Jump to content

jlh

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Adam, I updated the software and deleted J2SE Update 9. I uninstalled ComboFix and ran Del Fix. This computer is running great. I updated to Malwarebytes premium at the beginning of this process. Thank you so much for all of your help! Jan
  2. My computer is performing fine. Jan
  3. Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01Ran by Jimmy at 2014-12-02 12:09:11 Run:2Running from C:\Users\Jimmy\DesktopLoaded Profiles: Jimmy & (Available profiles: Jimmy)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION2014-12-01 13:05 - 2014-12-01 13:05 - 00000000 _____ () C:\Windows\SysWOW64\sho8796.tmp2014-11-30 23:50 - 2014-11-30 23:50 - 00004408 _____ () C:\{B843E9A4-B9F7-40C7-B10B-3FBDC0B7B680}2014-11-30 13:46 - 2014-11-30 13:46 - 00004456 _____ () C:\{34E20D7E-B56B-440B-807C-6C5E37620098}2014-11-30 13:37 - 2014-11-30 13:37 - 00004456 _____ () C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D}2014-11-26 21:17 - 2014-11-26 21:17 - 12822752 _____ () C:\{C62D4481-C90A-4B80-B659-635A9D80AB91}2014-11-26 19:39 - 2014-11-26 19:39 - 00003560 _____ () C:\{0D740686-215B-4E61-8D0A-9521C971B553}2014-11-12 15:39 - 2014-11-12 15:39 - 00000000 __SHD () C:\Users\Jimmy\AppData\Local\EmieBrowserModeList2014-11-12 14:28 - 2014-11-12 14:28 - 00003088 _____ () C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3}Task: {52940A8E-8930-4A39-B009-3818DC571456} - System32\Tasks\{C1ABA19D-C466-155F-EB7F-FFB1B17CBB22} => C:\Windows\system32\ibadp.dll/s "C:\Windows\system32\ibadp.dll"C:\Windows\system32\ibadp.dllC:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}EmptyTemp:end*****************
  4. Addition Log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01Ran by Jimmy at 2014-12-02 10:55:21Running from C:\Users\Jimmy\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Buttons & OSDs control application gen3 (HKLM-x32\...\{BF6B7982-9189-4765-9DD3-039CE6D69C0C}) (Version: 1.0.3.0 - Hewlett-Packard)Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.102 - CinemaNow, Inc.)Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) HiddenCitrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) HiddenCyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) HiddenDVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)DVD Menu Pack for HP TouchSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) HiddenElevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.11 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)HP TouchSmart (HKLM-x32\...\{5F10FEF8-0538-4BB7-9020-E553C85427E9}) (Version: 3.0.35.0 - Hewlett-Packard)HP TouchSmart Browser (HKLM-x32\...\{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}) (Version: 3.0.0008 - Hewlett-Packard)HP TouchSmart Calendar (HKLM-x32\...\{6295D2D0-11CB-48F6-A2CF-0E2917A17369}) (Version: 3.1.3532.29998 - Hewlett-Packard)HP TouchSmart Canvas (HKLM-x32\...\{5F12B024-2681-4080-9B24-918D04A8E609}) (Version: 1.1.3611.25561 - Hewlett-Packard)HP TouchSmart Clock (HKLM-x32\...\{053BC793-EB2F-48B6-AB61-6B76CCCCB041}) (Version: 3.0.3572.25998 - Hewlett-Packard)HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)HP TouchSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)HP TouchSmart Notes (HKLM-x32\...\{2DBE7159-9081-4DDB-B8DB-31692A41008F}) (Version: 3.1.3544.29053 - Hewlett-Packard)HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.96 - Hewlett-Packard)HP TouchSmart RecipeBox (HKLM-x32\...\{CB4268B4-CF57-4CF4-82C9-4B013E23DBD5}) (Version: 2.5.3808.27768 - Hewlett-Packard)HP TouchSmart RSS (HKLM-x32\...\{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}) (Version: 3.0.0006 - Hewlett-Packard)HP TouchSmart Tutorials (HKLM-x32\...\{ABB2A845-DD44-4147-95CD-6C18271E5EC2}) (Version: 3.0.5.2 - Hewlett-Packard)HP TouchSmart Twitter (HKLM-x32\...\{AE8C4181-26D7-4E92-A6EF-81BB2A8E0230}) (Version: 1.0.3541.23899 - Hewlett-Packard)HP TouchSmart Weather (HKLM-x32\...\{1AFC20E3-35B0-4916-9809-F6C46A92A695}) (Version: 3.0.0.1 - Hewlett-Packard)HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2219 - Hewlett-Packard)HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)J2SE Runtime Environment 5.0 Update 9 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\Juniper_Setup_Client) (Version: 7.1.5.14305 - Juniper Networks, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)LG CyberLink LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) HiddenLG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3325 - CyberLink Corp.)LG CyberLink Power2Go (x32 Version: 6.2.3325 - CyberLink Corp.) HiddenLG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)LG CyberLink PowerDVD (x32 Version: 8.0.2815d - CyberLink Corp.) HiddenLG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)LG CyberLink PowerProducer (x32 Version: 5.0.2.2130 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)Movie Theme Pack for HP TouchSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)PictureProject (HKLM-x32\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )PictureProject In Touch Downloader 1.0 (HKLM-x32\...\PictureProject In Touch Downloader) (Version: 1.0 - Fotonation Inc.)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) HiddenPure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) HiddenQuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) HiddenSafari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 27-11-2014 03:30:00 Windows Update01-12-2014 17:17:54 ComboFix created restore point02-12-2014 09:31:06 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-12-01 12:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0134B8B8-EC28-4FD5-A818-CE2BDBEB1674} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)Task: {09712931-6318-4611-987F-5C9E1AADF40A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)Task: {1491FAB6-EDF5-43E0-8C1C-7074D115EC5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {15B649A0-1566-4E6A-A11E-37E240F176C4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {192A9D0F-A49B-47E9-ACE2-4389906B9462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {319E10CB-C1DB-494E-A92F-8237A8D86BEC} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)Task: {349D659F-C087-4FF4-9801-00D0635BB193} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)Task: {35F985E2-3C4A-4E02-8576-264C71B9D8F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {380B8F33-22BA-4DAE-A167-F8CDF4B89858} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {3CC5CCA9-14D3-4742-9C41-053A096A81C7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {3D9FE30F-BB74-440E-A275-A21C020AF966} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {43DB880E-70A2-4173-87A4-25AD40900F1F} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exeTask: {43DDBD2B-D6FE-4CFA-8279-ECE46CA522F4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {4F6549C5-E8F3-4586-B92F-5AB5E92C906C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {4F9ED15C-A87E-4E7B-AB8A-F207EC77090E} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)Task: {52940A8E-8930-4A39-B009-3818DC571456} - System32\Tasks\{C1ABA19D-C466-155F-EB7F-FFB1B17CBB22} => C:\Windows\system32\ibadp.dll/s "C:\Windows\system32\ibadp.dll"Task: {5A256347-FC21-4C6F-A39B-57461EC5EE3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)Task: {6D1C87D0-9C34-48BC-B34E-36366423E29E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {7093EFD6-B7B9-4EC8-B71C-11A256B3678B} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)Task: {76FD3BBB-123E-4F7F-940C-4613E8C030B5} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)Task: {7A4761F4-C2A9-4437-972F-5116CB3692F3} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()Task: {7A792A7B-4AEB-458B-AD7D-5466FB2507C1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {7B3AB8E2-14C9-4CBA-B7D0-417FF41B2C9B} - System32\Tasks\HPCeeScheduleForJimmy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {7C82D18E-8ADA-43F2-9F1F-F6910179B71C} - System32\Tasks\{F1E08A2E-7F6B-45BB-9970-49B468BBF643} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)Task: {7F728772-C602-4188-A771-6C9D013AD869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)Task: {8855DC22-4F77-47A1-8D27-DD2E5BD91AAF} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeTask: {942D6D83-1CB1-450B-AADC-5A83943DEB0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {A0DE1F36-8A82-42DF-AE24-ABB9C2E02880} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {B7724BBA-67BE-485C-BE53-FA368016F269} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)Task: {C775A00B-A513-4853-A832-FDC3D758E097} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {D462BF6D-2F39-4A66-AB25-32B95A4B6FAC} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)Task: {DCC42802-8A95-4313-BB8A-E909E2DF8AC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {F3F6C188-F380-4D52-AF3E-2F83BAD1D958} - System32\Tasks\{C39635BA-EB52-46D2-92EA-48572B8EB887} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)Task: {F8EE0096-C6C6-4453-92F7-D635B9020180} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)Task: {FDF46E11-8A07-496F-BF9F-E8A5C2D8F035} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForJimmy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-08 07:27 - 2009-01-21 05:47 - 00247152 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe2010-03-08 07:14 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll2011-09-19 15:59 - 2011-09-19 15:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll2014-05-01 15:31 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll2014-11-26 20:04 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll2014-11-26 20:04 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll2014-11-26 20:04 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll2014-11-26 20:04 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Jimmy\Documents\.apdisk:com.apple.quarantineAlternateDataStreams: C:\Users\Jimmy\Documents\.DS_Store:AFP_AfpInfoAlternateDataStreams: C:\Users\Jimmy\Documents\.TemporaryItems:AFP_AfpInfoAlternateDataStreams: C:\Users\Jimmy\Documents\.TemporaryItems:com.apple.quarantineAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2167383068-2755855922-1240777557-500 - Administrator - Disabled)Guest (S-1-5-21-2167383068-2755855922-1240777557-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-2167383068-2755855922-1240777557-1002 - Limited - Enabled)Janet (S-1-5-21-2167383068-2755855922-1240777557-1004 - Administrator - Enabled)Jimmy (S-1-5-21-2167383068-2755855922-1240777557-1001 - Administrator - Enabled) => C:\Users\Jimmy ==================== Faulty Device Manager Devices ============= Name: Buttons and OSDs ACPI driver gen2Description: Buttons and OSDs ACPI driver gen2Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: ACPIService: ACPIServiceProblem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors:==================Error: (12/02/2014 08:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/02/2014 08:02:16 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/02/2014 08:02:16 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors:=============Error: (12/02/2014 08:19:57 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions:=========================Error: (12/02/2014 08:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jimmy\Desktop\esetsmartinstaller_enu (2).exe Error: (12/02/2014 08:02:16 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jimmy\Desktop\esetsmartinstaller_enu (2).exe Error: (12/02/2014 08:02:16 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jimmy\Desktop\esetsmartinstaller_enu (2).exe CodeIntegrity Errors:=================================== Date: 2014-12-01 12:32:24.928 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-01 12:32:24.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-19 18:29:22.724 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-19 18:29:22.384 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 330 @ 2.13GHzPercentage of memory in use: 62%Total physical RAM: 3831.11 MBAvailable physical RAM: 1435.25 MBTotal Pagefile: 7660.41 MBAvailable Pagefile: 4950.57 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:918.74 GB) (Free:822.65 GB) NTFSDrive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.74 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: E02110E8)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=918.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  5. FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01Ran by Jimmy (administrator) on JIMMY-PC on 02-12-2014 10:54:09Running from C:\Users\Jimmy\DesktopLoaded Profile: Jimmy (Available profiles: Jimmy)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe() Q:\140062.enu\Office14\ONENOTEM.EXE() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [715776 2009-10-19] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)HKLM-x32\...\Run: [buttons & OSDs control application gen3] => c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [212992 2009-11-17] (Hewlett-Packard)HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [updateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)HKLM-x32\...\Run: [updatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cabDPF: HKLM-x32 {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.brooksfoodgroup.com/dana-cached/sc/JuniperSetupClient.cabHandler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2167383068-2755855922-1240777557-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-2167383068-2755855922-1240777557-1001: @talk.google.com/O1DPlugin -> C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-2167383068-2755855922-1240777557-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2167383068-2755855922-1240777557-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Jimmy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Jimmy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-12-02]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: =======CHR HomePage: Default -> hxxp://my.earthlink.net/CHR StartupUrls: Default -> ""CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No FileCHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No FileCHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No FileCHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No FileCHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No FileCHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No FileCHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-12]CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-07-01]CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-12]CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-12]CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2009-01-21] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-21] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-21] (Symantec Corporation)R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141201.003\IDSvia64.sys [637656 2014-11-26] (Symantec Corporation)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-11-30] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-02] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141201.033\ENG64.SYS [129752 2014-10-21] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141201.033\EX64.SYS [2137304 2014-10-21] (Symantec Corporation)R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [26176 2010-08-05] ()R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-02 10:46 - 2014-12-02 10:46 - 00001221 _____ () C:\Users\Jimmy\Desktop\myesetscan.txt2014-12-02 08:03 - 2014-12-02 08:03 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-02 08:02 - 2014-12-02 08:02 - 02347384 _____ (ESET) C:\Users\Jimmy\Downloads\esetsmartinstaller_enu (2).exe2014-12-02 08:02 - 2014-12-02 08:02 - 02347384 _____ (ESET) C:\Users\Jimmy\Desktop\esetsmartinstaller_enu (2).exe2014-12-02 08:01 - 2014-12-02 08:01 - 02347384 _____ (ESET) C:\Users\Jimmy\Downloads\esetsmartinstaller_enu (1).exe2014-12-02 08:00 - 2014-12-02 08:00 - 02347384 _____ (ESET) C:\Users\Jimmy\Downloads\esetsmartinstaller_enu.exe2014-12-02 07:57 - 2014-12-02 07:57 - 00004716 _____ () C:\Users\Jimmy\Desktop\JRT.txt2014-12-02 07:50 - 2014-12-02 07:50 - 00000000 ____D () C:\Windows\ERUNT2014-12-02 07:46 - 2014-12-02 07:47 - 01707646 _____ (Thisisu) C:\Users\Jimmy\Downloads\JRT.exe2014-12-02 07:34 - 2014-12-02 07:39 - 00000000 ____D () C:\AdwCleaner2014-12-02 07:34 - 2014-12-02 07:34 - 02154496 _____ () C:\Users\Jimmy\Downloads\AdwCleaner (1).exe2014-12-02 07:24 - 2014-12-02 07:25 - 02154496 _____ () C:\Users\Jimmy\Downloads\AdwCleaner.exe2014-12-01 13:05 - 2014-12-01 13:05 - 00000000 _____ () C:\Windows\SysWOW64\sho8796.tmp2014-12-01 12:48 - 2014-12-01 12:48 - 00027146 _____ () C:\ComboFix.txt2014-12-01 12:34 - 2014-12-01 12:34 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat2014-12-01 12:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-12-01 12:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-12-01 12:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-12-01 12:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-12-01 12:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-12-01 12:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-12-01 12:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-12-01 12:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-12-01 12:15 - 2014-12-01 12:48 - 00000000 ____D () C:\Qoobox2014-12-01 12:14 - 2014-12-01 12:45 - 00000000 ____D () C:\Windows\erdnt2014-12-01 12:13 - 2014-12-01 12:14 - 05600374 ____R (Swearware) C:\Users\Jimmy\Downloads\ComboFix.exe2014-11-30 23:50 - 2014-11-30 23:50 - 00004408 _____ () C:\{B843E9A4-B9F7-40C7-B10B-3FBDC0B7B680}2014-11-30 17:38 - 2014-11-30 17:38 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-11-30 17:38 - 2014-11-30 17:38 - 00000000 ____D () C:\ProgramData\RogueKiller2014-11-30 17:36 - 2014-11-30 17:37 - 18310232 _____ () C:\Users\Jimmy\Downloads\RogueKillerX64.exe2014-11-30 17:26 - 2014-11-30 17:26 - 00000000 ____D () C:\Users\Jimmy\Desktop\FRST-OlderVersion2014-11-30 15:17 - 2014-11-30 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-11-30 14:58 - 2014-11-30 17:07 - 00000000 ____D () C:\Users\Jimmy\Desktop\mbar2014-11-30 14:56 - 2014-11-30 14:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Jimmy\Downloads\mbar-1.08.2.1001.exe2014-11-30 13:46 - 2014-11-30 13:46 - 00004456 _____ () C:\{34E20D7E-B56B-440B-807C-6C5E37620098}2014-11-30 13:37 - 2014-11-30 13:37 - 00004456 _____ () C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D}2014-11-30 11:38 - 2014-12-02 07:44 - 00000000 ___RD () C:\Users\Jimmy\iCloudDrive2014-11-30 11:38 - 2014-11-30 11:38 - 00000000 ____D () C:\Users\Jimmy\AppData\Local\Apple Inc2014-11-30 11:29 - 2014-11-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-11-26 21:17 - 2014-11-26 21:17 - 12822752 _____ () C:\{C62D4481-C90A-4B80-B659-635A9D80AB91}2014-11-26 19:39 - 2014-11-26 19:39 - 00003560 _____ () C:\{0D740686-215B-4E61-8D0A-9521C971B553}2014-11-26 19:29 - 2014-11-26 19:29 - 02116096 _____ (Farbar) C:\Users\Jimmy\Downloads\frst64.exe2014-11-26 19:19 - 2014-12-02 10:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-26 19:19 - 2014-11-26 19:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-26 19:19 - 2014-11-26 19:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-26 18:31 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-11-26 18:31 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-11-26 18:31 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-26 18:31 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-12 15:58 - 2014-11-30 17:28 - 00041125 _____ () C:\Users\Jimmy\Desktop\Addition.txt2014-11-12 15:50 - 2014-12-02 10:54 - 00029917 _____ () C:\Users\Jimmy\Desktop\FRST.txt2014-11-12 15:48 - 2014-12-02 10:54 - 00000000 ____D () C:\FRST2014-11-12 15:42 - 2014-11-30 17:26 - 02117120 _____ (Farbar) C:\Users\Jimmy\Desktop\FRST64.exe2014-11-12 15:39 - 2014-11-12 15:39 - 00000000 __SHD () C:\Users\Jimmy\AppData\Local\EmieBrowserModeList2014-11-12 14:28 - 2014-11-12 14:28 - 00003088 _____ () C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3}2014-11-12 10:54 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-11-12 10:54 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-11-12 10:54 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-11-12 10:53 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-11-12 10:53 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-12 10:53 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-11-12 10:53 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-11-12 10:53 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-11-12 10:53 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-11-12 10:53 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-11-12 10:53 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-11-12 10:53 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-11-12 10:53 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-11-12 10:53 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-11-12 10:53 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-11-12 10:53 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-11-12 10:53 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-11-12 10:53 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-11-12 10:53 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-11-12 10:53 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-11-12 10:53 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-11-12 10:53 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-11-12 10:53 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-11-12 10:53 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-12 10:53 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-12 10:53 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-12 10:53 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-12 10:53 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-12 10:53 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-11-12 10:53 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-12 10:53 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-12 10:53 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-12 10:53 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-11-12 10:53 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-12 10:53 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-11-12 10:53 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-12 10:53 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-12 10:53 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-11-12 10:53 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-12 10:53 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 10:53 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-11-12 10:53 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-11-12 10:53 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-11-12 10:53 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-11-12 10:53 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-12 10:53 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-12 10:53 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-12 10:53 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-11-12 10:53 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-12 10:53 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-12 10:53 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-12 10:53 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-11-12 10:53 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-11-12 10:53 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-11-12 10:53 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-12 10:53 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-11-12 10:53 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-12 10:53 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-12 10:53 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-12 10:53 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-11-12 10:53 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-11-12 10:53 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-12 10:53 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-12 10:53 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-12 10:53 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-11-12 10:53 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-11-12 10:53 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-12 10:53 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-12 10:51 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-12 10:51 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-12 10:51 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-12 10:51 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-12 10:51 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-12 10:51 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-12 10:51 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-11-12 10:51 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-12 10:51 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 10:51 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-12 10:51 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-11-12 10:51 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-11-12 10:51 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-11-12 10:51 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-12 10:51 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-11-12 10:51 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-12 10:51 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-11-12 10:51 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-11-12 10:51 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-11-12 10:50 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-12 10:50 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-12 10:50 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-11-12 10:50 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-05 19:51 - 2014-11-05 19:51 - 00000000 ____D () C:\Users\Jimmy\Documents\OneNote Notebooks2014-11-02 21:39 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-11-02 21:39 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-11-02 21:39 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-11-02 21:39 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-02 10:40 - 2012-05-14 13:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-02 10:32 - 2014-10-30 07:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-02 10:26 - 2012-03-16 21:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA.job2014-12-02 09:43 - 2011-01-07 00:52 - 01254636 _____ () C:\Windows\WindowsUpdate.log2014-12-02 07:51 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-12-02 07:51 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-12-02 07:44 - 2012-02-29 18:17 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools2014-12-02 07:43 - 2011-04-02 07:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-02 07:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-02 07:43 - 2009-07-13 23:51 - 00072478 _____ () C:\Windows\setupact.log2014-12-02 07:41 - 2011-01-08 12:52 - 01120274 _____ () C:\Windows\PFRO.log2014-12-02 07:38 - 2011-01-08 12:30 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\SoftGrid Client2014-12-01 19:26 - 2012-03-16 21:28 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core.job2014-12-01 12:48 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2014-12-01 12:39 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-12-01 12:34 - 2009-07-13 21:34 - 88866816 _____ () C:\Windows\system32\config\SOFTWARE.bak2014-12-01 12:34 - 2009-07-13 21:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak2014-12-01 12:34 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak2014-12-01 12:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak2014-12-01 12:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak2014-12-01 12:32 - 2011-01-07 00:52 - 00000000 ____D () C:\Users\Jimmy2014-12-01 10:27 - 2013-03-21 05:40 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{675201B6-49E4-4769-84ED-08B9C28CA5F6}2014-12-01 09:24 - 2011-01-07 00:54 - 00083176 _____ () C:\Users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-30 19:32 - 2011-01-07 03:05 - 00000000 ____D () C:\Users\Jimmy\Documents\Outlook Files2014-11-30 17:16 - 2010-03-08 07:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-11-30 15:07 - 2014-10-30 07:32 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-30 13:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing2014-11-30 12:37 - 2013-12-28 18:54 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJimmy.job2014-11-30 11:46 - 2013-12-28 18:54 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimmy2014-11-30 11:46 - 2011-10-29 18:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-11-30 11:46 - 2011-01-15 11:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-11-30 11:37 - 2011-10-14 17:03 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\Apple Computer2014-11-30 11:21 - 2011-01-07 01:19 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job2014-11-27 19:40 - 2012-05-14 13:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-27 19:40 - 2012-05-14 13:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-27 19:40 - 2012-05-14 13:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-27 19:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-11-26 20:17 - 2011-01-12 10:48 - 00000000 ____D () C:\Users\Jimmy\AppData\Local\CyberLink2014-11-26 20:04 - 2013-03-12 12:27 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-11-26 19:21 - 2012-03-16 21:28 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA2014-11-26 19:21 - 2012-03-16 21:28 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core2014-11-13 11:01 - 2011-01-07 20:52 - 00000000 ____D () C:\Users\Jimmy\AppData\Local\CrashDumps2014-11-12 15:09 - 2009-07-13 23:45 - 00326000 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-12 15:03 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-11-12 13:12 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT2014-11-12 12:30 - 2011-01-08 16:30 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-12 10:37 - 2010-03-08 07:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools2014-11-10 10:36 - 2011-01-07 03:07 - 00000000 ____D () C:\Users\Public\Documents\A Dog For All Seasons2014-11-10 10:13 - 2014-10-13 12:17 - 00000135 _____ () C:\Windows\SysWOW64\debug.log2014-11-09 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-11-07 13:27 - 2014-03-31 10:46 - 00000000 ____D () C:\Users\Jimmy\Documents\Benefits2014-11-05 16:47 - 2013-05-06 15:25 - 00013566 _____ () C:\Users\Jimmy\Documents\Hudson Dogs Today.xlsx2014-11-04 14:30 - 2011-01-09 08:54 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-11-04 12:58 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-03 13:45 - 2013-03-16 15:24 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\Mozilla Some content of TEMP:====================C:\Users\Jimmy\AppData\Local\Temp\Quarantine.exeC:\Users\Jimmy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-27 19:21 ==================== End Of Log ============================
  6. Esetscan log: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted applicationC:\FRST\Quarantine\C\Users\Jimmy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationC:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo potentially unwanted applicationC:\Users\Jimmy\AppData\Local\Downloaded Installations\{BF3589D3-BF62-48FE-9405-C2FB81574783}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted application
  7. Junkware Removal Tool log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 7 Home Premium x64Ran by Jimmy on Tue 12/02/2014 at 7:51:04.58~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211141126}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211141126} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Jimmy\AppData\LocalLow\FCTB000100573Successfully deleted: [Folder] "C:\ProgramData\pc1data"Successfully deleted: [Folder] "C:\Users\Jimmy\appdata\local\cre"Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{03B39B87-6CA2-4C9D-8CE6-ACE0EE24C71C}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{0C86E61E-7EA4-499D-9198-D3CC495F5F57}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{0F27F855-E311-4E2A-940B-0ADC07086968}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{17EAC77E-0CC8-4547-AE12-A25F8C28352E}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{181039A5-6C2C-4BEA-B26B-AD88637DC705}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{28D8A03E-8EEE-486A-86FA-4C9A7A6ECC31}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{294B538B-4A7F-444F-B231-1CEE6D445311}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{2C7150D3-59CC-41D5-B059-86F7BED63683}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{2DAE188A-ED9E-4DE0-9D9C-21FD975F50B9}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{2F930A4D-2ECB-4E54-A8FA-0E8B43F0DB3F}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{38E56CB0-E061-4886-91EC-734D8A288E40}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{4218E46C-D296-449F-8214-8F0EC212A054}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{42E3AB90-68F0-4A94-9E81-A9F7A3926B82}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{4E018A8B-541D-4D37-94C2-05F5F77A1B6F}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{51F3F3B8-EE7D-4842-8CCF-C2FD13FC7B9A}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{66BE321F-CA04-4088-870C-17D264329072}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{76D9254D-8084-4C47-9BBD-464A6767FB56}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{80EDAEF3-F55E-4AD7-91F0-2C9B8ADD6922}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{99D803B3-D998-4278-B237-D3F75E2D715D}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{A573462E-8F81-4F88-8BB6-09EDAF83037B}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{A954BBE9-778E-46A2-A20B-1DC34A4E489B}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{B6C14E20-EC31-4710-8EDC-541E9C59D945}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{BFB4C2FE-F43D-428D-99A4-C7510ED42B33}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{C64386E0-41D6-444A-AEA6-7796D0DC0657}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{E34ABF0C-E1C5-4342-8637-37FB112B44A1}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{E43BD9A3-800A-4EE5-ABEF-D04A0EF1FCF6}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{EC74498D-575E-4904-8282-17C5CDBB1552}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{EE4F7DA1-B70E-489C-B912-C4200CB67580}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{EF07BA78-0806-493B-9B3C-427303CC9352}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{F3D71FD1-291E-4B40-96D8-ED3B3EED0C8B}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{F5D3FDA9-69A0-4C22-BE22-69EFFF196150}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{F82EBE86-7E8F-41D0-A103-D38BBB86A6AE}Successfully deleted: [Empty Folder] C:\Users\Jimmy\appdata\local\{FFEE2A20-B09C-4CED-9F9B-BA8C8A82E295} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 12/02/2014 at 7:57:16.91End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Adware Cleaner log: # AdwCleaner v4.103 - Report created 02/12/2014 at 07:38:30# Updated 01/12/2014 by Xplode# Database : 2014-12-01.2 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Jimmy - JIMMY-PC# Running from : C:\Users\Jimmy\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Windows\SysWOW64\ARFCFolder Deleted : C:\Windows\System32\ljkbFolder Deleted : C:\Users\Jimmy\AppData\Local\ConduitFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Jimmy\AppData\LocalLow\DeltaFolder Deleted : C:\Users\Jimmy\AppData\Roaming\BabylonFolder Deleted : C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejccFile Deleted : C:\ENDFile Deleted : C:\Windows\System32\dmwu.exeFile Deleted : C:\Windows\System32\ImhxxpComm.dllFile Deleted : C:\Users\Jimmy\AppData\LocalLow\SkwConfig.binFile Deleted : C:\Users\Jimmy\Desktop\TornTV.lnkFile Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejccKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573PosKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImplKey Deleted : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Key Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\LyricsContainerKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\DeltaKey Deleted : HKLM\SOFTWARE\WNLT ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [3715 octets] - [02/12/2014 07:35:31]AdwCleaner[s0].txt - [3554 octets] - [02/12/2014 07:38:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3614 octets] ##########
  9. C:\Windows\system32\ibadp.dll << this file is not on my computer so i couldn't scan it with Virus Total.
  10. ComboFix log: ComboFix 14-12-01.01 - Jimmy 12/01/2014 12:21:39.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1644 [GMT -5:00]Running from: c:\users\Jimmy\Downloads\ComboFix.exeAV: Norton 360 Online *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton 360 Online *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton 360 Online *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnkc:\users\Jimmy\GoToAssistDownloadHelper.exec:\windows\SysWow64\WNLT..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_ACPIService..((((((((((((((((((((((((( Files Created from 2014-11-01 to 2014-12-01 )))))))))))))))))))))))))))))))..2014-11-30 22:38 . 2014-11-30 22:38 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-11-30 22:38 . 2014-11-30 22:38 -------- d-----w- c:\programdata\RogueKiller2014-11-30 22:35 . 2014-11-30 22:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D073873-7755-42B4-A2D0-7D6D9C3DA796}\offreg.dll2014-11-30 20:17 . 2014-11-30 22:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-11-30 16:38 . 2014-12-01 17:07 -------- d-----r- c:\users\Jimmy\iCloudDrive2014-11-30 16:38 . 2014-11-30 16:38 -------- d-----w- c:\users\Jimmy\AppData\Local\Apple Inc2014-11-28 15:11 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D073873-7755-42B4-A2D0-7D6D9C3DA796}\mpengine.dll2014-11-26 23:31 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll2014-11-26 23:31 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll2014-11-26 23:31 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll2014-11-26 23:31 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-11-12 20:48 . 2014-12-01 16:52 -------- d-----w- C:\FRST2014-11-12 20:39 . 2014-11-12 20:39 -------- d-sh--w- c:\users\Jimmy\AppData\Local\EmieBrowserModeList2014-11-12 15:54 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll2014-11-12 15:54 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll2014-11-12 15:54 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll2014-11-12 15:51 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll2014-11-12 15:50 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll2014-11-12 15:50 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll2014-11-12 15:50 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll2014-11-12 15:50 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2014-11-03 02:39 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll2014-11-03 02:39 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2014-11-03 02:39 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll2014-11-03 02:39 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-12-01 17:39 . 2014-10-30 12:33 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-11-30 20:07 . 2014-10-30 12:32 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-11-28 00:40 . 2012-05-14 18:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-11-28 00:40 . 2012-05-14 18:53 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-11-12 17:30 . 2011-01-08 21:30 103374192 ----a-w- c:\windows\system32\MRT.exe2014-11-04 19:30 . 2011-01-09 13:54 275080 ------w- c:\windows\system32\MpSigStub.exe2014-10-30 14:10 . 2014-10-30 14:10 0 ----a-w- c:\windows\SysWow64\sho50A1.tmp2014-10-26 00:41 . 2014-10-26 00:41 0 ----a-w- c:\windows\system32\xdzfxn.dll2014-10-02 18:23 . 2014-10-02 18:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2014-10-02 18:23 . 2014-10-02 18:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2014-10-01 15:11 . 2014-10-30 12:32 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-01 15:11 . 2014-10-30 12:32 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-25 02:08 . 2014-10-01 11:51 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-10-01 11:51 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-09 22:11 . 2014-09-24 12:06 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-24 12:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-09-04 05:23 . 2014-10-16 11:45 424448 ----a-w- c:\windows\system32\rastls.dll2014-09-04 05:04 . 2014-10-16 11:45 372736 ----a-w- c:\windows\SysWow64\rastls.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2014-06-27 18:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2014-06-27 18:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2014-06-27 18:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-10-17 43816]"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-10-20 43816].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888].c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE /quietlaunch "ONENOTEM 9014006204090000" /tsr [2013-7-23 3207912].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [x]S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\ccSetx64.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141128.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141128.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1405000.01C\SYMNETS.SYS [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys;c:\windows\SYSNATIVE\DRIVERS\AVerAVF2.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys;c:\windows\SYSNATIVE\DRIVERS\FintekCIR.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys;c:\windows\SYSNATIVE\DRIVERS\NW1950.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-11-27 00:25 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 00:40].2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 18:14].2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 18:14].2014-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core.job- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 00:35].2014-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA.job- c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 00:35].2014-11-30 c:\windows\Tasks\HPCeeScheduleForJimmy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43].2014-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2014-06-27 18:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2014-06-27 18:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2014-06-27 18:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 162328]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256].------- Supplementary Scan -------.uStart Page = hxxp://my.earthlink.net/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*Trusted Zone: mynewsonthego.com\wwwTCP: DhcpNameServer = 192.168.1.1DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.5.0.28\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exec:\program files (x86)\Cyberlink\Shared files\RichVideo.exec:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exec:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exec:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe.**************************************************************************.Completion time: 2014-12-01 12:48:21 - machine was rebootedComboFix-quarantined-files.txt 2014-12-01 17:48.Pre-Run: 886,266,875,904 bytes freePost-Run: 885,992,902,656 bytes free.- - End Of File - - 992F23FAA42569A5B4783D9C2BEFA5317AD08A9C6237856C13605B5C1E94B211
  11. FRST fix finally finished. Below is the complete fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01Ran by Jimmy at 2014-12-01 09:29:00 Run:1Running from C:\Users\Jimmy\DesktopLoaded Profiles: Jimmy & (Available profiles: Jimmy)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\MountPoints2: {845196c5-3d9f-11e1-a57e-7071bc225c2c} - G:\setup.exe -aHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\MountPoints2: {b2dbdf8a-dbbd-11e0-a784-7071bc225c2c} - G:\setup.exe -aHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKLM-x32 -> DefaultScope {181B67E2-A749-489C-BB8D-D212A82B39DC} URL = SearchScopes: HKLM-x32 -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileDPF: HKLM-x32 {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} https://eetime16.adp...dows-i586-p.exeCHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Jimmy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-10-05]C:\Windows\SysWOW64\jmdpS3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]S3 motccgp; system32\DRIVERS\motccgp.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motmodem; system32\DRIVERS\motmodem.sys [X]S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]Folder: C:\{34E20D7E-B56B-440B-807C-6C5E37620098}Folder: C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D}Folder: C:\{C62D4481-C90A-4B80-B659-635A9D80AB91}Folder: C:\{0D740686-215B-4E61-8D0A-9521C971B553}Folder: C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3}2014-11-30 11:30 - 2014-11-30 11:30 - 00000000 _____ () C:\Windows\SysWOW64\sho4CDD.tmp2014-11-27 09:20 - 2014-11-27 09:20 - 00000000 __SHD () C:\found.0032014-11-26 22:36 - 2014-11-26 22:36 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat2014-11-12 08:28 - 2014-11-12 08:28 - 00000000 __SHD () C:\found.0022014-11-30 17:16 - 2012-02-29 18:34 - 00000000 _____ () C:\Windows\lgfwup.ini2014-11-28 10:41 - 2014-10-20 19:49 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}2014-11-08 15:36 - 2013-10-05 15:45 - 00000390 _____ () C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.jobCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\NativeHooks.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No FileTask: {E97FB094-AC5E-4B68-8562-A7C7055D6B48} - System32\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410 => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTIONTask: C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTIONC:\Program Files (x86)\Registry Cleaner ProAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** "HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{845196c5-3d9f-11e1-a57e-7071bc225c2c}" => Key deleted successfully."HKCR\CLSID\{845196c5-3d9f-11e1-a57e-7071bc225c2c}" => Key not found."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dbdf8a-dbbd-11e0-a784-7071bc225c2c}" => Key deleted successfully."HKCR\CLSID\{b2dbdf8a-dbbd-11e0-a784-7071bc225c2c}" => Key not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully."HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully."HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully."HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe" => Key deleted successfully.C:\Users\Jimmy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx => Moved successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => Key deleted successfully."C:\Windows\SysWOW64\jmdp\SweetNT.crx" => File/Directory not found."C:\Windows\SysWOW64\jmdp" => File/Directory not found.BTCFilterService => Service deleted successfully.motccgp => Service deleted successfully.motccgpfl => Service deleted successfully.motmodem => Service deleted successfully.MotoSwitchService => Service deleted successfully.Motousbnet => Service deleted successfully.motusbdevice => Service deleted successfully. ========================= Folder: C:\{34E20D7E-B56B-440B-807C-6C5E37620098} ======================== The path is not a directory. ========================= Folder: C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D} ======================== The path is not a directory. ========================= Folder: C:\{C62D4481-C90A-4B80-B659-635A9D80AB91} ======================== The path is not a directory. ========================= Folder: C:\{0D740686-215B-4E61-8D0A-9521C971B553} ======================== The path is not a directory. ========================= Folder: C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3} ======================== The path is not a directory.C:\Windows\SysWOW64\sho4CDD.tmp => Moved successfully.C:\found.003 => Moved successfully.C:\Windows\SysWOW64\shortcut_ex.dat => Moved successfully.C:\found.002 => Moved successfully.C:\Windows\lgfwup.ini => Moved successfully.C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job => Moved successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E97FB094-AC5E-4B68-8562-A7C7055D6B48}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E97FB094-AC5E-4B68-8562-A7C7055D6B48}" => Key deleted successfully.C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410 => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410" => Key deleted successfully.C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job not found."C:\Program Files (x86)\Registry Cleaner Pro" => File/Directory not found."C:\Users\Jimmy\Documents\Nina.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Jimmy\Documents\Nina.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. ========= ipconfig /flushdns ========= ========= End of CMD: ========= ========= netsh winsock reset all ========= ========= End of CMD: ========= ========= netsh int ipv4 reset ========= ========= End of CMD: ========= ========= netsh int ipv6 reset ========= ========= End of CMD: ========= EmptyTemp: => Removed 7.5 GB temporary data. The system needed a reboot. ==== End of Fixlog ====
  12. It did create a log. Should I just turn off FRST? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01Ran by Jimmy at 2014-12-01 09:29:00 Run:1Running from C:\Users\Jimmy\DesktopLoaded Profiles: Jimmy & (Available profiles: Jimmy)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\MountPoints2: {845196c5-3d9f-11e1-a57e-7071bc225c2c} - G:\setup.exe -aHKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\MountPoints2: {b2dbdf8a-dbbd-11e0-a784-7071bc225c2c} - G:\setup.exe -aHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKLM-x32 -> DefaultScope {181B67E2-A749-489C-BB8D-D212A82B39DC} URL = SearchScopes: HKLM-x32 -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> {FC0115CA-853F-4F68-9495-AB7847D1F116} URL = BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileDPF: HKLM-x32 {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} https://eetime16.adp...dows-i586-p.exeCHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Jimmy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-10-05]C:\Windows\SysWOW64\jmdpS3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]S3 motccgp; system32\DRIVERS\motccgp.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motmodem; system32\DRIVERS\motmodem.sys [X]S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]Folder: C:\{34E20D7E-B56B-440B-807C-6C5E37620098}Folder: C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D}Folder: C:\{C62D4481-C90A-4B80-B659-635A9D80AB91}Folder: C:\{0D740686-215B-4E61-8D0A-9521C971B553}Folder: C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3}2014-11-30 11:30 - 2014-11-30 11:30 - 00000000 _____ () C:\Windows\SysWOW64\sho4CDD.tmp2014-11-27 09:20 - 2014-11-27 09:20 - 00000000 __SHD () C:\found.0032014-11-26 22:36 - 2014-11-26 22:36 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat2014-11-12 08:28 - 2014-11-12 08:28 - 00000000 __SHD () C:\found.0022014-11-30 17:16 - 2012-02-29 18:34 - 00000000 _____ () C:\Windows\lgfwup.ini2014-11-28 10:41 - 2014-10-20 19:49 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}2014-11-08 15:36 - 2013-10-05 15:45 - 00000390 _____ () C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.jobCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\NativeHooks.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No FileTask: {E97FB094-AC5E-4B68-8562-A7C7055D6B48} - System32\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410 => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTIONTask: C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTIONC:\Program Files (x86)\Registry Cleaner ProAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** "HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{845196c5-3d9f-11e1-a57e-7071bc225c2c}" => Key deleted successfully."HKCR\CLSID\{845196c5-3d9f-11e1-a57e-7071bc225c2c}" => Key not found."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2dbdf8a-dbbd-11e0-a784-7071bc225c2c}" => Key deleted successfully."HKCR\CLSID\{b2dbdf8a-dbbd-11e0-a784-7071bc225c2c}" => Key not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key deleted successfully."HKCR\CLSID\{FC0115CA-853F-4F68-9495-AB7847D1F116}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully."HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully."HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully."HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe" => Key deleted successfully.C:\Users\Jimmy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx => Moved successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => Key deleted successfully."C:\Windows\SysWOW64\jmdp\SweetNT.crx" => File/Directory not found."C:\Windows\SysWOW64\jmdp" => File/Directory not found.BTCFilterService => Service deleted successfully.motccgp => Service deleted successfully.motccgpfl => Service deleted successfully.motmodem => Service deleted successfully.MotoSwitchService => Service deleted successfully.Motousbnet => Service deleted successfully.motusbdevice => Service deleted successfully. ========================= Folder: C:\{34E20D7E-B56B-440B-807C-6C5E37620098} ======================== The path is not a directory. ========================= Folder: C:\{F15FB743-07A8-4703-95A7-C7BDE94F871D} ======================== The path is not a directory. ========================= Folder: C:\{C62D4481-C90A-4B80-B659-635A9D80AB91} ======================== The path is not a directory. ========================= Folder: C:\{0D740686-215B-4E61-8D0A-9521C971B553} ======================== The path is not a directory. ========================= Folder: C:\{A702CBE7-6056-4E31-8FF1-A852587EDFF3} ======================== The path is not a directory.C:\Windows\SysWOW64\sho4CDD.tmp => Moved successfully.C:\found.003 => Moved successfully.C:\Windows\SysWOW64\shortcut_ex.dat => Moved successfully.C:\found.002 => Moved successfully.C:\Windows\lgfwup.ini => Moved successfully.C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job => Moved successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully."HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E97FB094-AC5E-4B68-8562-A7C7055D6B48}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E97FB094-AC5E-4B68-8562-A7C7055D6B48}" => Key deleted successfully.C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410 => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410" => Key deleted successfully.C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job not found."C:\Program Files (x86)\Registry Cleaner Pro" => File/Directory not found."C:\Users\Jimmy\Documents\Nina.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Jimmy\Documents\Nina.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. ========= ipconfig /flushdns ========= ========= End of CMD: ========= ========= netsh winsock reset all ========= ========= End of CMD: ========= ========= netsh int ipv4 reset ========= ========= End of CMD: ========= ========= netsh int ipv6 reset ========= ========= End of CMD: =========
  13. How long should FRST fix take? It's been running for about an hour.
  14. Step 3 RogueKiller log: RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jimmy [Administrator]Mode : Scan -- Date : 11/30/2014 17:50:39 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.earthlink.net/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2167383068-2755855922-1240777557-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.earthlink.net/ -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD10EADS-65P6B0 +++++--- User ---[MBR] fea305df346b7141a2763ffccab48cb8[bSP] 9892de69cdb9d3b2fdefbfa243b8e5d1 : Unknown MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 940788 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1926941121 | Size: 12978 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )
  15. Step 2 Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01Ran by Jimmy at 2014-11-30 17:28:02Running from C:\Users\Jimmy\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Buttons & OSDs control application gen3 (HKLM-x32\...\{BF6B7982-9189-4765-9DD3-039CE6D69C0C}) (Version: 1.0.3.0 - Hewlett-Packard)Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.102 - CinemaNow, Inc.)Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) HiddenCitrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Corel Paint it! touch - IPM (x32 Version: 1.1 - Corel Corporation) HiddenCoupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) HiddenDVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)DVD Menu Pack for HP TouchSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) HiddenElevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.11 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)HP TouchSmart (HKLM-x32\...\{5F10FEF8-0538-4BB7-9020-E553C85427E9}) (Version: 3.0.35.0 - Hewlett-Packard)HP TouchSmart Browser (HKLM-x32\...\{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}) (Version: 3.0.0008 - Hewlett-Packard)HP TouchSmart Calendar (HKLM-x32\...\{6295D2D0-11CB-48F6-A2CF-0E2917A17369}) (Version: 3.1.3532.29998 - Hewlett-Packard)HP TouchSmart Canvas (HKLM-x32\...\{5F12B024-2681-4080-9B24-918D04A8E609}) (Version: 1.1.3611.25561 - Hewlett-Packard)HP TouchSmart Clock (HKLM-x32\...\{053BC793-EB2F-48B6-AB61-6B76CCCCB041}) (Version: 3.0.3572.25998 - Hewlett-Packard)HP TouchSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)HP TouchSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)HP TouchSmart Notes (HKLM-x32\...\{2DBE7159-9081-4DDB-B8DB-31692A41008F}) (Version: 3.1.3544.29053 - Hewlett-Packard)HP TouchSmart Paint it! by Corel (HKLM-x32\...\_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}) (Version: 1.5.0.96 - Hewlett-Packard)HP TouchSmart RecipeBox (HKLM-x32\...\{CB4268B4-CF57-4CF4-82C9-4B013E23DBD5}) (Version: 2.5.3808.27768 - Hewlett-Packard)HP TouchSmart RSS (HKLM-x32\...\{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}) (Version: 3.0.0006 - Hewlett-Packard)HP TouchSmart Tutorials (HKLM-x32\...\{ABB2A845-DD44-4147-95CD-6C18271E5EC2}) (Version: 3.0.5.2 - Hewlett-Packard)HP TouchSmart Twitter (HKLM-x32\...\{AE8C4181-26D7-4E92-A6EF-81BB2A8E0230}) (Version: 1.0.3541.23899 - Hewlett-Packard)HP TouchSmart Weather (HKLM-x32\...\{1AFC20E3-35B0-4916-9809-F6C46A92A695}) (Version: 3.0.0.1 - Hewlett-Packard)HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2219 - Hewlett-Packard)HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)J2SE Runtime Environment 5.0 Update 9 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2167383068-2755855922-1240777557-1001\...\Juniper_Setup_Client) (Version: 7.1.5.14305 - Juniper Networks, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)LG CyberLink LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) HiddenLG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3325 - CyberLink Corp.)LG CyberLink Power2Go (x32 Version: 6.2.3325 - CyberLink Corp.) HiddenLG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)LG CyberLink PowerDVD (x32 Version: 8.0.2815d - CyberLink Corp.) HiddenLG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)LG CyberLink PowerProducer (x32 Version: 5.0.2.2130 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)Movie Theme Pack for HP TouchSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)PictureProject (HKLM-x32\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )PictureProject In Touch Downloader 1.0 (HKLM-x32\...\PictureProject In Touch Downloader) (Version: 1.0 - Fotonation Inc.)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) HiddenPure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) HiddenQuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) HiddenSafari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\NativeHooks.dll No FileCustomCLSID: HKU\S-1-5-21-2167383068-2755855922-1240777557-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 12-11-2014 15:50:18 Windows Update12-11-2014 16:52:26 Windows Update26-11-2014 23:22:27 Windows Update27-11-2014 02:11:00 Removed Nikon Message Center27-11-2014 03:30:00 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0134B8B8-EC28-4FD5-A818-CE2BDBEB1674} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)Task: {09712931-6318-4611-987F-5C9E1AADF40A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)Task: {1491FAB6-EDF5-43E0-8C1C-7074D115EC5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {15B649A0-1566-4E6A-A11E-37E240F176C4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {192A9D0F-A49B-47E9-ACE2-4389906B9462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {319E10CB-C1DB-494E-A92F-8237A8D86BEC} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)Task: {31CDE280-E394-48EC-8BF0-2850C8EB5D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)Task: {349D659F-C087-4FF4-9801-00D0635BB193} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)Task: {35F985E2-3C4A-4E02-8576-264C71B9D8F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {380B8F33-22BA-4DAE-A167-F8CDF4B89858} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {3CC5CCA9-14D3-4742-9C41-053A096A81C7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {3D9FE30F-BB74-440E-A275-A21C020AF966} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {43DB880E-70A2-4173-87A4-25AD40900F1F} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exeTask: {43DDBD2B-D6FE-4CFA-8279-ECE46CA522F4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {4F6549C5-E8F3-4586-B92F-5AB5E92C906C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {4F9ED15C-A87E-4E7B-AB8A-F207EC77090E} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)Task: {52940A8E-8930-4A39-B009-3818DC571456} - System32\Tasks\{C1ABA19D-C466-155F-EB7F-FFB1B17CBB22} => C:\Windows\system32\ibadp.dll/s "C:\Windows\system32\ibadp.dll"Task: {5A256347-FC21-4C6F-A39B-57461EC5EE3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)Task: {6D1C87D0-9C34-48BC-B34E-36366423E29E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {7093EFD6-B7B9-4EC8-B71C-11A256B3678B} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)Task: {76FD3BBB-123E-4F7F-940C-4613E8C030B5} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)Task: {7A4761F4-C2A9-4437-972F-5116CB3692F3} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()Task: {7A792A7B-4AEB-458B-AD7D-5466FB2507C1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {7B3AB8E2-14C9-4CBA-B7D0-417FF41B2C9B} - System32\Tasks\HPCeeScheduleForJimmy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {7C82D18E-8ADA-43F2-9F1F-F6910179B71C} - System32\Tasks\{F1E08A2E-7F6B-45BB-9970-49B468BBF643} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)Task: {7F728772-C602-4188-A771-6C9D013AD869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)Task: {8855DC22-4F77-47A1-8D27-DD2E5BD91AAF} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeTask: {942D6D83-1CB1-450B-AADC-5A83943DEB0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: {A0DE1F36-8A82-42DF-AE24-ABB9C2E02880} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2167383068-2755855922-1240777557-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {B7724BBA-67BE-485C-BE53-FA368016F269} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)Task: {C775A00B-A513-4853-A832-FDC3D758E097} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {D462BF6D-2F39-4A66-AB25-32B95A4B6FAC} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)Task: {DCC42802-8A95-4313-BB8A-E909E2DF8AC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {E97FB094-AC5E-4B68-8562-A7C7055D6B48} - System32\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410 => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTIONTask: {F3F6C188-F380-4D52-AF3E-2F83BAD1D958} - System32\Tasks\{C39635BA-EB52-46D2-92EA-48572B8EB887} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)Task: {F8EE0096-C6C6-4453-92F7-D635B9020180} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)Task: {FDF46E11-8A07-496F-BF9F-E8A5C2D8F035} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001Core.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2167383068-2755855922-1240777557-1001UA.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForJimmy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exeTask: C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_a169da67-e2c6-4f3f-99da-34bcf7bc9410.job => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-03-08 07:27 - 2009-01-21 05:47 - 00247152 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe2010-03-08 07:14 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll2011-09-19 15:59 - 2011-09-19 15:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll2011-09-19 15:57 - 2011-09-19 15:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll2014-05-01 15:31 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll2014-11-26 20:04 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll2014-11-26 20:04 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll2014-11-26 20:04 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll2014-11-26 20:04 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Jimmy\Documents\.apdisk:com.apple.quarantineAlternateDataStreams: C:\Users\Jimmy\Documents\.DS_Store:AFP_AfpInfoAlternateDataStreams: C:\Users\Jimmy\Documents\.TemporaryItems:AFP_AfpInfoAlternateDataStreams: C:\Users\Jimmy\Documents\.TemporaryItems:com.apple.quarantineAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Jimmy\Documents\Nina.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2167383068-2755855922-1240777557-500 - Administrator - Disabled)Guest (S-1-5-21-2167383068-2755855922-1240777557-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-2167383068-2755855922-1240777557-1002 - Limited - Enabled)Janet (S-1-5-21-2167383068-2755855922-1240777557-1004 - Administrator - Enabled)Jimmy (S-1-5-21-2167383068-2755855922-1240777557-1001 - Administrator - Enabled) => C:\Users\Jimmy ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/30/2014 05:13:38 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )Description: {hap=16:app=ONENOTEM 9014006204090000:tid=1514:usr=Jimmy}The client was unable to connect to an Application Virtualization Server (rc 16D1160A-0000E028) Error: (11/30/2014 05:13:38 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {hap=16:app=ONENOTEM 9014006204090000:tid=1514:usr=Jimmy}The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/EssentialsC2R/en-us/14.0.4763.1000/EssentialsC2R.en-us_14.0.7137.5001.sft'(rc 16D1160A-0000E028, original rc 16D1160A-0000E028). Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )Description: The index cannot be initialized. Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )Description: The application cannot be initialized. Context: Windows Application Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details:The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors:=============Error: (11/30/2014 05:12:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/30/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (11/30/2014 05:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:04:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:04:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:04:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:02:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/30/2014 05:02:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (11/30/2014 05:13:38 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )Description: {hap=16:app=ONENOTEM 9014006204090000:tid=1514:usr=Jimmy}16D1160A-0000E028 Error: (11/30/2014 05:13:38 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {hap=16:app=ONENOTEM 9014006204090000:tid=1514:usr=Jimmy}http://c2r.microsoft.com/EssentialsC2R/en-us/14.0.4763.1000/EssentialsC2R.en-us_14.0.7137.5001.sft16D1160A-0000E02816D1160A-0000E028 Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )Description: Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )Description: Context: Windows Application Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )Description: Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: Context: Windows Application, SystemIndex Catalog Details:Element not found. (HRESULT : 0x80070490) (0x80070490)Search.TripoliIndexer Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )Description: Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)Search.JetPropStore Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )Description: Context: Windows Application, SystemIndex Catalog Details:The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)The catalog is corrupt Error: (11/30/2014 05:11:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)4700 CodeIntegrity Errors:=================================== Date: 2013-09-19 18:29:22.724 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-19 18:29:22.384 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 330 @ 2.13GHzPercentage of memory in use: 53%Total physical RAM: 3831.11 MBAvailable physical RAM: 1774.11 MBTotal Pagefile: 7660.41 MBAvailable Pagefile: 5130.96 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:918.74 GB) (Free:814.43 GB) NTFSDrive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.74 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: E02110E8)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=918.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.