Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Owner (administrator) on OWNER-PC on 12-05-2015 13:06:41
Running from E:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Yontoo LLC) C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-17] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-01] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Yontoo Desktop] => C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-30] (Yontoo LLC)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll => c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [2523136 2013-07-08] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: GetSavin 5.0 -> {5BB972CB-156D-4811-9D36-9570AF1E2BB7} -> C:\Users\Owner\AppData\Local\getsavin\ie\getsavin_1362754201.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-10] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll [2013-03-13] (Delta-search.com)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-10] (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2013-04-30] (Yontoo LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll [2013-03-13] (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default
FF NewTab: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=NT_ss&mntrId=CA88C417FE843CAE
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www2.delta-search.com/?affID=119842&tt=gc_&babsrc=HP_ss&mntrId=CA88C417FE843CAE
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3306144526-1543565107-3197362354-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\user.js [2013-05-06]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-16] (Apple Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\babylon.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\bing-zugo.xml [2011-08-25]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\BrowserProtect.xml [2013-02-15]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\delta.xml [2013-05-06]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\flv-runner-b-customized-web-search.xml [2013-03-08]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-4.xml [2015-05-11]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-5.xml [2011-10-17]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\icqplugin-6.xml [2012-04-03]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\searchplugins\Mp3Tube.xml [2011-09-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearch.xml [2013-03-08]
FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\
[email protected] [2013-05-06]
FF Extension: GetSavin - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\getsavin@jetpack [2013-03-08]
FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\
[email protected] [2013-05-06]
FF Extension: ShopToWin15 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} [2012-11-24]
FF Extension: Yahoo! Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-10]
FF Extension: GPComponent - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jd3r6gen.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} [2013-05-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-11]
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\
[email protected] [2011-06-16]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\
[email protected] [2011-06-15]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF Extension: GPComponent - C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi [2013-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2015-05-11]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib\7.13.1.0_0\background/registryAccess.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Delta Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-05-20]
CHR Extension: (StartNow) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei [2012-12-02]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-02]
CHR Extension: (Amazing Coupons) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-03-08]
CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-11]
CHR Extension: (Yontoo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2012-12-02]
CHR HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Owner\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\delta2.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-06]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\Owner\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [348152 2013-05-17] (Verizon) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20150501.001\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20150510.002\IDSvia64.sys [671448 2015-05-10] (Symantec Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2011-06-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150510.018\ENG64.SYS [129752 2015-05-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150510.018\EX64.SYS [2137304 2015-05-10] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 13:05 - 2015-05-12 13:06 - 00000000 ____D () C:\FRST
2015-05-11 19:11 - 2015-05-11 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 13:06 - 2012-03-29 23:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 13:05 - 2009-07-13 22:13 - 00005168 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 13:04 - 2013-03-08 15:04 - 00010464 _____ () C:\Windows\setupact.log
2015-05-12 13:03 - 2013-05-06 20:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yontoo
2015-05-12 13:03 - 2011-09-07 00:47 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA.job
2015-05-12 13:03 - 2011-09-07 00:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core.job
2015-05-12 13:03 - 2011-06-17 22:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 13:03 - 2011-06-15 20:10 - 01883534 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 20:08 - 2012-06-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-11 20:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-05-11 18:56 - 2013-07-05 00:19 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-05-11 18:56 - 2009-07-13 21:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:56 - 2009-07-13 21:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:48 - 2013-07-05 08:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-05-11 18:39 - 2011-06-17 22:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 18:39 - 2011-06-15 22:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-11 18:37 - 2011-09-08 02:54 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-11 18:35 - 2011-10-20 09:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-11 18:34 - 2011-06-15 20:09 - 00000000 ____D () C:\Users\Owner
2015-05-11 18:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 18:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-11 18:31 - 2013-07-05 00:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-05-11 18:31 - 2013-03-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:31 - 2013-02-02 20:52 - 00000000 ____D () C:\ProgramData\Norton
2015-05-11 18:31 - 2012-08-26 14:11 - 00000000 ____D () C:\ProgramData\Skype
2015-05-11 18:31 - 2011-09-07 00:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-11 18:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-11 18:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-05-11 18:25 - 2011-09-01 00:54 - 00000000 ____D () C:\Program Files (x86)\Verizon
2015-05-11 18:25 - 2011-06-17 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-05-11 18:24 - 2012-08-26 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-11 18:24 - 2012-04-05 21:55 - 00000000 __RHD () C:\MSOCache
==================== Files in the root of some directories =======
2013-05-08 08:04 - 2013-02-09 14:55 - 0114176 _____ () C:\Users\Owner\AppData\Roaming\BabMaint.exe
2013-09-06 22:30 - 2013-09-06 22:30 - 0000042 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2012-10-25 21:49 - 2012-11-21 12:20 - 0583306 _____ () C:\Users\Owner\AppData\Roaming\technic-launcher.jar
2012-10-25 21:49 - 2012-11-04 21:42 - 0579274 _____ () C:\Users\Owner\AppData\Roaming\technic-launcher.jar.bak
2011-08-21 20:30 - 2012-08-13 21:28 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 10:36 - 2013-05-20 10:36 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-01-19 20:42 - 2013-01-19 20:42 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\ProgramData\C__Users_Owner_AppData_Local_Temp_wz9195_Crack_HideIPEasy.exe
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\5.1.31.16_Full.exe
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32ax_aih.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\JREInstall160_37.exe
C:\Users\Owner\AppData\Local\Temp\mssinstaller.exe
C:\Users\Owner\AppData\Local\Temp\NeatExecAsUser32.exe
C:\Users\Owner\AppData\Local\Temp\nsp6fwj2.dll
C:\Users\Owner\AppData\Local\Temp\SetACL.exe
C:\Users\Owner\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Owner\AppData\Local\Temp\VistaTools32.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-28 21:01
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Owner at 2015-05-12 13:08:24
Running from E:\
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3306144526-1543565107-3197362354-500 - Administrator - Disabled)
Guest (S-1-5-21-3306144526-1543565107-3197362354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3306144526-1543565107-3197362354-1003 - Limited - Enabled)
Owner (S-1-5-21-3306144526-1543565107-3197362354-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Disabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Wonders II (HKLM-x32\...\exent_586350) (Version: - )
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
7-Zip File Manager version 9.20 (HKLM-x32\...\{863448D4-F184-4B21-A46B-323C97A2D038}_is1) (Version: 9.20 - Download Freely, LLC)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version: - )
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Delta) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.16.16 - Delta) <==== ATTENTION
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exeba E-Swipe (HKLM-x32\...\{9844B51E-0CA6-40E9-BF73-B01E256F4197}) (Version: - )
Exeba-COMM (HKLM-x32\...\{69FCCDC8-ECE0-480D-A5AD-E068EC29F1AD}) (Version: - )
Fantastigames (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
GetSavin (HKLM-x32\...\GetSavin) (Version: 1.1362754218 - Adpeak, Inc.)
Google Chrome (HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4209.2358 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
Hide IP Easy (HKLM-x32\...\HideIPEasy) (Version: 5.0.8.2 - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM-x32\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog MyOwnLeaptop Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTools (HKLM-x32\...\MiniToolsv2.61) (Version: v2.61 - )
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSR 5.12.04 (HKLM-x32\...\MSR Modular Signal Recorder_is1) (Version: - )
MSR609HID (HKLM-x32\...\MSR609HIDv1.10) (Version: v1.10 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (x32 Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.5.5 - Symantec Corporation)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version: - )
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Settings Alerter (HKLM-x32\...\Settings Alerter) (Version: 4.5.0.5415 - Koyote-Lab, Inc) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden
Unity Web Player (HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
Vz In Home Agent (HKLM-x32\...\{40D36ECF-FA05-4077-B836-C439CD0DDEF1}) (Version: 8.03.71 - Verizon)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
Yontoo 2.053 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.053 - Yontoo LLC) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3306144526-1543565107-3197362354-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
==================== Restore Points =========================
06-08-2013 19:30:55 Windows Update
10-08-2013 19:26:40 Windows Update
11-08-2013 07:54:20 Windows Update
17-08-2013 08:19:31 Windows Update
23-08-2013 20:51:56 Windows Update
28-08-2013 19:43:45 Windows Update
06-09-2013 22:31:38 Windows Update
06-09-2013 23:10:42 Windows Update
06-09-2013 23:52:44 Windows Update
07-09-2013 15:02:26 Windows Modules Installer
07-09-2013 15:15:48 Windows Update
11-05-2015 18:14:56 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2013-03-08 12:28 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0893EDC2-E291-473C-A6E4-6548BE1FF194} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {0BEBB509-9B7D-431F-A7BC-9D35815492AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)
Task: {0C057DA2-17DB-4BB2-AC6A-CC093EDC625B} - System32\Tasks\{308E30B1-FEFD-447B-ADA7-0C1898344C1F} => pcalua.exe -a C:\Users\Owner\Downloads\HijackThis.exe -d C:\Users\Owner\Downloads
Task: {12EECD40-99FB-4C17-8524-202623BF6F32} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {1B9B0D14-74C1-4190-AC33-271E84437971} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {1E02C06A-1677-4331-83F4-EFD39B9B551A} - System32\Tasks\EPUpdater => C:\Users\Owner\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {225139B3-FC3A-491F-9748-6595EECEB145} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {26B32C1F-F656-4CB7-920F-C5650AB20539} - System32\Tasks\Norton Security Scan for Owner => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.5.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {2B1B8B33-FECC-4F45-B7C2-F6D3804EAF0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3682579F-AFF7-4DF0-BAD8-B9CC5E6A811B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3B190A9F-FB58-43D2-8FFF-4BAE5BD4C406} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {4D06C704-6C81-412F-B4A3-C1B988EEDA89} - System32\Tasks\{5CA3271B-0433-4579-8024-9224B472AE75} => pcalua.exe -a C:\Windows\MSR609HID\uninstall.exe -d C:\Windows\MSR609HID
Task: {72378FCE-5788-4C6F-B1BA-D0D6E8F89D9E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7D1E9C3D-1E71-40D4-9010-F6A40B305E13} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {89B3ED2A-C22A-4AF9-956B-497090997785} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {94F11D60-3C63-4344-9CBA-CE10616EC673} - System32\Tasks\{3B5CCD45-9BC8-40ED-91FB-60625231AD5F} => pcalua.exe -a C:\Users\Owner\Downloads\RhapsodyVcast.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {9F0FA91F-9A06-48D3-801D-B9899409DA67} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {A237F078-75A1-4868-95A3-FE46C1795387} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {ADAA3CF0-34C0-4226-BC48-D1680A350BB6} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {B1DE67E2-FC1B-49DC-B565-DC5E19D1DEA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
Task: {BB418D19-1708-4399-9B04-0941B10A3D8B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C316E194-9395-4E27-8AF9-B81A402EA6CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)
Task: {C44E1079-B147-4429-81CE-ECFFC61BD15D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
Task: {D8BA3227-3CD3-4E67-94BC-BE5C85EF14A8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {DF42E2A3-118E-4A24-9AEA-25D78AC480E8} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {E2E0E115-DD1A-4A8B-82FA-0ADB89E8FB69} - System32\Tasks\GorillaPrice => C:\Program <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306144526-1543565107-3197362354-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Owner.job => C:\PROGRA~2\NORTON~2\Engine\375~1.5\Nss.exe
==================== Loaded Modules (whitelisted) ==============
2013-04-10 09:59 - 2013-02-04 10:00 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2011-12-06 14:00 - 2011-12-06 14:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Owner\Downloads\284532_2091072129574_6963947_n.jpg:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3306144526-1543565107-3197362354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{44E4DF5F-19F3-4965-BEFB-B368249FC86B}] => (Allow) LPort=50000
FirewallRules: [{FBD679F0-2DC7-4C1F-BA67-4E88D13EA9B4}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6D7F01CF-B1FC-4CB6-B300-3A580AF49B30}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6402DF17-A4C6-46B3-AA44-856FDE48E461}] => (Allow) LPort=50000
FirewallRules: [{1B35B4AE-E69F-4E3B-A55E-A1CBFF9D347D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81CD796A-6C56-491F-A377-38F6A2DB73DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1342AD3-984E-4B8D-AB0B-211532CC9F1B}] => (Allow) C:\Program Files (x86)\V CAST Music with Rhapsody\rhapsody.exe
FirewallRules: [{405BF702-2634-4711-A44A-EA2CA21583A3}] => (Allow) C:\Program Files (x86)\V CAST Music with Rhapsody\rhapsody.exe
FirewallRules: [{A576507A-1403-4540-AAFC-5AC36092B2B2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{38CBEADC-CEBF-48EE-91AB-283FE6AC8B51}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{BA6826B7-6558-4801-BD62-ED2764494314}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{1CFFBE4D-FD9B-4138-BA7C-EE1BC12A5F05}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{EBA0490D-7853-4160-B6E0-D1D2060C199C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{75857D67-66FC-4F50-8E44-7B5B7F34E474}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C560576C-DC23-45CC-AC32-95577FBDA864}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56F03606-5C9D-4FA1-9979-5F523CE61928}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{546754B1-C7BF-4051-BE3D-95323543B46B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E1D1AD23-BBA1-4637-9DDC-A58DBDD7A0A1}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{6103E9D4-EA9B-4B81-89E1-3D6EB2581B0E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4BE096A5-520B-4102-AF14-D4A27894E6F9}C:\program files (x86)\phoenix viewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenix viewer\slvoice.exe
FirewallRules: [UDP Query User{1B46A353-0BF9-471C-A91E-954637FB6A7F}C:\program files (x86)\phoenix viewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenix viewer\slvoice.exe
FirewallRules: [TCP Query User{7889F757-73DA-4145-A6E3-F5EB57118350}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{A7A4F830-9AE2-4E2F-8600-E5C1547B5418}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{A4EB8632-FCAA-48DA-8F50-CD8A14A9580B}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{9715E611-33B2-4EBA-A139-33405933E7CA}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{2DF0720C-AC80-413F-8922-8A147B189313}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C461B663-2196-47E1-8588-18BFCCB0981D}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{AFA26F84-8B2E-4930-AB5A-CB793C7F57BA}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D0A7F6FF-09A2-495F-A989-F99303F49DEF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{B5D71669-BA8A-486A-A0A6-53A6EACC6EB7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{30D1C1B1-2D8D-4976-B857-76647FEFA3DD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C0E3F0B5-9E89-4211-A067-75943CF5FF42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{0D7F1F5D-3D0A-4F06-9BCB-CC48D3D91B54}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{5D5A8D0C-CC0D-479E-862D-9BEAD2E42998}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{220874EF-F9E8-4CC3-84CB-4522BA437531}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D57F99BA-0865-43C1-B074-AE0B20F072B2}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
==================== Faulty Device Manager Devices =============
Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRTSPX
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660
System errors:
=============
Error: (05/12/2015 01:03:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/11/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053
Error: (05/11/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Error: (05/11/2015 06:38:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053
Error: (05/11/2015 06:38:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
Error: (05/11/2015 06:37:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
Error: (05/11/2015 06:36:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
SRTSP
Error: (05/11/2015 06:36:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (05/11/2015 06:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2
Error: (05/11/2015 06:35:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (05/12/2015 01:05:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60744699
Error: (05/12/2015 01:02:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60743701
Error: (05/12/2015 01:02:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660
Error: (05/11/2015 08:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660
CodeIntegrity Errors:
===================================
Date: 2013-03-08 11:24:14.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-08 11:24:14.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 2008.36 MB
Available physical RAM: 640.45 MB
Total Pagefile: 6556.36 MB
Available Pagefile: 4458.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:242.26 GB) NTFS
Drive d: (TOM_AND_JERRY_WISKERS_AWAY) (CDROM) (Total:3.5 GB) (Free:0 GB) UDF
Drive e: (USB DISK) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 592C76AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: BA6686F8)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
==================== End Of Log ============================