I ran ESET twice and each time at the end of the scan the screen went black and then blank and I wasn't able to clean the 45 infected files or get the logs. All other logs are below
# AdwCleaner v5.009 - Logfile created 29/09/2015 at 15:56:38
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows Vista Home Premium Service Pack 2 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.009.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[#] Folder Deleted : C:\Program Files (x86)\savedailydeals
[#] Folder Deleted : C:\Program Files (x86)\iWin.com Games
[#] Folder Deleted : C:\Program Files (x86)\FastAgain PC Booster
[#] Folder Deleted : C:\Program Files (x86)\iwin games
[#] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[#] Folder Deleted : C:\ProgramData\FileCure
[#] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\iwin games
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\goforfiles
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\savedailydeals
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAgain PC Booster
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[#] Folder Deleted : C:\Users\Owner\AppData\LocalLow\HPAppData
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\Activeris
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\iWin
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
***** [ Files ] *****
[-] File Deleted : C:\Users\Public\Desktop\FastAgain PC Booster.lnk
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : DSite
[-] Task Deleted : filecure startup
[-] Task Deleted : GoforFilesUpdate
[-] Task Deleted : paretologic registration3
[-] Task Deleted : paretologic update version3
[-] Task Deleted : RunAsStdUser Task
[-] Task Deleted : FastAgain PC Booster_DEFAULT
[-] Task Deleted : FastAgain PC Booster_UPDATES
[-] Task Deleted : ParetoLogic Update Version3 Startup Task
[-] Task Deleted : Adobe Flash Player Updater
[-] Task Deleted : CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\SaveDailyDeals
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveDailyDeals
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveDailyDeals
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B74443DB-5A88-4583-860A-F0D06EF399E3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Consumer Input Installer
[!] Key Not Deleted : [x64] HKCU\Software\SaveDailyDeals
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[!] Key Not Deleted : HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DCBE40A-1BD6-4A33-B94C-F1A9DE503450}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4D595045-2D32-45D8-8F9A-63E999148DE5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05223EBF-1359-4310-88FF-1581B2A7C0A0}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DCBE40A-1BD6-4A33-B94C-F1A9DE503450}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4D595045-2D32-45D8-8F9A-63E999148DE5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05223EBF-1359-4310-88FF-1581B2A7C0A0}
[!] Key Not Deleted : HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0DCBE40A-1BD6-4A33-B94C-F1A9DE503450}
[-] Data Restored : HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4D595045-2D32-45D8-8F9A-63E999148DE5}
***** [ Web browsers ] *****
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com_
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&babsrc=SP_ss&mntrId=E8CC002369DF8C65
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eooncjejnppfjjklapaamhcdmjbilmde
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [9280 bytes] ##########
# AdwCleaner v5.201 - Logfile created 04/07/2016 at 18:41:22
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows Vista Home Premium Service Pack 2 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Folders ] *****
[#] Folder Deleted : C:\Windows\SysNative\Tasks\savedailydeals
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : DSite
[-] Task Deleted : filecure startup
[-] Task Deleted : paretologic registration3
[-] Task Deleted : paretologic update version3
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [11278 bytes] - [03/07/2016 20:10:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [10465 bytes] - [29/09/2015 15:56:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [28232 bytes] - [11/01/2014 19:46:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [24510 bytes] - [11/01/2014 19:47:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [10703 bytes] - [03/07/2016 20:03:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [10443 bytes] - [29/09/2015 15:55:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [811 bytes] - [08/10/2015 07:28:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [815 bytes] - [08/10/2015 07:35:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [815 bytes] - [08/10/2015 07:38:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [11051 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows Vista Home Premium x64
Ran by Owner (Administrator) on Mon 07/04/2016 at 18:46:35.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 19
Successfully deleted: C:\Users\Public\Desktop\play more great games!.url (Shortcut)
Successfully deleted: C:\Windows\system32\Tasks\FileCure (Task)
Successfully deleted: C:\Windows\Tasks\FileCure.job (Task)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWIHW2Y2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ6B7MJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWUIPHQT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOZ6DUAC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWIHW2Y2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQ6B7MJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWUIPHQT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOZ6DUAC (Temporary Internet Files Folder)
Registry: 6
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55F5517-246E-4426-B745-EE25B08EB8B4} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{05223EBF-1359-4310-88FF-1581B2A7C0A0} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/04/2016 at 18:51:06.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Owner (administrator) on OWNER-PC (04-07-2016 21:02:02)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ESET spol. s r.o.) C:\Users\Owner\AppData\Local\ESET\ESETOnlineScanner\esetonlinescanner_enu_upd.exe
(ESET spol. s r.o.) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWUIPHQT\esetonlinescanner_enu (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems, Inc.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ATLANT~1.SCR
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009-07-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{004DD533-337D-4FA5-A83E-81CD6DCB1AB4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {E4AC6792-B4AA-4C34-9858-E84C94B89383} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-10-08] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-05] (Sun Microsystems, Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Adblock Plus)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-04-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-04-01] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-07-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-03]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-03]
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-07-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-16] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160704.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMTDIV.SYS [468152 2016-06-01] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160621.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160621.001\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-04 21:02 - 2016-07-04 21:03 - 00018797 _____ C:\Users\Owner\Desktop\FRST.txt
2016-07-04 18:57 - 2016-07-04 18:57 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2016-07-04 18:44 - 2016-07-04 18:44 - 01610816 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-07-04 18:37 - 2016-07-04 18:37 - 03712064 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
2016-07-03 20:57 - 2016-07-04 21:02 - 00000000 ____D C:\FRST
2016-07-03 20:56 - 2016-07-03 20:56 - 02390016 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-07-03 20:27 - 2016-07-03 20:27 - 00000000 ____D C:\Users\Owner\Documents\Cyber tech expert_1-855-907-2767
2016-07-03 20:25 - 2016-07-03 20:33 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Calling Card
2016-07-03 20:25 - 2016-07-03 20:25 - 00001798 _____ C:\Users\Public\Desktop\Premium Technical Support.lnk
2016-07-03 20:25 - 2016-07-03 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Premium Technical Support
2016-07-03 20:25 - 2016-07-03 20:25 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card
2016-07-03 20:21 - 2016-07-03 20:21 - 00000000 ____D C:\Users\Owner\Documents\C
2016-07-03 19:55 - 2016-07-03 19:55 - 06484352 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup505.exe
2016-07-03 19:55 - 2016-07-03 19:55 - 03712064 _____ C:\Users\Owner\Downloads\adwcleaner_5.201.exe
2016-07-03 19:45 - 2016-07-03 19:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-07-03 19:45 - 2016-07-03 19:45 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-07-03 19:44 - 2016-07-03 19:44 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-07-03 19:44 - 2016-07-03 19:44 - 00752296 _____ C:\Users\Owner\Downloads\Adware Removal Tool by TSA.exe
2016-07-03 19:42 - 2016-07-03 19:42 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-03 19:28 - 2016-07-03 19:38 - 00000249 _____ C:\Users\Owner\Desktop\CYBER TECH EXPERT.txt
2016-06-22 14:16 - 2016-07-03 15:52 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-06-22 14:16 - 2016-06-22 14:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-22 14:09 - 2016-06-22 14:09 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-06-22 14:04 - 2016-06-22 14:04 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-06-20 06:43 - 2016-05-18 08:55 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-20 06:43 - 2016-05-18 08:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-20 06:43 - 2016-05-14 08:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-20 06:43 - 2016-05-14 08:53 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-06-20 06:43 - 2016-05-14 08:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-20 06:43 - 2016-05-14 08:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-20 06:43 - 2016-05-14 08:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-06-20 06:43 - 2016-05-14 07:38 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-20 06:43 - 2016-05-14 07:38 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-20 06:43 - 2016-05-14 07:38 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-20 06:43 - 2016-05-11 06:10 - 00516328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-20 06:33 - 2016-05-14 08:58 - 00383208 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-20 06:33 - 2016-05-14 08:53 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-20 06:33 - 2016-05-14 08:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-20 06:33 - 2016-05-14 08:41 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-20 06:32 - 2016-05-12 07:45 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-20 06:32 - 2016-05-12 07:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-20 06:32 - 2016-05-12 07:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-20 06:32 - 2016-05-10 08:55 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-20 06:32 - 2016-05-10 08:54 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-20 06:32 - 2016-05-10 08:54 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-20 06:32 - 2016-05-10 08:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-20 06:32 - 2016-05-10 08:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-20 06:32 - 2016-05-10 08:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-20 06:32 - 2016-05-10 07:55 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-20 06:32 - 2016-05-10 07:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-20 06:32 - 2016-05-10 07:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-20 06:31 - 2016-05-12 08:56 - 00726016 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-20 06:31 - 2016-05-12 08:56 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-20 06:31 - 2016-05-12 08:56 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-20 06:31 - 2016-05-12 08:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-20 06:31 - 2016-05-12 08:56 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-20 06:31 - 2016-05-12 08:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-20 06:31 - 2016-05-12 08:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-20 06:31 - 2016-05-12 08:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-20 06:31 - 2016-05-12 08:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-20 06:31 - 2016-05-12 08:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 18:24 - 2016-05-12 12:52 - 18804224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-16 18:24 - 2016-05-12 12:49 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-16 18:24 - 2016-05-12 12:46 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-16 18:24 - 2016-05-12 12:45 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-16 18:24 - 2016-05-12 12:44 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-16 18:24 - 2016-05-12 12:43 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-16 18:24 - 2016-05-12 12:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-16 18:24 - 2016-05-12 12:42 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-16 18:24 - 2016-05-12 12:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-16 18:24 - 2016-05-12 12:42 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-06-16 18:24 - 2016-05-12 12:41 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-16 18:24 - 2016-05-12 12:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-16 18:24 - 2016-05-12 12:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-16 18:24 - 2016-05-12 12:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-16 18:24 - 2016-05-12 12:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-16 18:24 - 2016-05-12 12:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-16 18:24 - 2016-05-12 12:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-16 18:24 - 2016-05-12 12:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-16 18:24 - 2016-05-12 12:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-16 18:24 - 2016-05-12 12:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-06-16 18:24 - 2016-05-12 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-16 18:24 - 2016-05-12 12:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-16 18:24 - 2016-05-12 12:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-16 18:24 - 2016-05-12 12:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-16 18:24 - 2016-05-12 12:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-16 18:24 - 2016-05-12 12:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-06-16 18:24 - 2016-05-12 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-06-13 15:51 - 2016-06-13 15:51 - 01218072 _____ C:\Users\Owner\Downloads\ELECTIONFACTSHEE2016.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-04 20:42 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-04 20:42 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-04 18:47 - 2013-04-01 17:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 18:42 - 2016-05-22 13:06 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752817650-2183412088-3519692294-1000
2016-07-04 18:42 - 2013-10-03 14:28 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752817650-2183412088-3519692294-1000
2016-07-04 18:42 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 18:41 - 2006-11-02 08:42 - 00032520 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-03 21:22 - 2016-01-07 17:20 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2016-07-03 20:10 - 2014-01-11 19:46 - 00000000 ____D C:\AdwCleaner
2016-07-03 19:57 - 2015-11-22 16:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-07-03 19:57 - 2009-04-30 22:47 - 00000000 ____D C:\Windows\Panther
2016-07-03 19:57 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\inf
2016-07-03 18:46 - 2014-01-11 19:54 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adblock Plus for IE
2016-06-25 09:47 - 2009-04-30 23:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 17:13 - 2010-06-09 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-22 14:10 - 2006-11-02 05:46 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-22 14:04 - 2015-12-11 13:41 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-06-22 14:03 - 2015-12-11 13:41 - 00002100 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-06-22 14:03 - 2015-12-11 13:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-06-21 08:57 - 2015-12-11 13:41 - 00101112 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-06-21 08:57 - 2015-12-11 13:41 - 00008270 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-06-20 07:18 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2016-06-20 07:02 - 2006-11-02 08:21 - 00288408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-20 06:43 - 2013-08-29 08:12 - 00000000 ____D C:\Windows\system32\MRT
2016-06-20 06:34 - 2006-11-02 05:35 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2013-10-19 03:00 - 2013-12-08 08:14 - 0000098 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-10-19 03:00 - 2013-12-08 08:14 - 0000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2009-09-23 11:46 - 2016-01-27 17:45 - 0000244 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-07-02 18:25 - 2009-07-17 12:31 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-05-18 14:24 - 2014-05-18 14:25 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-31 20:08 - 2011-05-31 20:09 - 0362230 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI205B.txt
2011-10-31 08:06 - 2011-10-31 08:06 - 0359754 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI297B.txt
2011-06-04 20:14 - 2011-06-04 20:14 - 0361604 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI5CDE.txt
2009-09-17 19:11 - 2009-09-17 19:11 - 0415980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI6B71.txt
2011-05-31 20:08 - 2011-05-31 20:09 - 0011174 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI205B.txt
2011-10-31 08:06 - 2011-10-31 08:06 - 0011142 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI297B.txt
2011-06-04 20:14 - 2011-06-04 20:14 - 0011206 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI5CDE.txt
2009-09-17 19:11 - 2009-09-17 19:11 - 0011382 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI6B71.txt
2009-07-09 20:39 - 2009-07-09 20:48 - 0000773 _____ () C:\ProgramData\hpzinstall.log
2015-12-08 17:13 - 2015-12-08 17:13 - 4092246 _____ () C:\ProgramData\SMRResults501.dat
Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-04 18:50
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Owner (2016-07-04 21:03:54)
Running from C:\Users\Owner\Desktop
Windows Vista Home Premium Service Pack 2 (X64) (2009-05-21 04:13:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-752817650-2183412088-3519692294-500 - Administrator - Disabled)
Guest (S-1-5-21-752817650-2183412088-3519692294-501 - Limited - Disabled)
Owner (S-1-5-21-752817650-2183412088-3519692294-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\4 Elements) (Version: 1.0.0.0 - eGames)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
7 Wonders (HKLM-x32\...\7 Wonders) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version: 1.1.0.0 - MumboJumbo)
7 Wonders Treasures of Seven (HKLM-x32\...\7 Wonders Treasures of Seven) (Version: 1.1.0.0 - MumboJumbo)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
Amazonia FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116955637}) (Version: - Oberon Media)
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Atlantis 3D Screensaver 1.0 (HKLM-x32\...\Atlantis 3D Screensaver_is1) (Version: - )
Bejeweled 2 Deluxe 1.1 (HKLM-x32\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Big Money Deluxe 1.3 (HKLM-x32\...\Big Money Deluxe 1.3) (Version: - )
Bubble Shooter Deluxe (HKLM-x32\...\BSDELUXE_is1) (Version: - )
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Chuzzle Deluxe 1.01 (HKLM-x32\...\Chuzzle Deluxe 1.01) (Version: 1.01 - PopCap Games)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Copy (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
DebtFree™ for Windows® (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\c7bf31027eda1c16) (Version: 6.0.0.0 - DebtFree™ for Windows®)
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
Drop! (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Drop!) (Version: 1.0.0.1 - eGames)
F4400 (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
Farm Vet (HKLM-x32\...\Farm Vet) (Version: - )
Farmscapes (HKLM-x32\...\Farmscapes) (Version: - )
FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Hide and Secret (HKLM-x32\...\Hide and Secret) (Version: - )
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.92 - )
Java 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jewel Quest 2 (remove only) (HKLM-x32\...\Jewel Quest 2) (Version: - )
Jewel Quest Solitaire (remove only) (HKLM-x32\...\Jewel Quest Solitaire) (Version: - )
Jewel Quest Solitaire II (remove only) (HKLM-x32\...\Jewel Quest Solitaire II) (Version: - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
Legends of Deceit (HKLM-x32\...\{D501C2FC-65B2-4660-B996-BF020A118D60}) (Version: 1.0.0 - On Hand Software)
Legends of Silence (HKLM-x32\...\{2D6F5E76-2F9E-4F31-955D-B3EE085570BA}) (Version: 1.0.0 - On Hand Software)
Life Quest (HKLM-x32\...\BFG-Life Quest) (Version: - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Mah Jong Quest III (remove only) (HKLM-x32\...\Mah Jong Quest III) (Version: - )
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.1 - Masque Publishing)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monkey Money 2 (tb) (remove only) (HKLM-x32\...\Monkey Money 2 (tb)) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Tribe (HKLM-x32\...\BFG-My Tribe) (Version: - )
Mystery P.I. - The Vegas Heist 1.0.0.3 (HKLM-x32\...\Mystery P.I. - The Vegas Heist 1.0.0.3) (Version: - )
Mysteryville 2 (remove only) (HKLM-x32\...\Mysteryville 2) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM-x32\...\Noah's Ark Deluxe 1.1) (Version: - )
Norton Security (HKLM-x32\...\NS) (Version: 22.7.0.76 - Symantec Corporation)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 1.0.0.0 - ParetoLogic, Inc.)
Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: 1.0 - PopCap Games)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Pipe Mania (HKLM-x32\...\{FBD00247-B21F-4068-A409-3B990005317E}) (Version: 1.00.0000 - Empire Interactive)
Pirateville (remove only) (HKLM-x32\...\Pirateville) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
Premium Technical Support (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.)
Puzzle Odyssey (HKLM-x32\...\Puzzle Odyssey_is1) (Version: - Games Of The Month)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuantZ (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117459997}) (Version: - Oberon Media)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
The Lost Inca Prophecy (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\The Lost Inca Prophecy) (Version: 1.0.0.0 - eGames)
The Poppit! Show (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}) (Version: - Oberon Media)
The Poppit! Show (HKLM-x32\...\The Poppit! Show) (Version: 0.1 - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Twistingo (HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\Twistingo) (Version: 1.0.0.0 - eGames)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Youda Farmer 3 (HKLM-x32\...\Youda Farmer 3) (Version: - )
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version: - PopCap Games)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version: - PopCap Games)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06EA9C2D-7040-42A8-A81C-A643BC17FE64} - \FileCure Startup -> No File <==== ATTENTION
Task: {26D0B43C-0ED6-4D4A-BA9A-0205B4C0D6A8} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {2B9E6DB3-4028-4E4B-9DBC-B284C05BC6B5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {397D5E89-87D7-487B-A87A-CCE56F84BD36} - \ParetoLogic Update Version3 -> No File <==== ATTENTION
Task: {70C0CE4E-4D7B-445D-B95E-1830C3A9DA65} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752817650-2183412088-3519692294-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7160CEE1-A5C5-4D66-B383-9561BBC00BA2} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {7B770F17-E8B3-41A5-A6EF-FB4F88C6468E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {8455A05B-CD87-4AA4-B545-F616458858D2} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {A0A43AA6-62FF-42BD-AADA-182B7642DB02} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {A7AAAA45-C0C0-4C37-B6DA-62B898F0C0CE} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-24] (Hewlett-Packard)
Task: {BB03ADB3-BD12-4A9D-8FBE-18CC727CBB0D} - \DSite -> No File <==== ATTENTION
Task: {CBB362F4-3CDA-437E-92CC-9400EA8E18D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {D1DE9B0F-61C1-47B1-9888-4B2095E6B4EF} - \ParetoLogic Registration3 -> No File <==== ATTENTION
Task: {F44C02CD-56AC-4E39-8159-F85B01F063EC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
Task: {F9AAF01C-829E-49F4-BC13-2636F7CEF563} - System32\Tasks\{3D9A36EE-E3F7-4DE7-8486-73C9C48098C2} => pcalua.exe -a E:\Setup.exe -d E:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Owner\Desktop\Games\Games of the Month.lnk -> hxxp://www.gamesofthemonth.com/index.htm?origin=gm_dsktp&refid=desktopIcon (No File)
Shortcut: C:\Users\Owner\Desktop\Games\Pogo Games.lnk -> hxxp://pogo.oberon-media.com/?origin=gm_dsktp&refid=desktopIcon (No File)
Shortcut: C:\Users\Owner\AppData\Local\Microsoft\Windows\GameExplorer\{95FE7CFE-43B2-440F-A0B7-CF2969DAC08C}\SupportTasks\0\Play more games.lnk -> hxxp:\promotions.oberon-media.com\redirector\APP\GE\ (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=quickenfc&pf=cndt&locale=en_us&bd=pavilion&c=93EC:\Program Files (x86)\Online Services\quickenfc\financial_center.ico (No File)
==================== Loaded Modules (Whitelisted) ==============
2014-07-02 15:46 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-02 15:46 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1F96ED45 [322]
AlternateDataStreams: C:\ProgramData\TEMP:406A027A [119]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [334]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-752817650-2183412088-3519692294-1000\...\hp%20games -> hp%20games
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk => C:\Windows\pss\iWin Desktop Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HPADVISOR => c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: OCA_MRK => c:\hp\bin\OCA\hputilck64.exe c:\windows\system32\cmd.exe /c c:\hp\bin\OCA\install.cmd CRP
MSCONFIG\startupreg: PCDrProfiler => "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
MSCONFIG\startupreg: PDFServerEngine => "C:\Program Files (x86)\PDF Suite\PDFServerEngine.exe" /autorun
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles(x86)%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{46D1E544-8AE1-4292-A9CB-5CBA6028FAD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{FBCA2885-A95F-4F59-8A35-0B61D107471D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{9A26FEF1-B4F1-4BFC-8537-49786D1AD52A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{8BD3E2F4-5897-4F2A-BB58-3EDD774AAE68}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{3451B6D4-7201-4467-AEFC-9982DEA148F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{6AFB3D12-AA19-4A32-87F8-3A1C016E712B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{98B4BB1D-FA45-4957-BCAB-3B11F0674DE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{31420664-00DB-4D30-91EB-D336D6094C66}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{BF9E5C45-D04D-4DB3-88FA-A86C94A1670D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{67AC4346-AC38-47EA-86CB-A5CC9FCD50DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{FC260778-A295-4D80-9C01-35221E3F0679}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5FE71C5B-8F98-4F53-9888-531CFC2699C5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{3104A41C-D0FE-402F-A1FF-0D50615482DF}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe
FirewallRules: [{3105F5DA-66C0-4AFD-A4D9-36EB63264373}] => (Allow) C:\Program Files (x86)\BitTorrent\bittorrent.exe
FirewallRules: [{43E1DA0E-27B9-4B18-BC8B-6059AA3AB663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{32BC23EF-8819-492C-ADB8-6C3B2F4BC6B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4EA441DD-B422-4F97-87D6-F58F7716ECA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3218F1F1-3A6B-4BAC-B9E1-FB644C6F068B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A21FEDB1-1FF7-4349-AE89-D8C9FEEF9D9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{062E81A4-BAE8-4068-B221-4CA3A1E77B4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F710715B-1385-4FA1-845C-69FAA8E5B96C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CE4356ED-7C46-48BF-AC8F-55F7173A7919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1EEF65A3-6F01-4A2D-8676-F7C098C2608B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{465A9EBE-5587-4B4F-AD7F-CE32AB499F39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{88ABA7A1-3A2F-4CFD-ACE3-E22A3D9DB1E5}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{899AA496-464C-463D-A0A2-A38F9DB7BB2B}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{272BA3A4-E71D-4C94-9E55-F2EB19036CAB}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{208CF2E6-E114-4975-9736-88221A268F80}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{EBB4B12E-E6F4-49B4-A39F-D57C7F9D728A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe
FirewallRules: [{130FA13B-3B20-4AFF-9D87-805E755E1C65}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS35CF.tmp\SymNRT.exe
FirewallRules: [TCP Query User{05E16A9A-327D-4E1D-993A-88E2543F26FA}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{3574B4D5-06BA-4C04-8901-65DA8968272A}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{AFC86ACC-9300-4BAA-914D-C08A0AFDF290}] => (Allow) LPort=80
FirewallRules: [{225E6665-FED4-48A8-8015-673D498EB02C}] => (Allow) LPort=80
FirewallRules: [{6C43E839-00DC-4492-A469-811D57CBE1C7}] => (Allow) LPort=80
FirewallRules: [{AB6C3FE6-1667-4103-838F-7CF951A93357}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{13503F9F-9BAF-4DDF-8A67-62AD9B70D38A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{1E33AA54-2E13-4E54-954D-5E730756CB40}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{CF267219-094C-45ED-BE0D-8F6092B01075}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{AF7760C0-F26B-4901-BD0A-E4FE10BE9A87}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{A139594D-638D-4603-899F-103412F0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{F3B64111-3C71-4A60-8735-8FB3E5711A2C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{DCB13D02-6FBF-4702-B47E-657ABC207B5A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{8DEAD621-C6C2-4D51-A759-24F8B2129D0D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe
FirewallRules: [{33A52569-2B86-44D0-9E4C-F1F22939354D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSFD61.tmp\SymNRT.exe
FirewallRules: [{AC5BB2F0-5E7B-49A7-AD4B-6DB336177084}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{184BA02E-2AD5-44E4-91B7-DE30FA9757B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{9F796CD1-EACE-4933-A54C-D4B9B85DE268}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{EB4EE3A3-E9BB-4E57-B925-BA32006776C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{DB1D664D-CA49-478D-BA6D-51B5BFCDA57A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{3D164ED5-078C-4BD8-820F-DB8269E8F357}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{B40C9C0D-3F25-49B7-AD03-2C4A3BF0B053}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{42484EC7-1733-4CEA-9EFE-8F13D0A2B614}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{4C909D13-6CF8-46B2-ACE1-16197ABFD105}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BA0A6D0C-09DF-4F36-BEF4-3436371B301F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{DCB4481E-00C4-4613-AE6D-620AF595399E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CBA6DE10-F8F6-4930-B27F-0C36D32B7CD3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{60D7F05B-0B3C-4DEC-91BF-B13FDB05B9F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{9C748897-E5EB-4808-9EFD-38DE0DF576E2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7869E06C-1C88-4BD4-BAD2-8397E38C490E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{7E748301-59A8-4F3D-A14D-6B5833ADED7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{12B75F63-1A72-4991-98FC-2ADB4494AD4F}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{3075DEC8-83E4-462E-93BF-4FE186E533F8}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{3AD4897F-BC62-4FB3-8F7D-4F9C2F6EBFD6}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{B7DF3A54-5279-4F6C-902E-33DF87F1F9E4}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [TCP Query User{C4130B4E-DC87-43E6-BD56-586A1EEED8F4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{8FF822E4-BC21-4A43-8EA8-0D17AFB2EBDD}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{BB45CB0A-C3F6-4412-9B0C-7AE434E9EC86}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{013F92D6-966E-4909-B6F1-7E34A37E5F63}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{02E28043-6B71-4926-90DE-EF63312989EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
==================== Restore Points =========================
22-02-2016 13:31:29 Scheduled Checkpoint
29-02-2016 16:43:04 Scheduled Checkpoint
04-03-2016 19:06:23 Scheduled Checkpoint
06-03-2016 12:13:56 Scheduled Checkpoint
10-03-2016 20:00:03 Windows Update
13-03-2016 16:18:26 Scheduled Checkpoint
15-03-2016 17:56:57 Scheduled Checkpoint
19-03-2016 18:18:25 Scheduled Checkpoint
21-03-2016 08:06:57 Scheduled Checkpoint
27-03-2016 11:17:52 Scheduled Checkpoint
04-04-2016 17:08:36 Scheduled Checkpoint
13-04-2016 14:08:29 Windows Update
15-04-2016 15:35:35 Scheduled Checkpoint
26-04-2016 15:25:32 Scheduled Checkpoint
03-05-2016 16:28:47 Scheduled Checkpoint
05-05-2016 16:30:09 Scheduled Checkpoint
12-05-2016 19:25:43 Windows Update
15-05-2016 17:58:36 Scheduled Checkpoint
22-05-2016 14:07:54 Scheduled Checkpoint
03-06-2016 18:53:33 Scheduled Checkpoint
10-06-2016 16:55:34 Scheduled Checkpoint
14-06-2016 15:30:35 Scheduled Checkpoint
20-06-2016 06:30:25 Windows Update
24-06-2016 17:10:05 Windows Update
28-06-2016 11:26:37 Scheduled Checkpoint
04-07-2016 18:46:36 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/04/2016 06:43:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/04/2016 06:43:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/04/2016 06:43:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/04/2016 06:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2016 08:13:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/03/2016 08:13:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/03/2016 08:12:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2016 07:48:17 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Premium Technical Support -- Error 1316. The specified account already exists.
Error: (07/03/2016 03:27:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/29/2016 05:19:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/04/2016 07:51:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv%%1275 = This driver has been blocked from loading
Error: (07/04/2016 07:51:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/04/2016 07:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv%%1275 = This driver has been blocked from loading
Error: (07/04/2016 07:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv%%1275 = This driver has been blocked from loading
Error: (07/04/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv%%1275 = This driver has been blocked from loading
CodeIntegrity:
===================================
Date: 2016-07-04 21:03:49.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:47.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:46.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:45.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:21.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:20.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:19.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:03:18.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:02:55.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160701.003\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-04 21:02:54.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160701.003\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 6133.33 MB
Available physical RAM: 3277.84 MB
Total Virtual: 12449.68 MB
Available Virtual: 9536.42 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:430 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================