Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected computer [Closed]


  • This topic is locked This topic is locked

#1
kate4u2

kate4u2

    Member

  • Member
  • PipPip
  • 28 posts

Hi!  My computer runs slow,  google chrome would not pull up and I could not get on the internet until I did a system restore.  I also need a suggestion for a free virus and malware protection.

Thank you so much!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by NTRG (administrator) on NTRG6 on 15-06-2015 16:10:31
Running from C:\Users\NTRG\Downloads
Loaded Profiles: NTRG (Available Profiles: NTRG)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(BeamYourScreen GmbH) C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe
(BeamYourScreen GmbH) C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-05-06] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2014-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [Mikogo] => C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-host.exe [6666568 2014-12-12] (BeamYourScreen GmbH)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [GoogleChromeAutoLaunch_9B45D87857908B98034224636F1C8C8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
Startup: C:\Users\NTRG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\NTRG\AppData\Roaming\Mozilla\Firefox\Profiles\nms6699s.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: @citrixonline.com/appdetectorplugin -> C:\Users\NTRG\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2015-01-27] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2015-01-27] (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-06-11]
 
Chrome: 
=======
CHR Profile: C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-07]
CHR Extension: (YouTube) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (Google Search) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Pin It Button) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (Gmail) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Mikogo-Service; C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe [944480 2014-12-12] (BeamYourScreen GmbH)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150610.003\IDSvia64.sys [684248 2015-05-28] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 16:10 - 2015-06-15 16:11 - 00018648 _____ C:\Users\NTRG\Downloads\FRST.txt
2015-06-15 16:08 - 2015-06-15 16:08 - 00001134 _____ C:\Users\NTRG\Desktop\FRST64 - Shortcut.lnk
2015-06-15 16:01 - 2015-06-15 16:10 - 00000000 ____D C:\FRST
2015-06-15 16:00 - 2015-06-15 16:00 - 02109952 _____ (Farbar) C:\Users\NTRG\Downloads\FRST64.exe
2015-06-12 16:08 - 2015-06-12 16:08 - 00042755 _____ C:\Users\NTRG\Downloads\DMH-DD-abuse and neglect.html
2015-06-11 09:09 - 2015-06-15 15:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-09 16:49 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 16:49 - 2015-04-08 17:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 16:49 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 16:49 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 16:48 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 16:48 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 16:48 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 16:48 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 16:48 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 16:48 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 16:48 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 16:48 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 16:48 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 16:48 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 16:48 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 16:48 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 16:48 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 16:48 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 16:48 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 16:48 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 16:48 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 16:48 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 16:48 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 16:48 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 16:48 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 16:48 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 16:48 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 16:48 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 16:48 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 16:48 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 16:01 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 16:01 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 16:01 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 16:01 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 16:01 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 16:01 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 16:01 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 16:01 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 16:01 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 16:01 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 16:01 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 16:01 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 16:01 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 16:01 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 16:01 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 16:01 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 16:01 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 16:01 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 16:01 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 16:01 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 16:01 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 16:01 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 16:01 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 16:01 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 16:01 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 16:01 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 16:01 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 16:01 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 16:01 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 16:01 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 16:01 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 16:01 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 16:01 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 16:01 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 16:01 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 16:01 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 16:00 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-07 19:51 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-07 19:51 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 21:40 - 2015-06-03 21:40 - 00000000 ____D C:\Users\NTRG\AppData\Local\GWX
2015-06-01 13:03 - 2015-06-01 13:03 - 00000000 _____ C:\Users\NTRG\Downloads\f.txt
2015-05-30 14:37 - 2015-06-11 08:34 - 00000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002.job
2015-05-30 14:37 - 2015-05-30 14:37 - 00003656 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002
2015-05-18 18:59 - 2015-05-18 18:59 - 00123904 _____ C:\Users\NTRG\Downloads\EssentialOilComparison (1).xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 16:03 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-15 15:56 - 2013-01-07 11:14 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-7598377-2462159904-1464518194-1002
2015-06-15 15:51 - 2013-01-07 12:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 15:50 - 2014-10-23 23:16 - 00000000 ____D C:\Users\NTRG
2015-06-15 15:49 - 2013-08-22 09:46 - 00304213 _____ C:\WINDOWS\setupact.log
2015-06-15 15:49 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-15 15:46 - 2015-04-07 21:18 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-15 15:46 - 2015-01-27 09:29 - 00000000 ____D C:\Users\NTRG\AppData\Roaming\Mikogo
2015-06-15 15:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 15:46 - 2012-11-12 10:27 - 00000000 ____D C:\ProgramData\Norton
2015-06-15 15:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2015-06-15 15:24 - 2014-10-23 23:00 - 01988399 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-15 15:21 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-15 15:20 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-15 12:14 - 2013-03-06 18:39 - 04752896 ___SH C:\Users\NTRG\Downloads\Thumbs.db
2015-06-15 11:35 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-15 11:22 - 2014-10-27 23:19 - 00000000 __SHD C:\Users\NTRG\AppData\Local\EmieSiteList
2015-06-11 08:46 - 2013-01-07 12:03 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 08:36 - 2014-06-03 20:04 - 00000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002.job
2015-06-11 08:34 - 2013-01-21 00:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-11 08:19 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 16:41 - 2014-02-22 10:07 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-10 13:28 - 2014-05-15 13:43 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNTRG
2015-06-10 13:28 - 2014-05-15 13:43 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNTRG.job
2015-06-10 12:25 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-10 12:22 - 2013-08-22 09:44 - 00419192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 12:20 - 2014-09-24 02:03 - 00041636 _____ C:\WINDOWS\PFRO.log
2015-06-10 00:04 - 2014-12-12 00:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 00:04 - 2014-09-24 04:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 00:04 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 00:03 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-09 23:18 - 2014-10-23 23:48 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{049D013E-B3DF-4914-B8B0-F71525AEB313}
2015-06-09 22:33 - 2013-01-07 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 22:33 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-09 22:29 - 2013-08-27 13:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 22:20 - 2013-01-11 10:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 16:34 - 2013-01-21 00:46 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-09 15:46 - 2014-04-22 13:48 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-03 11:18 - 2015-03-11 19:30 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 11:18 - 2015-03-11 19:30 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-30 14:37 - 2014-06-03 20:04 - 00003560 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002
2015-05-28 15:43 - 2015-04-07 21:18 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
 
Some files in TEMP:
====================
C:\Users\NTRG\AppData\Local\Temp\Extract.exe
C:\Users\NTRG\AppData\Local\Temp\i4jdel0.exe
C:\Users\NTRG\AppData\Local\Temp\SP58496.exe
C:\Users\NTRG\AppData\Local\Temp\SP63733.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-15 12:44
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by NTRG at 2015-06-15 16:11:45
Running from C:\Users\NTRG\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7598377-2462159904-1464518194-500 - Administrator - Disabled)
Guest (S-1-5-21-7598377-2462159904-1464518194-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-7598377-2462159904-1464518194-1004 - Limited - Enabled)
NTRG (S-1-5-21-7598377-2462159904-1464518194-1002 - Administrator - Enabled) => C:\Users\NTRG
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mikogo (HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Mikogo) (Version: 5.1.0 - BeamYourScreen GmbH)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7598377-2462159904-1464518194-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
26-05-2015 10:16:54 Scheduled Checkpoint
07-06-2015 19:54:25 Windows Update
11-06-2015 09:16:21 Windows Update
15-06-2015 15:22:26 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {019832F7-04DA-419F-87CF-24B87D550EB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {0B358DA7-B073-4431-81F8-E84341AC5694} - System32\Tasks\HPCeeScheduleForNTRG => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {108B9222-0FDF-4AFA-A457-90C459522269} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {189F8756-A41A-42A8-B5CB-39EE3AF6437D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {18F2D2B7-40A6-4F57-99FE-20ED30C3A4EC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {21E95D3E-22DB-439B-8067-5EED924EE448} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {484797E5-4983-428C-8CC0-3640BFF99A21} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {488E3A6E-BA94-4417-A26F-188AE44D611C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4F765341-4DE4-4FC3-9E3A-4ADEBE56EB5B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {51C40A61-363E-43DB-8744-1C9BA07DCAD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DA3DB7B-1C41-4C4E-96BF-B24BBFA0F094} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6083C890-CA94-4367-9D17-337ACCB4E6AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {6118B4E9-E598-4F02-980A-D86A907A834E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {776527FF-EE0E-4218-A214-ECB24F8B1B2C} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {78751CFB-3984-46B7-BC4C-55DF1FB00F0A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-22] (Synaptics Incorporated)
Task: {867EEDD7-C03D-4F57-81F7-B54897DE071E} - System32\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002 => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {908A9EEA-6A95-45C0-9805-EA91967A9442} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {AEF7FC32-36B4-4B9C-AFA5-BFA1A76EFCB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B1BEDB8C-1306-428A-A13E-C9D8819C33A1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BE0DCC6B-8BD4-4E02-BC86-CF2297100CAA} - System32\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002 => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C497EC67-7058-4825-9123-1E8851D53285} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {C7A697E5-904B-4EDD-925D-C88CFD6C700E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {CBC7373E-F312-4983-AA34-3D95C9884B86} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {D6D958F9-DEB4-4945-91E2-43EACDA58F09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002.job => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002.job => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNTRG.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-20 08:54 - 2012-09-29 14:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2013-12-20 08:55 - 2012-09-29 14:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2013-12-20 08:54 - 2012-09-29 14:26 - 03120128 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpm1210su.dll
2013-12-20 08:54 - 2012-09-29 14:53 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPM1210GC.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-06 13:44 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-09 15:48 - 2015-06-05 13:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 15:48 - 2015-06-05 13:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\NTRG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\StartupApproved\Run: => "Mikogo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FD712954-FE10-424C-93CD-9B879A373476}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BD62A30-04A1-4679-AE0E-E3297B854351}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2015 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1404) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00B79.log.
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60391
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60391
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45735
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45735
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15547
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15547
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/15/2015 03:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (06/15/2015 03:49:25 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (06/15/2015 03:24:10 PM) (Source: DCOM) (EventID: 10010) (User: NTRG6)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (06/15/2015 03:17:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
Error: (06/15/2015 03:17:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
 
Error: (06/15/2015 11:25:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (06/15/2015 11:25:41 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (06/15/2015 11:25:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:07:07 PM on ‎6/‎14/‎2015 was unexpected.
 
Error: (06/15/2015 11:22:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
Error: (06/15/2015 11:22:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
 
Microsoft Office:
=========================
Error: (06/15/2015 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1404SRUJet: C:\WINDOWS\system32\SRU\SRU00B79.log-1811 (0xfffff8ed)
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60391
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60391
 
Error: (06/15/2015 03:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45735
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45735
 
Error: (06/15/2015 03:17:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15547
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15547
 
Error: (06/15/2015 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-06 13:55:13.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 13:49:41.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 12:57:42.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-03 22:29:39.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-03 22:11:35.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:55:46.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:54:36.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:39:01.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:38:53.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:28:53.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 37%
Total physical RAM: 3554.26 MB
Available physical RAM: 2221.47 MB
Total Pagefile: 4194.26 MB
Available Pagefile: 2577.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:569.66 GB) (Free:517.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1EFAD293)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi kate4u2,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.


Let's get started....
 
I am still reviewing your logs and, at first glance, think that this is a software issue.
 
Can you tell me if Norton Internet Security is expired (a paid for subscription has lapsed or a trial period is over, etc.) or just damaged?  We can certainly help you with a Free AntiVirus recommendation and steps on how to removal Norton so everything works properly.  We just need to know the current situation.
 

Also, can you tell me if you want / need Mikogo to start automatically whenever you log on to your system?

In the meantime, I will go over your logs in detail and get back with any fixing / malware removal that needs to be done.  Thank you.


Edited by dbreeze, 16 June 2015 - 04:01 PM.
One additional question - Mikogo

  • 0

#3
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

User has returned; topic reopened at their request.


  • 0

#5
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi !  Thank you for re-opening this topic!

My Norton was a trial that is expired, and Mikogo can be deleted as I do not use it any longer.

I have my downloads going to my desk top.

I have a c.d. to put in my computer to back up files....but I have no idea how to do that.  I dont know if I have " files"  to back up?  The only thing I can think of is that I have saved e-mails I'd like to keep.


Edited by kate4u2, 29 June 2015 - 11:12 AM.

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Thank you for the answers to my questions.  I will keep those in mind while we go through the fixes on your system.  For now the best start is to get some fresh FRST scans (since so much time has past).

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator".

The tool will start to run.  When the tool opens click Yes to disclaimer. (if it does)  The tool  will automatically check for an updated version and download this if it finds one.  Please allow this to happen and when the tool is ready to run the status line will display a message that it is ready.

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please open the logs in notepad (FRST should have done this automatically for you) and copy the logs and paste back in a message as a reply.


  • 0

#7
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by NTRG (administrator) on NTRG6 on 29-06-2015 16:18:48
Running from C:\Users\NTRG\Downloads
Loaded Profiles: NTRG (Available Profiles: NTRG)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(BeamYourScreen GmbH) C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BeamYourScreen GmbH) C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-05-06] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2014-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [Mikogo] => C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-host.exe [6666568 2014-12-12] (BeamYourScreen GmbH)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [GoogleChromeAutoLaunch_9B45D87857908B98034224636F1C8C8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
Startup: C:\Users\NTRG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{303D2FF9-D982-4FE9-9B4C-C5FDE62408C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D37320B9-4EA5-4210-B703-A1A713EAB92B}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF ProfilePath: C:\Users\NTRG\AppData\Roaming\Mozilla\Firefox\Profiles\nms6699s.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: @citrixonline.com/appdetectorplugin -> C:\Users\NTRG\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2015-01-27] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-7598377-2462159904-1464518194-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2015-01-27] (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-06-11]
 
Chrome: 
=======
CHR Profile: C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-07]
CHR Extension: (YouTube) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (Google Search) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Pin It Button) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (Gmail) - C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Mikogo-Service; C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe [944480 2014-12-12] (BeamYourScreen GmbH)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150610.003\IDSvia64.sys [684248 2015-05-28] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-29 16:16 - 2015-06-29 16:16 - 00000000 ____D C:\Users\NTRG\Downloads\FRST-OlderVersion
2015-06-18 17:39 - 2015-06-18 17:39 - 00053962 _____ C:\Users\NTRG\Downloads\Attachments_2015618.zip
2015-06-17 17:09 - 2015-06-17 17:09 - 00053962 _____ C:\Users\NTRG\Downloads\Attachments_2015617.zip
2015-06-15 23:12 - 2015-06-15 23:12 - 00281475 _____ C:\Users\NTRG\Downloads\What are Essential Oils_.html
2015-06-15 23:12 - 2015-06-15 23:12 - 00000000 ____D C:\Users\NTRG\Downloads\What are Essential Oils__files
2015-06-15 18:53 - 2015-06-15 18:53 - 00016384 ___SH C:\Users\NTRG\Desktop\Thumbs.db
2015-06-15 16:11 - 2015-06-15 16:12 - 00030109 _____ C:\Users\NTRG\Downloads\Addition.txt
2015-06-15 16:10 - 2015-06-29 16:19 - 00018698 _____ C:\Users\NTRG\Downloads\FRST.txt
2015-06-15 16:08 - 2015-06-15 16:08 - 00001134 _____ C:\Users\NTRG\Desktop\FRST64 - Shortcut.lnk
2015-06-15 16:01 - 2015-06-29 16:18 - 00000000 ____D C:\FRST
2015-06-15 16:00 - 2015-06-29 16:16 - 02112512 _____ (Farbar) C:\Users\NTRG\Downloads\FRST64.exe
2015-06-12 16:08 - 2015-06-12 16:08 - 00042755 _____ C:\Users\NTRG\Downloads\DMH-DD-abuse and neglect.html
2015-06-09 16:49 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 16:49 - 2015-04-08 17:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 16:49 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 16:49 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 16:48 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 16:48 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 16:48 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 16:48 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 16:48 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 16:48 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 16:48 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 16:48 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 16:48 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 16:48 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 16:48 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 16:48 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 16:48 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 16:48 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 16:48 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 16:48 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 16:48 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 16:48 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 16:48 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 16:48 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 16:48 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 16:48 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 16:48 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 16:48 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 16:48 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 16:48 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 16:01 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 16:01 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 16:01 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 16:01 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 16:01 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 16:01 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 16:01 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 16:01 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 16:01 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 16:01 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 16:01 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 16:01 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 16:01 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 16:01 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 16:01 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 16:01 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 16:01 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 16:01 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 16:01 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 16:01 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 16:01 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 16:01 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 16:01 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 16:01 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 16:01 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 16:01 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 16:01 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 16:01 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 16:01 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 16:01 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 16:01 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 16:01 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 16:01 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 16:01 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 16:01 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 16:01 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 16:01 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 16:01 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 16:00 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-07 19:51 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 19:51 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-07 19:51 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 21:40 - 2015-06-03 21:40 - 00000000 ____D C:\Users\NTRG\AppData\Local\GWX
2015-06-01 13:03 - 2015-06-01 13:03 - 00000000 _____ C:\Users\NTRG\Downloads\f.txt
2015-05-30 14:37 - 2015-06-29 15:52 - 00000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002.job
2015-05-30 14:37 - 2015-06-20 21:36 - 00003656 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-29 16:08 - 2014-06-03 20:04 - 00000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002.job
2015-06-29 16:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-29 15:46 - 2013-01-07 12:03 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 15:34 - 2013-01-21 00:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 15:27 - 2014-10-23 23:48 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{049D013E-B3DF-4914-B8B0-F71525AEB313}
2015-06-29 15:04 - 2013-01-07 12:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 13:11 - 2014-10-23 23:16 - 00000000 ____D C:\Users\NTRG
2015-06-29 13:06 - 2013-08-22 09:46 - 00305084 _____ C:\WINDOWS\setupact.log
2015-06-29 13:06 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-29 11:05 - 2014-05-15 13:43 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNTRG.job
2015-06-27 14:36 - 2014-10-23 23:00 - 01125418 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 15:58 - 2013-01-07 11:14 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-7598377-2462159904-1464518194-1002
2015-06-26 15:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-25 16:59 - 2013-03-06 18:39 - 04786176 ___SH C:\Users\NTRG\Downloads\Thumbs.db
2015-06-24 09:10 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-23 14:34 - 2013-01-21 00:46 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-23 14:29 - 2014-05-15 13:43 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNTRG
2015-06-23 14:29 - 2014-04-22 13:48 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-20 21:36 - 2014-06-03 20:04 - 00003560 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002
2015-06-19 22:02 - 2015-03-11 19:30 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2015-03-11 19:30 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 14:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 15:46 - 2015-04-07 21:18 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-15 15:46 - 2015-01-27 09:29 - 00000000 ____D C:\Users\NTRG\AppData\Roaming\Mikogo
2015-06-15 15:46 - 2012-11-12 10:27 - 00000000 ____D C:\ProgramData\Norton
2015-06-15 15:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2015-06-15 15:20 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-15 11:35 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-15 11:22 - 2014-10-27 23:19 - 00000000 __SHD C:\Users\NTRG\AppData\Local\EmieSiteList
2015-06-11 08:19 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 16:41 - 2014-02-22 10:07 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-10 12:25 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-10 12:22 - 2013-08-22 09:44 - 00419192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 12:20 - 2014-09-24 02:03 - 00041636 _____ C:\WINDOWS\PFRO.log
2015-06-10 00:04 - 2014-12-12 00:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 00:04 - 2014-09-24 04:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 00:04 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 00:03 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-09 22:33 - 2013-01-07 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 22:29 - 2013-08-27 13:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 22:20 - 2013-01-11 10:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Some files in TEMP:
====================
C:\Users\NTRG\AppData\Local\Temp\Extract.exe
C:\Users\NTRG\AppData\Local\Temp\i4jdel0.exe
C:\Users\NTRG\AppData\Local\Temp\SP58496.exe
C:\Users\NTRG\AppData\Local\Temp\SP63733.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-15 16:30
 
==================== End of log ============================

  • 0

#8
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by NTRG at 2015-06-29 16:20:30
Running from C:\Users\NTRG\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7598377-2462159904-1464518194-500 - Administrator - Disabled)
Guest (S-1-5-21-7598377-2462159904-1464518194-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-7598377-2462159904-1464518194-1004 - Limited - Enabled)
NTRG (S-1-5-21-7598377-2462159904-1464518194-1002 - Administrator - Enabled) => C:\Users\NTRG
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mikogo (HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Mikogo) (Version: 5.1.0 - BeamYourScreen GmbH)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7598377-2462159904-1464518194-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
11-06-2015 09:16:21 Windows Update
15-06-2015 15:22:26 Restore Operation
23-06-2015 22:41:34 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {019832F7-04DA-419F-87CF-24B87D550EB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {108B9222-0FDF-4AFA-A457-90C459522269} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {18F2D2B7-40A6-4F57-99FE-20ED30C3A4EC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {21E95D3E-22DB-439B-8067-5EED924EE448} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {488E3A6E-BA94-4417-A26F-188AE44D611C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4F765341-4DE4-4FC3-9E3A-4ADEBE56EB5B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {51C40A61-363E-43DB-8744-1C9BA07DCAD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6083C890-CA94-4367-9D17-337ACCB4E6AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {6118B4E9-E598-4F02-980A-D86A907A834E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {78751CFB-3984-46B7-BC4C-55DF1FB00F0A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-22] (Synaptics Incorporated)
Task: {867EEDD7-C03D-4F57-81F7-B54897DE071E} - System32\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002 => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {908A9EEA-6A95-45C0-9805-EA91967A9442} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9E2D1FDB-6B80-4987-A66D-56B96905AC82} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {AC03D43B-883A-419F-9EE9-2925CB6479F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {AEF7FC32-36B4-4B9C-AFA5-BFA1A76EFCB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B1BEDB8C-1306-428A-A13E-C9D8819C33A1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BE0DCC6B-8BD4-4E02-BC86-CF2297100CAA} - System32\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002 => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D57C6405-B313-4517-B843-64DD506E2BD9} - System32\Tasks\HPCeeScheduleForNTRG => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D6D958F9-DEB4-4945-91E2-43EACDA58F09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-7598377-2462159904-1464518194-1002.job => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-7598377-2462159904-1464518194-1002.job => C:\Users\NTRG\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNTRG.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-20 08:54 - 2012-09-29 14:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2013-12-20 08:55 - 2012-09-29 14:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2013-12-20 08:54 - 2012-09-29 14:26 - 03120128 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpm1210su.dll
2013-12-20 08:54 - 2012-09-29 14:53 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPM1210GC.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 18:47 - 2015-06-20 00:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 18:47 - 2015-06-20 00:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2014-05-06 13:44 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\NTRG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\StartupApproved\Run: => "Mikogo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D3A9CB0C-0A13-46CD-AF88-8E7739E04E56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CD9D7852-7545-4C1E-8FDD-C2643D4E2C95}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2015 03:41:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/27/2015 01:35:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14516
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14516
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2015 02:27:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/25/2015 04:44:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/23/2015 09:47:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/20/2015 10:40:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/20/2015 06:13:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (06/29/2015 01:06:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (06/29/2015 01:06:49 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (06/29/2015 01:06:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:05:11 PM on ‎6/‎29/‎2015 was unexpected.
 
Error: (06/29/2015 00:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (06/29/2015 00:27:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
 
Microsoft Office:
=========================
Error: (06/29/2015 03:41:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/27/2015 01:35:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14516
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14516
 
Error: (06/26/2015 02:51:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2015 02:27:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/25/2015 04:44:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/23/2015 09:47:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/20/2015 10:40:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/20/2015 06:13:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-06 13:55:13.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 13:49:41.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 12:57:42.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-03 22:29:39.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-03 22:11:35.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:55:46.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:54:36.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:39:01.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:38:53.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-02 22:28:53.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 29%
Total physical RAM: 3554.26 MB
Available physical RAM: 2514.35 MB
Total Pagefile: 4194.26 MB
Available Pagefile: 2904.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:569.66 GB) (Free:518.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1EFAD293)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Mikogo
Norton Internet Security


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [Mikogo] => C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-host.exe [6666568 2014-12-12] (BeamYourScreen GmbH)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [GoogleChromeAutoLaunch_9B45D87857908B98034224636F1C8C8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
C:\Users\NTRG\AppData\Roaming\Mikogo
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Tcpip\..\Interfaces\{D37320B9-4EA5-4210-B703-A1A713EAB92B}: [DhcpNameServer] 208.180.42.68 208.180.42.100
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-06-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
R2 Mikogo-Service; C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe [944480 2014-12-12] (BeamYourScreen GmbH)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150610.003\IDSvia64.sys [684248 2015-05-28] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
C:\Users\NTRG\AppData\Local\Temp\Extract.exe
C:\Users\NTRG\AppData\Local\Temp\i4jdel0.exe
C:\Users\NTRG\AppData\Local\Temp\SP58496.exe
C:\Users\NTRG\AppData\Local\Temp\SP63733.exe
Task: {21E95D3E-22DB-439B-8067-5EED924EE448} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {908A9EEA-6A95-45C0-9805-EA91967A9442} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B1BEDB8C-1306-428A-A13E-C9D8819C33A1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also tell me how your system is running now.


  • 0

#10
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I saved the fixlist in the notepad on my desk top with the frst64, but when i tried to run the frst64 it said no fixlist found. How do I save them together?


Edited by kate4u2, 30 June 2015 - 04:20 PM.

  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

The logs show that FRST64.exe is located in the Downloads folder with only a shortcut link on your desktop.

 

2015-06-15 16:11 - 2015-06-15 16:12 - 00030109 _____ C:\Users\NTRG\Downloads\Addition.txt
2015-06-15 16:10 - 2015-06-29 16:19 - 00018698 _____ C:\Users\NTRG\Downloads\FRST.txt
2015-06-15 16:08 - 2015-06-15 16:08 - 00001134 _____ C:\Users\NTRG\Desktop\FRST64 - Shortcut.lnk
2015-06-15 16:01 - 2015-06-29 16:18 - 00000000 ____D C:\FRST
2015-06-15 16:00 - 2015-06-29 16:16 - 02112512 _____ (Farbar) C:\Users\NTRG\Downloads\FRST64.exe

 

 

Quick fix:

Delete the FRST64 that is on your desktop.

Open File Explorer (the usual Windows Explorer.exe that use to work with files and folders) and navigate to C:\Users\NTRG\Downloads and right click on FRST64.exe.

Select CUT from the menu.

Minimize or close EXplorer and go to your desktop.

Right click on a blank spot on it and select PASTE from the menu.

FRST64.exe should now be on your desktop along with the Fixlist.

 

Try to run the Fixlist script again now.


  • 0

#12
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I think I did it correctly! Thank you so much!  It is running much faster.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by NTRG at 2015-06-30 20:28:23 Run:1
Running from C:\Users\NTRG\Desktop
Loaded Profiles: NTRG (Available Profiles: NTRG)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [Mikogo] => C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-host.exe [6666568 2014-12-12] (BeamYourScreen GmbH)
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\...\Run: [GoogleChromeAutoLaunch_9B45D87857908B98034224636F1C8C8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
C:\Users\NTRG\AppData\Roaming\Mikogo
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-7598377-2462159904-1464518194-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Tcpip\..\Interfaces\{D37320B9-4EA5-4210-B703-A1A713EAB92B}: [DhcpNameServer] 208.180.42.68 208.180.42.100
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-06-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-18]
R2 Mikogo-Service; C:\Users\NTRG\AppData\Roaming\Mikogo\Mikogo-Service.exe [944480 2014-12-12] (BeamYourScreen GmbH)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150610.003\IDSvia64.sys [684248 2015-05-28] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150610.066\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-17] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
C:\Users\NTRG\AppData\Local\Temp\Extract.exe
C:\Users\NTRG\AppData\Local\Temp\i4jdel0.exe
C:\Users\NTRG\AppData\Local\Temp\SP58496.exe
C:\Users\NTRG\AppData\Local\Temp\SP63733.exe
Task: {21E95D3E-22DB-439B-8067-5EED924EE448} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {908A9EEA-6A95-45C0-9805-EA91967A9442} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B1BEDB8C-1306-428A-A13E-C9D8819C33A1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Mikogo => value not found.
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9B45D87857908B98034224636F1C8C8A => value removed successfully
"C:\Users\NTRG\AppData\Roaming\Mikogo" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKU\S-1-5-21-7598377-2462159904-1464518194-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-7598377-2462159904-1464518194-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-7598377-2462159904-1464518194-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
"HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
"HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
"HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D37320B9-4EA5-4210-B703-A1A713EAB92B}\\DhcpNameServer => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => value not found.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => key not found. 
"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => key not found. 
"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Folder not found.
Mikogo-Service => Service not found.
NIS => Service not found.
BHDrvx64 => Service not found.
ccSet_NIS => Service not found.
eeCtrl => Service removed successfully
EraserUtilRebootDrv => Service removed successfully
IDSVia64 => Service not found.
NAVENG => Service not found.
NAVEX15 => Service not found.
SRTSP => Service not found.
SRTSPX => Service not found.
SymDS => Service not found.
SymEFA => Service not found.
SymELAM => Service not found.
SymEvent => Service not found.
SymIRON => Service not found.
SymNetS => Service not found.
C:\Users\NTRG\AppData\Local\Temp\Extract.exe => moved successfully.
C:\Users\NTRG\AppData\Local\Temp\i4jdel0.exe => moved successfully.
C:\Users\NTRG\AppData\Local\Temp\SP58496.exe => moved successfully.
C:\Users\NTRG\AppData\Local\Temp\SP63733.exe => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21E95D3E-22DB-439B-8067-5EED924EE448} => key not found. 
C:\Windows\System32\Tasks\Norton WSC Integration not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{908A9EEA-6A95-45C0-9805-EA91967A9442} => key not found. 
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BEDB8C-1306-428A-A13E-C9D8819C33A1} => key not found. 
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor => key not found. 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-7598377-2462159904-1464518194-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:29:13 ====

  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

When you uninstalled Norton, did Windows Defender start and is it running now?
 
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#14
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I am not aware of windows defender running?  No new icons on my desk top.


  • 0

#15
kate4u2

kate4u2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
# AdwCleaner v4.207 - Logfile created 01/07/2015 at 13:16:58
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : NTRG - NTRG6
# Running from : C:\Users\NTRG\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\NTRG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [741 bytes] - [01/07/2015 13:16:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [799 bytes] ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP