AppData\Local\Deployment
2015-01-04 02:41 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-04 02:41 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-04 02:41 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-04 02:41 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-04 02:41 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-04 02:40 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-04 02:40 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-04 02:12 - 2015-01-04 02:12 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-03 19:17 - 2014-09-23 22:22 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-03 19:17 - 2014-09-23 22:22 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C}
2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm
2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files
2015-01-02 13:39 - 2015-01-23 15:08 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard
2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe
2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe
2014-12-31 17:09 - 2014-12-31 17:09 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\com.adobe.mauby
2014-12-31 17:06 - 2014-12-31 17:06 - 00000000 ____D () C:\Users\Nora\AppData\Local\StormFall
2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe
2014-12-31 12:21 - 2014-12-31 12:21 - 00000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList
2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job
2014-12-31 11:17 - 2014-12-31 11:17 - 00000000 ____D () C:\Users\Nora\AppData\Local\WorldofTanks
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ____D () C:\Users\Nora\AppData\Local\Sparta
2014-12-31 10:48 - 2014-12-31 10:48 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\CompuClever
2014-12-31 10:45 - 2014-12-31 10:45 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-31 10:45 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-25 10:51 - 2014-12-25 10:51 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:16 - 2012-09-13 21:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-23 18:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 18:16 - 2009-07-13 23:51 - 00254721 _____ () C:\Windows\setupact.log
2015-01-23 18:15 - 2010-01-27 02:04 - 00265350 _____ () C:\Windows\PFRO.log
2015-01-23 15:08 - 2009-12-17 13:29 - 01975120 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 14:42 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 14:42 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 14:39 - 2013-02-24 18:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 14:34 - 2012-07-06 06:55 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 14:16 - 2010-02-06 09:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 09:40 - 2014-12-14 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 02:05 - 2010-01-26 18:11 - 00000000 ____D () C:\Users\Nora
2015-01-23 01:37 - 2010-02-11 00:23 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-22 23:04 - 2014-06-01 10:59 - 00000000 ____D () C:\Windows\jumpshot.com
2015-01-22 22:20 - 2010-07-28 19:58 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-01-22 22:04 - 2009-07-14 00:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 20:13 - 2010-02-06 09:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 18:03 - 2014-06-01 11:11 - 00000000 __SHD () C:\Jumpshot
2015-01-22 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 16:42 - 2012-09-30 13:24 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-22 15:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-01-22 12:56 - 2014-11-21 10:02 - 00002187 ____C () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-22 12:47 - 2014-11-21 10:02 - 00002001 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-01-20 09:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-19 18:39 - 2010-04-03 13:44 - 00000632 __RSH () C:\Users\Nora\ntuser.pol
2015-01-18 14:59 - 2013-03-29 22:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 11:53 - 2013-01-10 12:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-16 18:35 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-15 18:58 - 2014-07-28 08:18 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-01-15 14:45 - 2013-03-13 13:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-15 14:45 - 2010-06-04 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-15 14:45 - 2009-11-01 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-14 21:02 - 2013-08-15 18:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:56 - 2010-01-27 15:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 16:32 - 2010-01-26 18:31 - 00005427 _____ () C:\ProgramData\hpzinstall.log
2015-01-11 20:29 - 2009-11-01 03:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-06 04:36 - 2010-05-05 08:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 16:10 - 2010-02-06 09:39 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 16:10 - 2010-02-06 09:39 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 16:10 - 2010-02-06 09:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 16:09 - 2014-05-07 18:53 - 00000000 ____D () C:\Users\Nora\AppData\Local\Apps\2.0
2015-01-04 12:37 - 2014-11-21 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-04 10:54 - 2010-05-27 22:13 - 00000000 ___DC () C:\Users\Nora\AppData\Local\MigWiz
2015-01-04 01:58 - 2010-01-26 18:18 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\Adobe
2015-01-03 19:17 - 2009-11-01 01:24 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-03 19:14 - 2009-09-06 19:40 - 00000000 ____D () C:\SwSetup
2015-01-02 13:43 - 2010-05-05 15:18 - 00000000 ____D () C:\Users\Nora\AppData\Local\CrashDumps
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-31 14:28 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 15:46 - 2011-07-08 16:32 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNora
2014-12-30 15:46 - 2011-07-08 16:32 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNora.job
2014-12-26 13:55 - 2010-02-06 12:08 - 00002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======
2011-01-27 10:15 - 2011-06-17 10:17 - 0001854 _____ () C:\Users\Nora\AppData\Roaming\GhostObjGAFix.xml
2014-12-31 12:21 - 2014-12-31 12:21 - 0000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2010-02-06 12:08 - 2014-12-26 13:55 - 0002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\AtStart.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\DSwitch.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\QSwitch.txt
2010-01-26 19:01 - 2014-10-12 09:35 - 0007614 _____ () C:\Users\Nora\AppData\Local\Resmon.ResmonCfg
2011-06-04 18:30 - 2011-06-04 18:30 - 0000000 _____ () C:\Users\Nora\AppData\Local\{EE4DDEA8-849B-40BA-ADC6-84C2146798CF}
2010-08-28 17:49 - 2010-08-28 17:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-26 18:16 - 2015-01-23 18:17 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2010-01-26 18:31 - 2015-01-13 16:32 - 0005427 _____ () C:\ProgramData\hpzinstall.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Nora\AppData\Local\Temp\Quarantine.exe
C:\Users\Nora\AppData\Local\Temp\sqlite3.dll


==================== Bamital &amp; volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe =&gt; File is digitally signed
C:\Windows\System32\wininit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe =&gt; File is digitally signed
C:\Windows\explorer.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe =&gt; File is digitally signed
C:\Windows\System32\svchost.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe =&gt; File is digitally signed
C:\Windows\System32\services.exe =&gt; File is digitally signed
C:\Windows\System32\User32.dll =&gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll =&gt; File is digitally signed
C:\Windows\System32\userinit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe =&gt; File is digitally signed
C:\Windows\System32\rpcss.dll =&gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys =&gt; File is digitally signed


LastRegBack: 2015-01-14 13:31

==================== End Of Log ============================

Edited by CaptFeathers, 23 January 2015 - 05:26 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Still not overly happy with your browser setting so I would like you to reset them


FIREFOX

1.Click the menu button and then click help .
2.From the Help menu choose Troubleshooting Information. ...
3.Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
4.To continue, click Reset Firefox in the confirmation window that opens.

 

CHROME

1.Click the icon that looks like three stacked lines at the top right of the browser window. ...
2.Select 'Settings' in the drop-down menu. ...
3.Click on 'Show advanced settings' at the bottom of the Web page. ...
4.Select 'Reset browser settings' at the bottom of the page.

 

INTERNET EXPLORER

1.Close all Internet Explorer and Windows Explorer windows that are currently open.
2.Reopen Internet Explorer.
3.Click the Tools button, and then click Internet options.
4.Click the Advanced tab, and then click Reset. ...
5.In the Reset Internet Explorer Settings dialog box, click Reset.

 

THEN

 

Download and run the Norton removal tool from here

 

FINALLY

 

Could you let me know how the computer is behaving and run yet another FRST scan for me including the additions this time


  • 0

Advertisements


#11
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, so I've tried everything you've directed me to do... Firefox and Chrome won't even run. I started Task Manager just to see if the processes were there and for both programs, the process begins for just a moment and then disappears. I was successful in resetting Internet Explorer. I could was able to download Norton, but could not run it. I got a message saying "The file is not signed, so it will not run."

I was able to run another FRST scan with the Addition. Other than most programs being unable to run or be downloaded, the computer seems to be functioning fine as far as speed, opening websites, etc.
  • 0

#12
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
FRST log:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Nora (administrator) on NORA-PC on 24-01-2015 11:22:48
Running from C:\Users\Nora\Downloads
Loaded Profiles: Nora (Available profiles: Nora)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hawkes Learning Systems ) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
(Green search security) C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Farbar) C:\Users\Nora\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-22] (AVAST Software)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\rnwp8442.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn [2010-01-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-04]
FF HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> https://www.bing.com...q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com...ab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/...uage={language}
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]
CHR Extension: (Google Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]
CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]
CHR Extension: (Google Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]
CHR HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [104416 2014-11-21] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1caa7387dcd1374; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
R2 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [126392 2010-02-25] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [676912 2010-02-11] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys [615040 2010-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R3 internethelper_antiphishingd; C:\ProgramData\Internet Helper Anti-phishing\internethelper_antiphishingd.sys [51912 2014-05-09] (Green search security)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1106000.020\SRTSP64.SYS [505392 2010-02-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1106000.020\SRTSPX64.SYS [32304 2010-02-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1106000.020\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1106000.020\SYMEFA64.SYS [221232 2010-02-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-01-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS [149552 2010-02-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1106000.020\SYMTDIV.SYS [451120 2010-02-03] (Symantec Corporation)
U4 eabfiltr; No ImagePath
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100327.020\EX64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 11:22 - 2015-01-24 11:22 - 02129920 _____ (Farbar) C:\Users\Nora\Downloads\FRST64 (1).exe
2015-01-24 11:21 - 2015-01-24 11:21 - 00000000 ____D () C:\Users\Nora\Downloads\FRST-OlderVersion
2015-01-24 11:20 - 2015-01-24 11:20 - 00896048 _____ () C:\Users\Nora\Downloads\Norton_Removal_Tool.exe
2015-01-23 18:12 - 2015-01-23 18:14 - 00000000 ____D () C:\AdwCleaner
2015-01-23 18:12 - 2015-01-23 18:12 - 02186752 _____ () C:\Users\Nora\Desktop\AdwCleaner.exe
2015-01-23 17:33 - 2015-01-23 17:33 - 00019180 _____ () C:\Users\Nora\Downloads\fixlist.txt
2015-01-23 16:41 - 2015-01-23 16:41 - 00040778 _____ () C:\Users\Nora\Downloads\Addition.txt
2015-01-23 16:40 - 2015-01-24 11:23 - 00022355 _____ () C:\Users\Nora\Downloads\FRST.txt
2015-01-23 16:39 - 2015-01-24 11:22 - 00000000 ____D () C:\FRST
2015-01-23 16:39 - 2015-01-24 11:21 - 02113860 _____ () C:\Users\Nora\Downloads\FRST64.exe
2015-01-23 16:24 - 2015-01-23 16:24 - 00062664 _____ () C:\Users\Nora\Downloads\Extras.Txt
2015-01-23 16:22 - 2015-01-23 16:22 - 00094652 _____ () C:\Users\Nora\Downloads\OTL.Txt
2015-01-23 16:10 - 2015-01-23 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Nora\Downloads\OTL.exe
2015-01-23 15:53 - 2015-01-23 15:53 - 00000000 ____D () C:\Users\Nora\Desktop\Speclean
2015-01-23 14:40 - 2015-01-23 14:42 - 00002636 _____ () C:\Users\Nora\Desktop\Rkill.txt
2015-01-23 14:40 - 2015-01-23 14:40 - 00000000 ____D () C:\Users\Nora\Desktop\rkill
2015-01-23 10:15 - 2015-01-23 10:15 - 00000000 ____H () C:\Users\Nora\Documents\Default.rdp
2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}
2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985}
2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}
2015-01-23 09:40 - 2015-01-23 09:40 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-23 09:40 - 2015-01-23 09:40 - 00001094 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 09:15 - 2015-01-24 11:21 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{07ECFF7E-6435-4F78-8371-F2FE9A20F981}
2015-01-22 20:34 - 2015-01-22 20:34 - 00804568 _____ (Download Helper) C:\Users\Nora\Downloads\ChromeSetup (1).exe
2015-01-22 15:27 - 2015-01-22 23:02 - 91750400 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-01-22 15:27 - 2015-01-22 23:02 - 16777216 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2015-01-22 15:27 - 2015-01-22 23:02 - 02359296 _____ () C:\Users\Nora\.ghost-ntfs-3g-00000000000000000009
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D}
2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98}
2015-01-22 12:45 - 2014-11-21 10:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 16:40 - 2015-01-21 16:40 - 00002980 _____ () C:\Windows\System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5}
2015-01-20 07:30 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-01-20 07:30 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-01-20 07:30 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-01-20 07:30 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-01-20 07:30 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-01-20 07:30 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-01-20 07:30 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-01-20 07:30 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-01-20 07:30 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-01-19 18:34 - 2015-01-20 10:01 - 00022619 _____ () C:\Windows\iis7.log
2015-01-19 18:33 - 2015-01-19 18:33 - 00000000 ____D () C:\inetpub
2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}
2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp
2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp
2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A}
2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289}
2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}
2015-01-14 21:02 - 2014-04-29 11:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-14 21:02 - 2014-04-29 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-14 21:02 - 2014-04-29 09:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-14 21:02 - 2014-04-29 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-14 11:02 - 2015-01-14 11:02 - 02167615 _____ () C:\Users\Nora\Downloads\Unconfirmed 849476.crdownload
2015-01-13 15:09 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:09 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:09 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:09 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:09 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:09 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 14:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:15 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:15 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 14:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 14:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 14:32 - 2015-01-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E}
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard
2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html
2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}
2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D}
2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log
2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E}
2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}
2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}
2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3}
2015-01-09 13:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-09 13:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29}
2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA}
2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE
2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}
2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6}
2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD}
2015-01-04 16:09 - 2015-01-04 16:10 - 00000000 ____D () C:\Users\Nora\AppData\Local\Deployment
2015-01-04 02:41 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-04 02:41 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-04 02:41 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-04 02:41 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-04 02:41 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-04 02:41 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-04 02:41 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-04 02:40 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-04 02:40 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-04 02:12 - 2015-01-04 02:12 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-03 19:17 - 2014-09-23 22:22 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-03 19:17 - 2014-09-23 22:22 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C}
2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm
2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files
2015-01-02 13:39 - 2015-01-24 11:13 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard
2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe
2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe
2014-12-31 17:09 - 2014-12-31 17:09 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\com.adobe.mauby
2014-12-31 17:06 - 2014-12-31 17:06 - 00000000 ____D () C:\Users\Nora\AppData\Local\StormFall
2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe
2014-12-31 12:21 - 2014-12-31 12:21 - 00000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList
2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job
2014-12-31 11:17 - 2014-12-31 11:17 - 00000000 ____D () C:\Users\Nora\AppData\Local\WorldofTanks
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ____D () C:\Users\Nora\AppData\Local\Sparta
2014-12-31 10:48 - 2014-12-31 10:48 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\CompuClever
2014-12-31 10:45 - 2014-12-31 10:45 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-31 10:45 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-31 10:45 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-31 10:45 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-25 10:51 - 2014-12-25 10:51 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 11:21 - 2009-12-17 13:29 - 02026654 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 11:15 - 2010-02-06 09:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 11:14 - 2012-09-13 21:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-24 11:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 11:14 - 2009-07-13 23:51 - 00254833 _____ () C:\Windows\setupact.log
2015-01-24 11:13 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 11:13 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 11:11 - 2014-12-14 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 11:08 - 2012-07-06 06:55 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 19:39 - 2013-02-24 18:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 18:15 - 2010-01-27 02:04 - 00265350 _____ () C:\Windows\PFRO.log
2015-01-23 02:05 - 2010-01-26 18:11 - 00000000 ____D () C:\Users\Nora
2015-01-23 01:37 - 2010-02-11 00:23 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-22 23:04 - 2014-06-01 10:59 - 00000000 ____D () C:\Windows\jumpshot.com
2015-01-22 22:20 - 2010-07-28 19:58 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-01-22 22:04 - 2009-07-14 00:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 20:13 - 2010-02-06 09:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-22 18:03 - 2014-06-01 11:11 - 00000000 __SHD () C:\Jumpshot
2015-01-22 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 16:42 - 2012-09-30 13:24 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-22 15:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-01-22 12:56 - 2014-11-21 10:02 - 00002187 ____C () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-22 12:47 - 2014-11-21 10:02 - 00002001 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-01-20 09:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-19 18:39 - 2010-04-03 13:44 - 00000632 __RSH () C:\Users\Nora\ntuser.pol
2015-01-18 14:59 - 2013-03-29 22:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-17 11:53 - 2013-01-10 12:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-16 18:35 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-15 18:58 - 2014-07-28 08:18 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-01-15 14:45 - 2013-03-13 13:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-15 14:45 - 2010-06-04 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-15 14:45 - 2009-11-01 03:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-14 21:02 - 2013-08-15 18:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:56 - 2010-01-27 15:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 16:32 - 2010-01-26 18:31 - 00005427 _____ () C:\ProgramData\hpzinstall.log
2015-01-11 20:29 - 2009-11-01 03:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-06 04:36 - 2010-05-05 08:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 16:10 - 2010-02-06 09:39 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-04 16:10 - 2010-02-06 09:39 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-04 16:10 - 2010-02-06 09:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 16:09 - 2014-05-07 18:53 - 00000000 ____D () C:\Users\Nora\AppData\Local\Apps\2.0
2015-01-04 12:37 - 2014-11-21 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-04 10:54 - 2010-05-27 22:13 - 00000000 ___DC () C:\Users\Nora\AppData\Local\MigWiz
2015-01-04 01:58 - 2010-01-26 18:18 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\Adobe
2015-01-03 19:17 - 2009-11-01 01:24 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-03 19:14 - 2009-09-06 19:40 - 00000000 ____D () C:\SwSetup
2015-01-02 13:43 - 2010-05-05 15:18 - 00000000 ____D () C:\Users\Nora\AppData\Local\CrashDumps
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-02 12:22 - 2010-12-12 16:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-31 14:28 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 15:46 - 2011-07-08 16:32 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNora
2014-12-30 15:46 - 2011-07-08 16:32 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNora.job
2014-12-26 13:55 - 2010-02-06 12:08 - 00002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======

2011-01-27 10:15 - 2011-06-17 10:17 - 0001854 _____ () C:\Users\Nora\AppData\Roaming\GhostObjGAFix.xml
2014-12-31 12:21 - 2014-12-31 12:21 - 0000045 _____ () C:\Users\Nora\AppData\Roaming\WB.CFG
2010-02-06 12:08 - 2014-12-26 13:55 - 0002016 _____ () C:\Users\Nora\AppData\Roaming\wklnhst.dat
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\AtStart.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\DSwitch.txt
2010-01-26 18:16 - 2010-01-26 18:16 - 0000000 _____ () C:\Users\Nora\AppData\Local\QSwitch.txt
2010-01-26 19:01 - 2014-10-12 09:35 - 0007614 _____ () C:\Users\Nora\AppData\Local\Resmon.ResmonCfg
2011-06-04 18:30 - 2011-06-04 18:30 - 0000000 _____ () C:\Users\Nora\AppData\Local\{EE4DDEA8-849B-40BA-ADC6-84C2146798CF}
2010-08-28 17:49 - 2010-08-28 17:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-26 18:16 - 2015-01-24 11:16 - 0000191 _____ () C:\ProgramData\HPWALog.txt
2010-01-26 18:31 - 2015-01-13 16:32 - 0005427 _____ () C:\ProgramData\hpzinstall.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Nora\AppData\Local\Temp\Quarantine.exe
C:\Users\Nora\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:31

==================== End Of Log ============================
  • 0

#13
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Additions log:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Nora at 2015-01-24 11:24:04
Running from C:\Users\Nora\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9EFC40E3-5F31-4F75-8445-286273F74D8E}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARO 2011 (HKLM-x32\...\ARO 2011_is1) (Version: 7.0 - Support.com)
ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.51 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Facebook Plug-In (HKU\S-1-5-21-533477281-2566771568-2164580434-1001\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hawkes Update Service Manager (HKLM-x32\...\Hawkes Update Service Manager) (Version: 1.0.0 - Hawkes Learning Systems)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 2.0.1.1 - Internet Helper (Powered by Panda Security))
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{39107B20-EA1C-4974-881C-607300BB3C99}) (Version: 2.6.0.29 - Apple Inc.)
Mozilla Firefox 8.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 8.0 (x86 en-US)) (Version: 8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 17.6.0.32 - Symantec Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0300}) (Version: 12.3.0.859 - APN, LLC)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0A00}) (Version: 12.10.0.3221 - APN, LLC)
Sammsoft Toolbar (HKLM-x32\...\{424C502D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5280 - APN, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Suddenlink Toolbar (HKLM-x32\...\suddenlinktoolbar) (Version: - Suddenlink Communications)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-533477281-2566771568-2164580434-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nora\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-01-2015 11:49:11 Restore Operation
19-01-2015 18:31:44 Windows Modules Installer
19-01-2015 19:07:02 ARO 2011 Mon, Jan 19, 15 19:06
19-01-2015 19:18:37 ARO 2011 Mon, Jan 19, 15 19:18
19-01-2015 19:19:07 ARO 2011 Mon, Jan 19, 15 19:19
20-01-2015 07:30:29 Windows Update
20-01-2015 10:00:12 Windows Update
20-01-2015 17:10:13 Restore Operation
20-01-2015 17:44:00 Removed Google Earth Plug-in.
21-01-2015 17:10:28 Restore Operation
21-01-2015 17:48:53 ARO 2011 Wed, Jan 21, 15 17:48
21-01-2015 17:50:15 ARO 2011 Wed, Jan 21, 15 17:50
21-01-2015 19:10:15 ARO 2011 Wed, Jan 21, 15 19:10
22-01-2015 12:43:35 avast! antivirus system restore point
22-01-2015 12:47:25 Device Driver Package Install: Avast Network Service
22-01-2015 16:56:44 Restore Operation
22-01-2015 18:33:16 ARO 2011 Thu, Jan 22, 15 18:33
22-01-2015 21:03:02 Restore Operation
22-01-2015 22:07:52 ARO 2011- Before One Click
22-01-2015 22:25:45 ARO 2011 Thu, Jan 22, 15 22:25
22-01-2015 22:26:40 ARO 2011 Thu, Jan 22, 15 22:26
23-01-2015 18:30:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D3157B-E629-49C4-980B-043E06AC4241} - System32\Tasks\{CFB0932A-B25A-4025-8611-C88D2EBA1739} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {0C32D74B-6BC5-41B2-8B5E-7752218138DC} - System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} => Firefox.exe
Task: {0CE266A1-6753-4410-8308-3174BC943865} - System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} => Firefox.exe
Task: {0CF2ACB0-21A2-49CB-8F44-56CC48BA110D} - System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} => Chrome.exe
Task: {117A1FE6-CF6A-4150-A521-E9D332060487} - System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E} => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29] (Hewlett-Packard)
Task: {12E00B55-0D43-4B4A-AB0B-3BA1478AF6F7} - System32\Tasks\HPCeeScheduleForNora => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {15A4C8C8-B948-4175-8BBC-8AB68A26B74F} - System32\Tasks\{1B28F8DC-A564-407F-93F5-337688E722C1} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {1B6058DE-3D8C-47DE-B6EF-2F6E8F266564} - System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} => Chrome.exe
Task: {1BFF48BF-3C65-43F9-A78E-60AE044B2A5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {212E1AA7-2BA4-43F2-9BA2-E21F7E103C64} - System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} => Firefox.exe
Task: {2E62B6EE-D013-4FAD-81C9-22DB8E34A64E} - System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} => Chrome.exe
Task: {30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {311AEFA0-F450-449B-8209-B22F29446AD3} - System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {348E3055-6456-48CF-934F-D9E99EC65A3A} - System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} => Chrome.exe
Task: {37273D47-1C3C-4F47-938A-B8E182AD8EFE} - System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} => Chrome.exe
Task: {391E164A-053E-4DB5-9270-38CA5344D9E8} - System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {3F36AC41-E031-4CE2-8A24-B87FA6650E4D} - System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} => Chrome.exe
Task: {421774C5-3C2E-47CB-A692-412DB13458D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {42F825BF-2DD4-4FB3-BBAA-B407720DEE7E} - System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} => Chrome.exe
Task: {44A4146E-390F-428F-8E0D-6CED24DA281E} - System32\Tasks\ARO 2011 => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {4EF6C105-3AF4-423B-8F9E-F531B41E1EA2} - System32\Tasks\{94665F5F-F84D-4668-9C3D-574FD9E217B0} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {53CEC116-048F-4E74-B4C1-7E6BC5DE00B6} - System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} => Chrome.exe
Task: {55B23DA9-7846-40C8-8178-C80AFA77B71B} - System32\Tasks\{E1DCCEB2-550E-4EC4-9AA7-DABD97D88A37} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {58932495-C9B4-456B-9C5A-D1581D8F51B0} - System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {5F9A9550-5E4E-4101-AD0B-9765963B4F0A} - System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} => Firefox.exe
Task: {62628C81-322B-48E6-9C92-70BB6143EB48} - System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {65F014BF-117F-490C-A5B4-A9BA6BC5417A} - System32\Tasks\{AD220CE8-9A7E-4CA3-8FA6-93D1B0F4BA7D} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {68109C6A-F1A9-429D-9C93-0365F5F11059} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {68E37F23-3EAD-4600-86B0-7A4068681C5A} - System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} => Chrome.exe
Task: {6D83D45C-7F41-46EB-A876-8FFD883EFF30} - System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} => Chrome.exe
Task: {6E9A1C87-53BD-42C3-B3D2-E6B263EF871D} - System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} => Firefox.exe
Task: {70440AE7-9ECB-44B3-92FE-87C1DD9308BA} - System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {7B6730DD-C895-4FB4-AB35-658A911EC171} - System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} => Firefox.exe
Task: {7C878211-EBBB-4BAD-9328-0125122874B0} - System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} => Chrome.exe
Task: {7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36} - System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {7D46CB65-C39B-40FC-94A5-B2E0AE998A20} - System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 => Firefox.exe
Task: {7DCE117F-34B2-41F4-A4B5-E281E627D42B} - System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} => Firefox.exe
Task: {8326BACA-18FA-40EE-80A7-9AD5D2495919} - System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} => Firefox.exe
Task: {85414E55-F451-4F20-9293-0C0600E920AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {8ADBAD1F-8099-4787-B74F-82B2BE70AE6E} - System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} => Firefox.exe
Task: {9070E9D0-457A-4C01-AB71-286B6571F703} - System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {93B988FC-D71A-4900-A0E5-F81460BA1A0C} - System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} => Firefox.exe
Task: {95F7B2BD-5928-44C0-843F-86A9F5B732E8} - System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)
Task: {98DED753-9C5F-41E1-AD1B-5676FB876F72} - System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} => Firefox.exe
Task: {AA652F5F-CD59-4C3B-BC9C-E02427CBDD17} - System32\Tasks\{E64FC190-389E-4FD1-8F0D-449DEC000F1D} => Firefox.exe
Task: {B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2} - System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {B5B26CD4-96AE-4A68-AA04-6699893ABB18} - System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} => Chrome.exe
Task: {BD4D13DC-E390-493B-90D9-8B7089EF2845} - System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} => Firefox.exe
Task: {D1F8E589-DF3D-47AB-A057-9C8D7318AB42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {D484B062-16AD-468E-A46E-2427773EDC8E} - System32\Tasks\{4C692D40-8403-4910-A293-DDF8BF62DF47} => Firefox.exe
Task: {D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD} - System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} => Firefox.exe
Task: {D90D12E8-83F3-4712-8B3F-494101135373} - System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {D94AD8FB-435C-4203-B42D-DBEB782153E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA0E4271-29CA-49C9-9CF5-C149B999D199} - System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {DA543196-8FD4-4AE9-A087-F010CBAD93B5} - System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} => C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)
Task: {DC84F3C8-A22A-4A1A-812B-06D0861FD5B6} - System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} => Chrome.exe
Task: {DF94DC17-57E1-4BA2-B51A-C93A0FC617BE} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 => C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)
Task: {E04042A5-0FE1-495F-B08F-CC5B95D277DE} - System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} => Firefox.exe
Task: {E55BC515-6EBC-4D1A-922A-42D0D98157EB} - System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} => Firefox.exe
Task: {E69C7172-B9E9-46FF-B812-40B47695252C} - System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} => C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)
Task: {F09319E1-EB0B-4864-B872-1D96D750D118} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD} - System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} => Firefox.exe
Task: {F30C72E3-A4CE-4AAB-BE14-E69989855411} - System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} => Firefox.exe
Task: {F6ECC49B-D038-40B2-88B4-031B4677F8E2} - System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} => Chrome.exe
Task: {F994897F-240D-44C9-A9D3-F93A7686EF49} - System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} => Firefox.exe
Task: {FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6} - System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} => Firefox.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ARO 2011.job => C:\Program Files (x86)\ARO 2011\ARO.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNora.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Voo Update.job => C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-533477281-2566771568-2164580434-500 - Administrator - Disabled)
Guest (S-1-5-21-533477281-2566771568-2164580434-501 - Limited - Disabled)
Nora (S-1-5-21-533477281-2566771568-2164580434-1001 - Administrator - Enabled) => C:\Users\Nora

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 10:43:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 10:22:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 10:21:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (01/22/2015 09:08:41 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/22/2015 05:29:28 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/22/2015 05:02:54 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Device Driver Package Install: Avast Network Service).

Error: (01/21/2015 05:46:52 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Removed Microsoft Silverlight).

Error: (01/21/2015 05:19:10 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Restore Operation).

Error: (01/20/2015 05:15:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (avast! antivirus system restore point). Additional information: 0x80070002.

Error: (01/20/2015 04:37:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (01/24/2015 11:23:33 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/24/2015 11:22:00 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:20:30 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:20:30 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:20:05 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:20:04 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:18:44 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:18:35 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:18:28 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)

Error: (01/24/2015 11:16:48 AM) (Source: DCOM) (EventID: 10016) (User: Nora-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nora-PCNoraS-1-5-21-533477281-2566771568-2164580434-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 3003.19 MB
Available physical RAM: 1590.49 MB
Total Pagefile: 6004.57 MB
Available Pagefile: 4130.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.51 GB) (Free:188.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.39 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0393754D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now try FRST again :)

The browser entries now look good, so I will now remove some other items
Once the fix has completed could you try Chrome and Firefox to see if they work

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlog.txt   14.1KB   82 downloads
Start FRST and press fix
On completion you will be asked to reboot
Once done a fixlog will appear on your desktop please post that
  • 0

#15
CaptFeathers

CaptFeathers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here you go:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01Ran by Nora at 2015-01-24 16:46:05 Run:4Running from C:\Users\Nora\DownloadsLoaded Profiles: Nora (Available profiles: Nora)Boot Mode: Normal==============================================Content of fixlist:*****************CreateRestorePoint:HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...rosoft\Internet Explorer\Main,Search Bar = https://www.google.c...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?... URLSearchHook: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -&gt; DefaultScope {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKLM -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...&gt; SearchScopes: HKLM -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...&gt; SearchScopes: HKLM -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKLM -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -&gt; DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...&gt; SearchScopes: HKLM-x32 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = http://www.ask.com/w...&gt; SearchScopes: HKLM-x32 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...&gt; SearchScopes: HKLM-x32 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKLM-x32 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&gt; SearchScopes: HKLM-x32 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {1F80BEF6-49F6-43D5-B221-99778CAD6094} URL = SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...Terms}
BHO: No Name -&gt; {2299856A-6506-42E3-A34F-CD35A47C1B19} -&gt; No File BHO-x32: No Name -&gt; {02478D38-C3F9-4efb-9B51-7695ECA05670} -&gt; No FileBHO-x32: No Name -&gt; {2299856A-6506-42E3-A34F-CD35A47C1B19} -&gt; No FileBHO-x32: Symantec NCO BHO -&gt; {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Symantec Intrusion Prevention -&gt; {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)BHO-x32: No Name -&gt; {D4027C7F-154A-4066-A1AD-4243D8127440} -&gt; No FileToolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileS2 internethelper_antiphishing; C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishingb.exe [297272 2014-09-23] (Green search security)2015-01-23 09:55 - 2015-01-23 09:55 - 00002962 _____ () C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}2015-01-23 09:53 - 2015-01-23 09:53 - 00002962 _____ () C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985}2015-01-23 09:52 - 2015-01-23 09:52 - 00002962 _____ () C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D}2015-01-22 12:54 - 2015-01-22 12:54 - 00002980 _____ () C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98}2015-01-19 10:43 - 2015-01-19 10:43 - 00003112 _____ () C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}2015-01-18 18:16 - 2015-01-18 18:17 - 02139316 _____ () C:\Users\Nora\Downloads\37EF.tmp2015-01-18 11:26 - 2015-01-18 11:26 - 01650875 _____ () C:\Users\Nora\Downloads\DCA9.tmp2015-01-16 23:44 - 2015-01-16 23:44 - 00002962 _____ () C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A}2015-01-16 23:12 - 2015-01-16 23:12 - 00002962 _____ () C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289}2015-01-16 23:11 - 2015-01-16 23:11 - 00002962 _____ () C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}2015-01-12 09:44 - 2015-01-12 09:44 - 00002988 _____ () C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E}2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\WebGuard2015-01-11 16:21 - 2015-01-11 16:22 - 00026439 _____ () C:\Users\Nora\Downloads\follow_button.html2015-01-11 12:09 - 2015-01-11 12:09 - 00002980 _____ () C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}2015-01-11 12:06 - 2015-01-11 12:06 - 00002980 _____ () C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D}2015-01-10 13:06 - 2015-01-10 13:07 - 00002466 _____ () C:\Users\Nora\Downloads\software_removal_tool (1).log2015-01-10 11:38 - 2015-01-10 11:38 - 00002980 _____ () C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E}2015-01-10 11:34 - 2015-01-10 11:34 - 00002980 _____ () C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}2015-01-10 11:33 - 2015-01-10 11:33 - 00002980 _____ () C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}2015-01-10 11:31 - 2015-01-10 11:31 - 00002980 _____ () C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3}2015-01-06 11:42 - 2015-01-06 11:42 - 00002962 _____ () C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29}2015-01-06 11:39 - 2015-01-06 11:39 - 00002962 _____ () C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA}2015-01-06 10:51 - 2015-01-06 10:51 - 02205832 _____ (Microsoft Corporation) C:\Users\Nora\Downloads\MSNHomepage (1).EXE2015-01-05 19:42 - 2015-01-05 19:42 - 00002980 _____ () C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}2015-01-05 19:41 - 2015-01-05 19:41 - 00002980 _____ () C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6}2015-01-05 12:38 - 2015-01-05 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD}2015-01-03 16:25 - 2015-01-03 16:25 - 00002962 _____ () C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C}2015-01-03 14:38 - 2015-01-15 14:38 - 00000000 ____D () C:\ProgramData\Browser2015-01-02 17:32 - 2015-01-02 17:32 - 01082613 _____ () C:\Users\Nora\Downloads\(17) Facebook.htm2015-01-02 17:31 - 2015-01-02 17:32 - 00000000 ____D () C:\Users\Nora\Downloads\(17) Facebook_files2015-01-02 13:39 - 2015-01-23 15:08 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing2015-01-02 13:39 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing2015-01-02 13:34 - 2015-01-19 10:49 - 00000000 ____D () C:\ProgramData\WebGuard2015-01-02 12:15 - 2015-01-02 12:16 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe2015-01-02 12:08 - 2015-01-02 12:10 - 42096984 _____ (Apple Inc.) C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe2014-12-31 13:51 - 2015-01-22 20:22 - 00828440 _____ ( ) C:\Users\Nora\Downloads\adobe_flash_setup.exe2014-12-31 11:44 - 2014-12-31 11:44 - 00000000 __SHD () C:\Users\Nora\AppData\Local\EmieBrowserModeList2014-12-31 11:21 - 2014-12-31 12:21 - 00000288 _____ () C:\Windows\Tasks\Voo Update.job2014-12-31 11:21 - 2014-12-31 11:21 - 00003224 _____ () C:\Windows\System32\Tasks\Voo Update2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Users\Nora\AppData\Roaming\VooUpdate2014-12-31 11:21 - 2014-12-31 11:21 - 00000000 ____D () C:\Program Files (x86)\ver0BlockAndSurf2014-12-31 11:20 - 2015-01-05 13:33 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_542014-12-31 11:20 - 2015-01-04 19:12 - 00000000 ____D () C:\Users\Nora\AppData\Local\gmsd_us_542015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv2015-01-20 10:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log2009-11-01 03:05 - 2009-11-01 03:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log2009-11-01 02:59 - 2009-11-01 03:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log2009-12-17 13:40 - 2009-12-17 13:40 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log2009-12-17 13:41 - 2009-12-17 13:41 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log2009-11-01 02:59 - 2009-11-01 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log2009-11-01 03:00 - 2009-11-01 03:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log2009-12-17 13:41 - 2009-12-17 13:41 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.logTask: {0C32D74B-6BC5-41B2-8B5E-7752218138DC} - System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} =&gt; Firefox.exeTask: {0CE266A1-6753-4410-8308-3174BC943865} - System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} =&gt; Firefox.exeTask: {0CF2ACB0-21A2-49CB-8F44-56CC48BA110D} - System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} =&gt; Chrome.exeTask: {1B6058DE-3D8C-47DE-B6EF-2F6E8F266564} - System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} =&gt; Chrome.exeTask: {1BFF48BF-3C65-43F9-A78E-60AE044B2A5B} - System32\Tasks\GoogleUpdateTaskMachineCore =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {212E1AA7-2BA4-43F2-9BA2-E21F7E103C64} - System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} =&gt; Firefox.exeTask: {2E62B6EE-D013-4FAD-81C9-22DB8E34A64E} - System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} =&gt; Chrome.exeTask: {30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 =&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)Task: {311AEFA0-F450-449B-8209-B22F29446AD3} - System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)Task: {348E3055-6456-48CF-934F-D9E99EC65A3A} - System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} =&gt; Chrome.exeTask: {37273D47-1C3C-4F47-938A-B8E182AD8EFE} - System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} =&gt; Chrome.exeTask: {3F36AC41-E031-4CE2-8A24-B87FA6650E4D} - System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} =&gt; Chrome.exeTask: {421774C5-3C2E-47CB-A692-412DB13458D8} - System32\Tasks\GoogleUpdateTaskMachineUA =&gt; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {42F825BF-2DD4-4FB3-BBAA-B407720DEE7E} - System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} =&gt; Chrome.exeTask: {44A4146E-390F-428F-8E0D-6CED24DA281E} - System32\Tasks\ARO 2011 =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)Task: {53CEC116-048F-4E74-B4C1-7E6BC5DE00B6} - System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} =&gt; Chrome.exeTask: {58932495-C9B4-456B-9C5A-D1581D8F51B0} - System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} =&gt; pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"Task: {5F9A9550-5E4E-4101-AD0B-9765963B4F0A} - System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} =&gt; Firefox.exeTask: {68E37F23-3EAD-4600-86B0-7A4068681C5A} - System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} =&gt; Chrome.exeTask: {6D83D45C-7F41-46EB-A876-8FFD883EFF30} - System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} =&gt; Chrome.exeTask: {6E9A1C87-53BD-42C3-B3D2-E6B263EF871D} - System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} =&gt; Firefox.exeTask: {7B6730DD-C895-4FB4-AB35-658A911EC171} - System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} =&gt; Firefox.exeTask: {7C878211-EBBB-4BAD-9328-0125122874B0} - System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} =&gt; Chrome.exeTask: {7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36} - System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)Task: {7D46CB65-C39B-40FC-94A5-B2E0AE998A20} - System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 =&gt; Firefox.exeTask: {7DCE117F-34B2-41F4-A4B5-E281E627D42B} - System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} =&gt; Firefox.exeTask: {8326BACA-18FA-40EE-80A7-9AD5D2495919} - System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} =&gt; Firefox.exeTask: {85414E55-F451-4F20-9293-0C0600E920AD} - System32\Tasks\avast! Emergency Update =&gt; C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)Task: {8ADBAD1F-8099-4787-B74F-82B2BE70AE6E} - System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} =&gt; Firefox.exeTask: {9070E9D0-457A-4C01-AB71-286B6571F703} - System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)Task: {93B988FC-D71A-4900-A0E5-F81460BA1A0C} - System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} =&gt; Firefox.exeTask: {95F7B2BD-5928-44C0-843F-86A9F5B732E8} - System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} =&gt; C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2015-01-22] (AVAST Software)Task: {98DED753-9C5F-41E1-AD1B-5676FB876F72} - System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} =&gt; Firefox.exeTask: {A2693FB0-B40A-4865-82A8-80FB208E5EC8} - System32\Tasks\Voo Update =&gt; C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE Firefox.exeTask: {B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2} - System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)Task: {B5B26CD4-96AE-4A68-AA04-6699893ABB18} - System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} =&gt; Chrome.exeTask: {BD4D13DC-E390-493B-90D9-8B7089EF2845} - System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} =&gt; Firefox.exeTask: {C135C496-DF68-40E0-B67C-878BD8BF2769} - System32\Tasks\LaunchApp =&gt; C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe Firefox.exeTask: {D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD} - System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} =&gt; Firefox.exeTask: {D90D12E8-83F3-4712-8B3F-494101135373} - System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)Task: {D94AD8FB-435C-4203-B42D-DBEB782153E9} - System32\Tasks\Adobe Acrobat Update Task =&gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {DA0E4271-29CA-49C9-9CF5-C149B999D199} - System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)Task: {DA543196-8FD4-4AE9-A087-F010CBAD93B5} - System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} =&gt; C:\Program Files (x86)\ARO 2011\ARO.exe [2011-01-25] (Support.com)Task: {DC84F3C8-A22A-4A1A-812B-06D0861FD5B6} - System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} =&gt; Chrome.exeTask: {DF94DC17-57E1-4BA2-B51A-C93A0FC617BE} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 =&gt; C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-26] (Symantec Corporation)Task: {E04042A5-0FE1-495F-B08F-CC5B95D277DE} - System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} =&gt; Firefox.exeTask: {E55BC515-6EBC-4D1A-922A-42D0D98157EB} - System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} =&gt; Firefox.exeTask: {E69C7172-B9E9-46FF-B812-40B47695252C} - System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} =&gt; C:\Program Files\Alwil Software\Avast5\avastui.exe [2015-01-22] (AVAST Software)Task: {F09319E1-EB0B-4864-B872-1D96D750D118} - System32\Tasks\Apple\AppleSoftwareUpdate =&gt; C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD} - System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} =&gt; Firefox.exeTask: {F30C72E3-A4CE-4AAB-BE14-E69989855411} - System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} =&gt; Firefox.exeTask: {F6ECC49B-D038-40B2-88B4-031B4677F8E2} - System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} =&gt; Chrome.exeTask: {F994897F-240D-44C9-A9D3-F93A7686EF49} - System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} =&gt; Firefox.exeTask: {FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6} - System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} =&gt; Firefox.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job =&gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\ARO 2011.job =&gt; C:\Program Files (x86)\ARO 2011\ARO.exeTask: C:\Windows\Tasks\Voo Update.job =&gt; C:\Users\Nora\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&gt; Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&gt; Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&gt; Value was restored successfully.HKU\S-1-5-21-533477281-2566771568-2164580434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} =&gt; Key not found. HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {742255DC-73E8-4859-BFC9-8B299F3DFF63} URL = http://www.bing.com/...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.c...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {86C3BD3C-0076-4D6C-8EDC-E3FF3CC6A08E} URL = http://us.yhs4.searc...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&gt; SearchScopes: HKU\S-1-5-21-533477281-2566771568-2164580434-1001 -&gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} =&gt; Key not found. "HKU\S-1-5-21-533477281-2566771568-2164580434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" =&gt; Key deleted successfully.HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} =&gt; Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} =&gt; Key not found. HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} =&gt; Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19} =&gt; Key not found. HKCR\Wow6432Node\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19} =&gt; Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" =&gt; Key deleted successfully."HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" =&gt; Key deleted successfully."HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" =&gt; Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Key not found. HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} =&gt; value deleted successfully."HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" =&gt; Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} =&gt; value deleted successfully.HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} =&gt; Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} =&gt; value deleted successfully."HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" =&gt; Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} =&gt; value deleted successfully.HKCR\Wow6432Node\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} =&gt; Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Value not found.HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Key not found. HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} =&gt; value deleted successfully.HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} =&gt; Key not found. HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} =&gt; value deleted successfully.HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} =&gt; Key not found. HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Value not found.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} =&gt; Key not found. HKU\S-1-5-21-533477281-2566771568-2164580434-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} =&gt; value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} =&gt; Key not found. internethelper_antiphishing =&gt; Service stopped successfully.internethelper_antiphishing =&gt; Service deleted successfully.C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} =&gt; Moved successfully.C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} =&gt; Moved successfully.C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} =&gt; Moved successfully.C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} =&gt; Moved successfully.C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} =&gt; Moved successfully.C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} =&gt; Moved successfully.C:\Users\Nora\Downloads\37EF.tmp =&gt; Moved successfully.C:\Users\Nora\Downloads\DCA9.tmp =&gt; Moved successfully.C:\Windows\System32\Tasks\{6CCC45A5-6DB3-4805-A573-BD528091824A} =&gt; Moved successfully.C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} =&gt; Moved successfully.C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} =&gt; Moved successfully.C:\Windows\System32\Tasks\{73F011BA-E314-4786-8022-15EB58178C8E} =&gt; Moved successfully.C:\WebGuard =&gt; Moved successfully.C:\Users\Nora\Downloads\follow_button.html =&gt; Moved successfully.C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} =&gt; Moved successfully.C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} =&gt; Moved successfully.C:\Users\Nora\Downloads\software_removal_tool (1).log =&gt; Moved successfully.C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} =&gt; Moved successfully.C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} =&gt; Moved successfully.C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} =&gt; Moved successfully.C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} =&gt; Moved successfully.C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} =&gt; Moved successfully.C:\Windows\System32\Tasks\{F19E809E-A753-4569-8048-7C05DB27AA29} =&gt; Moved successfully.C:\Windows\System32\Tasks\{8456279D-AB43-4050-A090-467AB068C6CA} =&gt; Moved successfully.C:\Users\Nora\Downloads\MSNHomepage (1).EXE =&gt; Moved successfully.C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} =&gt; Moved successfully.C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} =&gt; Moved successfully.C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} =&gt; Moved successfully.C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} =&gt; Moved successfully.C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} =&gt; Moved successfully."C:\ProgramData\Browser" =&gt; File/Directory not found.C:\Users\Nora\Downloads\(17) Facebook.htm =&gt; Moved successfully.C:\Users\Nora\Downloads\(17) Facebook_files =&gt; Moved successfully.C:\ProgramData\internethelper_antiphishing =&gt; Moved successfully.C:\ProgramData\Internet Helper Anti-phishing =&gt; Moved successfully.C:\ProgramData\WebGuard =&gt; Moved successfully.C:\Users\Nora\Downloads\QuickTimeInstaller(4).exe =&gt; Moved successfully.C:\Users\Nora\Downloads\QuickTimeInstaller(1).exe =&gt; Moved successfully.C:\Users\Nora\Downloads\adobe_flash_setup.exe =&gt; Moved successfully.C:\Users\Nora\AppData\Local\EmieBrowserModeList =&gt; Moved successfully.C:\Windows\Tasks\Voo Update.job =&gt; Moved successfully."C:\Windows\System32\Tasks\Voo Update" =&gt; File/Directory not found."C:\Users\Nora\AppData\Roaming\VooUpdate" =&gt; File/Directory not found."C:\Program Files (x86)\ver0BlockAndSurf" =&gt; File/Directory not found."C:\Program Files (x86)\gmsd_us_54" =&gt; File/Directory not found."C:\Users\Nora\AppData\Local\gmsd_us_54" =&gt; File/Directory not found.C:\Windows\SysWOW64\inetsrv =&gt; Moved successfully.C:\Windows\system32\inetsrv =&gt; Moved successfully.C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log =&gt; Moved successfully.C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log =&gt; Moved successfully.C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log =&gt; Moved successfully.C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log =&gt; Moved successfully.C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log =&gt; Moved successfully.C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log =&gt; Moved successfully.C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log =&gt; Moved successfully.C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log =&gt; Moved successfully.C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C32D74B-6BC5-41B2-8B5E-7752218138DC}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C32D74B-6BC5-41B2-8B5E-7752218138DC}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{C5E91B79-9709-47A1-BF04-DF0B406F3D53} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5E91B79-9709-47A1-BF04-DF0B406F3D53}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CE266A1-6753-4410-8308-3174BC943865}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CE266A1-6753-4410-8308-3174BC943865}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{A1C6D0FB-7A50-4480-9599-195B6CD69985} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1C6D0FB-7A50-4480-9599-195B6CD69985}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CF2ACB0-21A2-49CB-8F44-56CC48BA110D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF2ACB0-21A2-49CB-8F44-56CC48BA110D}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{3292651E-F6EC-42E4-B313-FB68D98C28F5} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3292651E-F6EC-42E4-B313-FB68D98C28F5}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B6058DE-3D8C-47DE-B6EF-2F6E8F266564}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6058DE-3D8C-47DE-B6EF-2F6E8F266564}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{14226124-8C15-425B-9EEB-79D92D1C715D} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14226124-8C15-425B-9EEB-79D92D1C715D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BFF48BF-3C65-43F9-A78E-60AE044B2A5B}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BFF48BF-3C65-43F9-A78E-60AE044B2A5B}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{212E1AA7-2BA4-43F2-9BA2-E21F7E103C64}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{212E1AA7-2BA4-43F2-9BA2-E21F7E103C64}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{7CB98C50-D9BE-4909-AE82-35B0985E6848} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7CB98C50-D9BE-4909-AE82-35B0985E6848}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E62B6EE-D013-4FAD-81C9-22DB8E34A64E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E62B6EE-D013-4FAD-81C9-22DB8E34A64E}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{EFAF4350-046D-4706-8052-98E4E0ED537D} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EFAF4350-046D-4706-8052-98E4E0ED537D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30B2985C-1AB2-4D34-81B5-38DA2C6D8C1F}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Symantec Error Processor 17.6.0.32" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{311AEFA0-F450-449B-8209-B22F29446AD3}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{311AEFA0-F450-449B-8209-B22F29446AD3}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{FE32D741-F60C-4014-B91E-014D59AEF38D} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE32D741-F60C-4014-B91E-014D59AEF38D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{348E3055-6456-48CF-934F-D9E99EC65A3A}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{348E3055-6456-48CF-934F-D9E99EC65A3A}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEF97E8D-F1DB-4970-93B2-3B0919769CAF}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37273D47-1C3C-4F47-938A-B8E182AD8EFE}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37273D47-1C3C-4F47-938A-B8E182AD8EFE}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{975EC950-40E9-45BD-913E-A4A38E190FFD} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{975EC950-40E9-45BD-913E-A4A38E190FFD}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F36AC41-E031-4CE2-8A24-B87FA6650E4D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F36AC41-E031-4CE2-8A24-B87FA6650E4D}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4522C34B-48A0-4029-8D9D-ABE8F163DEE4}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{421774C5-3C2E-47CB-A692-412DB13458D8}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{421774C5-3C2E-47CB-A692-412DB13458D8}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42F825BF-2DD4-4FB3-BBAA-B407720DEE7E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42F825BF-2DD4-4FB3-BBAA-B407720DEE7E}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{6F179034-0990-4830-ACBF-7816EB6FC7D3} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F179034-0990-4830-ACBF-7816EB6FC7D3}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44A4146E-390F-428F-8E0D-6CED24DA281E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44A4146E-390F-428F-8E0D-6CED24DA281E}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\ARO 2011 =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ARO 2011" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53CEC116-048F-4E74-B4C1-7E6BC5DE00B6}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53CEC116-048F-4E74-B4C1-7E6BC5DE00B6}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B0A3F8CD-EB22-4E69-AFBC-EEE9B35DE032}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58932495-C9B4-456B-9C5A-D1581D8F51B0}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58932495-C9B4-456B-9C5A-D1581D8F51B0}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E302FBE-BD27-4D61-BC28-5FE4F7060DCC}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F9A9550-5E4E-4101-AD0B-9765963B4F0A}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F9A9550-5E4E-4101-AD0B-9765963B4F0A}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7D0D0D3-4A0E-4BC7-B61E-206C4EF2243E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68E37F23-3EAD-4600-86B0-7A4068681C5A}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68E37F23-3EAD-4600-86B0-7A4068681C5A}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{A966F337-70A6-40BD-A23E-9641A9E6100E} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A966F337-70A6-40BD-A23E-9641A9E6100E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D83D45C-7F41-46EB-A876-8FFD883EFF30}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D83D45C-7F41-46EB-A876-8FFD883EFF30}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38F0A657-B5C4-457A-B87A-2C1579F0C2CE}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E9A1C87-53BD-42C3-B3D2-E6B263EF871D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E9A1C87-53BD-42C3-B3D2-E6B263EF871D}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{B360853A-8508-47E6-941A-27A2D557C810} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B360853A-8508-47E6-941A-27A2D557C810}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B6730DD-C895-4FB4-AB35-658A911EC171}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B6730DD-C895-4FB4-AB35-658A911EC171}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{21DD4D3F-8F5C-4CB3-911B-F14653FED949} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{21DD4D3F-8F5C-4CB3-911B-F14653FED949}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C878211-EBBB-4BAD-9328-0125122874B0}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C878211-EBBB-4BAD-9328-0125122874B0}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{955B9E1C-4500-4170-9654-4EF5DA19ADE8} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{955B9E1C-4500-4170-9654-4EF5DA19ADE8}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C91F4DC-EA2F-4B6A-80B1-00A4765D6D36}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DEA9C14D-A617-44B6-AF95-E52ABF75FCF0}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D46CB65-C39B-40FC-94A5-B2E0AE998A20}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D46CB65-C39B-40FC-94A5-B2E0AE998A20}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001 =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-533477281-2566771568-2164580434-1001" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DCE117F-34B2-41F4-A4B5-E281E627D42B}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DCE117F-34B2-41F4-A4B5-E281E627D42B}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FCD5A832-9D2D-4A24-973E-AF3CDEE52179}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8326BACA-18FA-40EE-80A7-9AD5D2495919}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8326BACA-18FA-40EE-80A7-9AD5D2495919}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{811DBE5B-F590-4464-A855-6D5F57D6E43C} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{811DBE5B-F590-4464-A855-6D5F57D6E43C}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85414E55-F451-4F20-9293-0C0600E920AD}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85414E55-F451-4F20-9293-0C0600E920AD}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\avast! Emergency Update =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8ADBAD1F-8099-4787-B74F-82B2BE70AE6E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADBAD1F-8099-4787-B74F-82B2BE70AE6E}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{86B54C96-0281-40C8-8B36-C71D1E4B1B63} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86B54C96-0281-40C8-8B36-C71D1E4B1B63}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9070E9D0-457A-4C01-AB71-286B6571F703}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9070E9D0-457A-4C01-AB71-286B6571F703}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{9612BA83-4DD1-4F98-93A7-85644F977914} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9612BA83-4DD1-4F98-93A7-85644F977914}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93B988FC-D71A-4900-A0E5-F81460BA1A0C}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93B988FC-D71A-4900-A0E5-F81460BA1A0C}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{826E40F0-BAD8-49B8-AD68-AFA53F94421E} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{826E40F0-BAD8-49B8-AD68-AFA53F94421E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95F7B2BD-5928-44C0-843F-86A9F5B732E8}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95F7B2BD-5928-44C0-843F-86A9F5B732E8}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{AFAE8472-59FB-4BEC-B384-F0F14935037C} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AFAE8472-59FB-4BEC-B384-F0F14935037C}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98DED753-9C5F-41E1-AD1B-5676FB876F72}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98DED753-9C5F-41E1-AD1B-5676FB876F72}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{AC0B8B98-D899-4488-BBEC-5C183BF2122C} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC0B8B98-D899-4488-BBEC-5C183BF2122C}" =&gt; Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2693FB0-B40A-4865-82A8-80FB208E5EC8} =&gt; Key not found. C:\Windows\System32\Tasks\Voo Update not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Voo Update =&gt; Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA652F5F-CD59-4C3B-BC9C-E02427CBDD17}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA652F5F-CD59-4C3B-BC9C-E02427CBDD17}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{E64FC190-389E-4FD1-8F0D-449DEC000F1D} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E64FC190-389E-4FD1-8F0D-449DEC000F1D}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47E17A7-495F-44B4-9F1C-1A6AEE5C33E2}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{26A92FB9-3ECB-42E7-BFD3-55F233084927} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26A92FB9-3ECB-42E7-BFD3-55F233084927}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5B26CD4-96AE-4A68-AA04-6699893ABB18}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B26CD4-96AE-4A68-AA04-6699893ABB18}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{95487880-65F2-44DA-9FE5-C4C06E313C98} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95487880-65F2-44DA-9FE5-C4C06E313C98}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD4D13DC-E390-493B-90D9-8B7089EF2845}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD4D13DC-E390-493B-90D9-8B7089EF2845}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{15337126-7FFE-40B6-91A9-431C9199909A} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{15337126-7FFE-40B6-91A9-431C9199909A}" =&gt; Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C135C496-DF68-40E0-B67C-878BD8BF2769} =&gt; Key not found. C:\Windows\System32\Tasks\LaunchApp not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp =&gt; Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D484B062-16AD-468E-A46E-2427773EDC8E}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D484B062-16AD-468E-A46E-2427773EDC8E}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{4C692D40-8403-4910-A293-DDF8BF62DF47} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C692D40-8403-4910-A293-DDF8BF62DF47}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B6C4FF-823B-4CC5-9DFE-8C07F23BF0CD}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7FBA7EBE-17F1-447B-93BD-78FBAE54BF0A}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D90D12E8-83F3-4712-8B3F-494101135373}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D90D12E8-83F3-4712-8B3F-494101135373}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{FC54196F-E633-4F01-BFAB-499B06E4CE07} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC54196F-E633-4F01-BFAB-499B06E4CE07}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D94AD8FB-435C-4203-B42D-DBEB782153E9}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D94AD8FB-435C-4203-B42D-DBEB782153E9}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\Adobe Acrobat Update Task =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA0E4271-29CA-49C9-9CF5-C149B999D199}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0E4271-29CA-49C9-9CF5-C149B999D199}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{684FF1AD-3781-4D39-A168-A9A4D3279289} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{684FF1AD-3781-4D39-A168-A9A4D3279289}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA543196-8FD4-4AE9-A087-F010CBAD93B5}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA543196-8FD4-4AE9-A087-F010CBAD93B5}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{E8817E24-BA28-41D5-9C23-8E10C79A5305} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E8817E24-BA28-41D5-9C23-8E10C79A5305}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC84F3C8-A22A-4A1A-812B-06D0861FD5B6}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC84F3C8-A22A-4A1A-812B-06D0861FD5B6}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{9DEB03FB-5F8B-4090-8F51-2E3823B62909} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DEB03FB-5F8B-4090-8F51-2E3823B62909}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF94DC17-57E1-4BA2-B51A-C93A0FC617BE}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF94DC17-57E1-4BA2-B51A-C93A0FC617BE}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Symantec Error Analyzer 17.6.0.32" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E04042A5-0FE1-495F-B08F-CC5B95D277DE}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E04042A5-0FE1-495F-B08F-CC5B95D277DE}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2BD24AC-258E-4864-B6AA-D4C1C103FBBB}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55BC515-6EBC-4D1A-922A-42D0D98157EB}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55BC515-6EBC-4D1A-922A-42D0D98157EB}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB1A7F8F-C0ED-494F-8F1E-0B39298C564A}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E69C7172-B9E9-46FF-B812-40B47695252C}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69C7172-B9E9-46FF-B812-40B47695252C}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE6207D5-D0DF-48F5-9E80-7CE8B91BDE71}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F09319E1-EB0B-4864-B872-1D96D750D118}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F09319E1-EB0B-4864-B872-1D96D750D118}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F158BDAF-B416-4B5D-B7DC-EDF0F8F65AAD}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{202CCD4D-3F1A-4652-99F6-191F59DBA8FB}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30C72E3-A4CE-4AAB-BE14-E69989855411}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30C72E3-A4CE-4AAB-BE14-E69989855411}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{444017E6-DE6A-445B-96FB-7AD2232993B0} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{444017E6-DE6A-445B-96FB-7AD2232993B0}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6ECC49B-D038-40B2-88B4-031B4677F8E2}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6ECC49B-D038-40B2-88B4-031B4677F8E2}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{A4FB5037-D470-41B8-8A8A-300D86117EC6} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4FB5037-D470-41B8-8A8A-300D86117EC6}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F994897F-240D-44C9-A9D3-F93A7686EF49}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F994897F-240D-44C9-A9D3-F93A7686EF49}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{32781823-6D2D-4E46-B337-3551625E59D4} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32781823-6D2D-4E46-B337-3551625E59D4}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6}" =&gt; Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEED7FA7-582B-4526-B4F7-5DA1DECBFDE6}" =&gt; Key deleted successfully.C:\Windows\System32\Tasks\{1A918A12-3900-41A7-909F-497414F69B87} =&gt; Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A918A12-3900-41A7-909F-497414F69B87}" =&gt; Key deleted successfully.C:\Windows\Tasks\Adobe Flash Player Updater.job =&gt; Moved successfully.C:\Windows\Tasks\ARO 2011.job =&gt; Moved successfully.C:\Windows\Tasks\Voo Update.job not found.========= bitsadmin /reset /allusers =========BITSADMIN version 3.0 [ 7.5.7601 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp.BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.Unable to cancel {4F9B26D5-2B1D-40B9-86AE-16A1A79AD591}.Unable to cancel {87E1ABC4-7542-4914-8DAF-F7CE28244EB8}.{03436591-0884-4544-AF3D-4875AC140506} canceled.{2F703CA8-05A4-47D3-ACBD-E874CDF16394} canceled.{9764B35F-C557-436D-A2D0-2FD6F99E2E5D} canceled.{0F2B069A-4198-4A2E-B393-D87AA2092C2C} canceled.{8EF31D58-B62A-4D23-9469-7BDBA8095857} canceled.{1FE6A18F-734E-4152-8CCE-4023D645A825} canceled.{13C04ED6-BB9D-4591-879C-D70D173065F0} canceled.{7592C540-8B00-48AD-9989-B142CD4CFDFF} canceled.{29E65C88-0A99-4BB4-9A92-48D28616C3B4} canceled.{A4AE7962-33D5-475F-8496-9786A023F12C} canceled.{0F2D1353-C391-4F06-846C-829875E05DD0} canceled.{56D0D283-5B0C-441B-B479-D26C8CEB7D38} canceled.12 out of 14 jobs canceled.========= End of CMD: =========EmptyTemp: =&gt; Removed 295.5 MB temporary data.The system needed a reboot. ==== End of Fixlog 16:47:59 ====

Edited by CaptFeathers, 24 January 2015 - 03:56 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP