Teralax

Sounds good. I wasn't sure if I could do that. Thanks

It's not that it had multiple svchost. It was using > 90% of the cpu. I was able to update the Windows update agent, and then ran the readiness tool which took all night but it repaired a lot of stuff. Windows Updates then ran and now cpu is sitting at 1% usage when idle. I think we might be clean. Here are the logs. Addition.txt FRST.txt

Any other suggestions? Any other reports needed?

Still running slow with the svchost process using lots of cpu.

ESET ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=init # utc_time=2017-08-18 07:18:06 # local_time=2017-08-18 02:18:06 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 34446 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=updated # utc_time=2017-08-18 07:23:33 # local_time=2017-08-18 02:23:33 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # engine=34446 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-08-19 04:58:56 # local_time=2017-08-18 11:58:56 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Security *' # compatibility_mode=3603 16777213 100 86 774782 2965560 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 128520110 254662186 0 0 # scanned=419494 # found=5 # cleaned=5 # scan_time=34522 sh=325E731D317FB0D81FE28FD4545062D09C7589E3 ft=1 fh=60deeae98ff4a745 vn="a variant of Win32/AdInstaller potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Documents\Dictionary\DictionaryBoss.exe" sh=3B6118F8F80E489613A7DA50479B702DEBB39804 ft=1 fh=778c92552a6808c4 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinter.exe" sh=5824B8D927C533484F6499CF201F9AFFE8F21E1F ft=1 fh=1d005e947f2a5474 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinterCPS.exe" sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSI48B4.tmp" sh=D65FE023EE548A502ECD63616B9C3FDE31214469 ft=1 fh=15c731add8118119 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSIDE97.tmp"

ADWcleaner log. The other scan is still running right now and I will post that later. # AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 18 19:07:31 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: BeFrugal.com Service ***** [ Folders ] ***** Deleted: C:\Users\mzlindaniles\AppData\LocalLow\HPAppData Deleted: C:\Users\mzlindaniles\AppData\Roaming\iWin Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Toolbar4 Deleted: C:\Users\mzlindaniles\AppData\Roaming\Yahoo!\Companion Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Inbox Toolbar Deleted: C:\Program Files (x86)\Crawler Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 Deleted: C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log Deleted: C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} Deleted: C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Deleted: C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log Deleted: C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Deleted: C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} Deleted: C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log Deleted: C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Deleted: C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Deleted: C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log ***** [ Files ] ***** Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Deleted: C:\Users\All Users\Desktop\eBay.lnk Deleted: C:\Users\Public\Desktop\eBay.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Image File Execution Options%s keys deleted ::Prefetch files deleted ::Proxy settings cleared ::TCP/IP settings cleared ::Firewall rules cleared ::IPSec settings cleared ::BITS queue cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4371 B] - [2017/8/18 19:5:11] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

I have a system that I have scanned with Malwarebytes to remove some things but the system is still running slow with svchost using a very high % of cpu. Attached are the FRST, Addition, and malwarebytes logs. Addition.txtmalwarebytes.txtFRST.txt

I can't donate at this time but will at some point. All is clear, thanks for the help.

Thanks so much for the help.

Try it again. Other scans were clean so I think we are good. TDSSKiller.3.0.0.41_09.11.2014_15.40.33_log.txt

I had attached that file last time so I'm not sure what happened to it. Here it is again.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01 Ran by Karol's Krafts (administrator) on KAROLSKRAFTS-HP on 09-11-2014 16:00:59 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Karol's Krafts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6B34797B52FBCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {86DAA2AF-D596-4268-9C99-92539D18F6D3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 192.168.2.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-18] Chrome: ======= CHR Profile: C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed] R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2006-08-22] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-12-21] (SafeNet, Inc) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] () S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 15:59 - 2014-11-09 15:59 - 00006830 _____ () C:\Users\Karol's Krafts\Desktop\JRT.txt 2014-11-09 15:54 - 2014-11-09 15:54 - 00000000 ____D () C:\Windows\ERUNT 2014-11-09 15:48 - 2014-11-09 15:52 - 00000000 ____D () C:\AdwCleaner 2014-11-04 20:35 - 2014-11-09 16:01 - 00000000 ____D () C:\FRST 2014-11-04 20:22 - 2014-11-04 20:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-04 20:22 - 2014-11-04 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-04 20:21 - 2014-11-09 15:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 20:21 - 2014-11-08 07:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 20:21 - 2014-11-07 06:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-04 20:21 - 2014-11-07 06:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-03 13:56 - 2014-11-03 13:56 - 00000046 _____ () C:\Users\Karol's Krafts\AppData\Roaming\WB.CFG 2014-11-02 23:08 - 2014-11-02 23:08 - 00000000 ____D () C:\Users\Karol's Krafts\.android 2014-11-02 22:48 - 2014-11-02 22:48 - 00001087 _____ () C:\Users\Karol's Krafts\Desktop\Continue Kik Installation.lnk 2014-11-02 21:25 - 2014-11-02 21:25 - 00000000 ___HD () C:\Users\Public\Temp 2014-10-21 22:25 - 2014-11-02 21:40 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9C26C7D-FDD4-47AE-AABB-0FDAEA98B6D2} 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-10-21 00:09 - 2014-10-21 00:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:08 - 2014-10-21 01:33 - 00000000 ____D () C:\Users\Guest 2014-10-21 00:08 - 2013-01-01 16:08 - 00000000 ____D () C:\Users\Guest\Documents\Visual Studio 2008 2014-10-21 00:08 - 2012-11-03 21:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help 2014-10-15 20:29 - 2014-10-15 21:08 - 00000000 ____D () C:\Users\Karol's Krafts\Desktop\Embroidery Files 2014-10-15 19:10 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 19:10 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 19:10 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 19:10 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 19:10 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 19:10 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 19:10 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 19:10 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 19:10 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 19:10 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 19:10 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 19:10 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 19:10 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 19:10 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 19:10 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 19:10 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 19:10 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 19:10 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 19:10 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 19:10 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 19:10 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 19:10 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 19:10 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 19:10 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 19:10 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 19:10 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 19:10 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 19:10 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 19:10 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 19:10 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 19:10 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 19:10 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 19:10 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 19:10 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 19:10 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 19:09 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 19:09 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 19:09 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 19:09 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 19:09 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 19:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 19:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 19:07 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 19:07 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 19:07 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 19:07 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 19:07 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 19:07 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 19:07 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 19:06 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 19:06 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 16:00 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-09 16:00 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-09 15:59 - 2009-07-13 23:13 - 00848842 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-09 15:57 - 2012-05-07 17:12 - 01788921 _____ () C:\Windows\WindowsUpdate.log 2014-11-09 15:52 - 2013-06-22 20:39 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job 2014-11-09 15:52 - 2013-02-11 22:03 - 00025028 _____ () C:\Windows\setupact.log 2014-11-09 15:52 - 2013-02-11 22:02 - 01120150 _____ () C:\Windows\PFRO.log 2014-11-09 15:52 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-09 15:50 - 2013-06-22 20:39 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarol's Krafts 2014-11-09 15:50 - 2012-08-18 18:41 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-09 15:42 - 2012-08-10 19:53 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B64AD4A8-D89C-42CD-9076-124118D592E3} 2014-11-08 07:22 - 2013-09-27 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-07 21:01 - 2014-03-25 15:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 05:24 - 2012-05-07 17:24 - 00000000 ____D () C:\ProgramData\Norton 2014-11-04 20:21 - 2013-09-27 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-04 20:14 - 2011-07-12 21:37 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-04 19:12 - 2014-03-25 15:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 19:12 - 2014-03-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-03 20:05 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-03 19:52 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini 2014-11-02 23:08 - 2012-08-10 19:43 - 00000000 ____D () C:\Users\Karol's Krafts 2014-11-02 21:37 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-02 21:24 - 2012-08-17 20:18 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\CrashDumps 2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-21 23:58 - 2013-02-10 22:03 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\Spotify 2014-10-21 22:48 - 2013-02-10 22:04 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\Spotify 2014-10-21 03:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-21 01:33 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow 2014-10-21 01:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration 2014-10-20 23:14 - 2009-07-13 23:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-20 15:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 20:02 - 2009-07-13 22:45 - 00433288 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 19:58 - 2014-05-13 07:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 19:35 - 2012-11-03 17:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 19:28 - 2013-08-17 04:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:21 - 2012-10-28 15:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 12:39 - 2011-07-12 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-10-14 11:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp Some content of TEMP: ==================== C:\Users\Karol's Krafts\AppData\Local\Temp\Quarantine.exe C:\Users\Karol's Krafts\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 20:05 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01 Ran by Karol's Krafts at 2014-11-09 16:02:14 Running from G:\Malware Removal\Farbar Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) FUTURA SES1000 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.6 - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - JP (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CreativeStudio (HKLM-x32\...\{319A4F81-CBD7-48EF-91CF-03651E6EFB9B}) (Version: 4.2.0 - Statler Stitcher) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Galil DMC .Net API for Visual Studio 2005 (HKLM-x32\...\{072E9B7C-850B-4397-B104-098170742FAF}) (Version: 2.0.0.0 - Galil Motion Control) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Spotify (HKU\S-1-5-21-3278930305-513671393-255404018-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 05:11:33 Restore Operation 21-10-2014 05:39:15 Windows Backup 21-10-2014 05:40:34 Restore Operation 21-10-2014 10:26:26 Windows Backup 25-10-2014 06:17:06 Windows Update 28-10-2014 23:44:14 Windows Backup 01-11-2014 02:08:46 Windows Update 03-11-2014 02:02:54 Windows Backup 04-11-2014 02:03:39 Removed BlueStacks Notification Center 05-11-2014 01:06:19 Windows Update 05-11-2014 02:10:09 Removed Java SE Runtime Environment 6 Update 1 05-11-2014 02:13:33 Removed Adobe Reader X (10.1.7) MUI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {001B574F-D9C2-424E-BF80-973C2FDCF8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {365081E8-61DF-4B7E-BC76-094BBFC4FC98} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {487EBD0B-81CD-4B50-9D1C-D6CA374CCDE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {56C0E808-0F50-4D4E-9C83-93F39D01AA35} - System32\Tasks\HPCeeScheduleForKarol's Krafts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {7E29630D-29D5-4C32-8A44-6B1C9CA443E0} - System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {9A25F1A8-AAB8-48A6-9A4A-97BA8645E065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {A84104BC-C353-486C-ADBC-3C8CFB201EFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B2D2F68C-71A1-40A1-B2DB-A76B34938914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {C767E5C2-BEA1-4A9E-B9B1-FA2F92F1A2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D04B6F09-0E0D-41EF-AD7A-F61C1FCBC876} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {D290C98A-F1F1-4276-9995-7658CDFADDDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {FDCA346F-E531-4653-A2F3-CA0A497E0198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-16 20:36 - 2014-10-16 20:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2012-05-07 17:13 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61844844.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61844844.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3278930305-513671393-255404018-500 - Administrator - Disabled) Guest (S-1-5-21-3278930305-513671393-255404018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3278930305-513671393-255404018-1008 - Limited - Enabled) Karol's Krafts (S-1-5-21-3278930305-513671393-255404018-1000 - Administrator - Enabled) => C:\Users\Karol's Krafts ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-02-05 00:06:51.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-05 00:06:51.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.449 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 49% Total physical RAM: 1899.86 MB Available physical RAM: 960.71 MB Total Pagefile: 3799.72 MB Available Pagefile: 2534.31 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.47 GB) (Free:206.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32 Drive g: (BOOT) (Removable) (Total:0.98 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 1008.5 MB) (Disk ID: 007BA292) Partition 1: (Active) - (Size=1008 MB) - (Type=0C) ==================== End Of Log ============================

# AdwCleaner v4.101 - Report created 09/11/2014 at 15:51:54 # Updated 09/11/2014 by Xplode # Database : 2014-11-07.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Karol's Krafts - KAROLSKRAFTS-HP # Running from : G:\Malware Removal\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Online Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\ExtiriaShoPpeir Folder Deleted : C:\ProgramData\GoldenCoupon Folder Deleted : C:\ProgramData\PrionceCoeuupon Folder Deleted : C:\ProgramData\RoyAlCouPOn Folder Deleted : C:\ProgramData\ShoPpErMAsteru Folder Deleted : C:\Program Files (x86)\MyWebSearch Folder Deleted : C:\Program Files (x86)\PrionceCoeuupon Folder Deleted : C:\Users\Karol's Krafts\AppData\Local\PackageAware Folder Deleted : C:\Users\Karol's Krafts\AppData\LocalLow\Delta Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\Babylon Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\pccustubinstaller Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\serv Folder Deleted : C:\Users\Karol's Krafts\AppData\Roaming\Strongvault Folder Deleted : C:\Users\Karol's Krafts\Documents\Optimizer Pro Folder Deleted : C:\Users\Public\Documents\iWin File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Karol's Krafts\Desktop\SpeedAnalysis.lnk File Deleted : C:\Users\Karol's Krafts\Desktop\Sync Folder.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\.bdc Key Deleted : HKLM\SOFTWARE\Classes\.bgl Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Deleted : HKLM\SOFTWARE\Classes\PrincECCoauPon.PrincECCoauPon Key Deleted : HKLM\SOFTWARE\Classes\PrincECCoauPon.PrincECCoauPon.1.5 Key Deleted : HKCU\Software\5a2db8fe63eeb10 Key Deleted : HKLM\SOFTWARE\5a2db8fe63eeb10 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{BF141186-509A-053F-B635-5065A7CB8F5A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Compete Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\CompeteInc Key Deleted : HKLM\SOFTWARE\FocusInteractive Key Deleted : HKLM\SOFTWARE\Fun Web Products Key Deleted : HKLM\SOFTWARE\InstallCore Key Deleted : HKLM\SOFTWARE\MyWebSearch Key Deleted : HKLM\SOFTWARE\NpApp Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\Upt Key Deleted : HKLM\SOFTWARE\WinUpd Key Deleted : HKLM\SOFTWARE\SI-App Key Deleted : HKLM\SOFTWARE\RST Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Upt Key Deleted : [x64] HKLM\SOFTWARE\WinUpd Key Deleted : [x64] HKLM\SOFTWARE\SI-App Key Deleted : [x64] HKLM\SOFTWARE\RST Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.111 [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir= -\\ Chromium v [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7B473FAC-4D41-4483-8405-E4146F48641F&q={searchTerms}&SSPV=T21114_sp_ch [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Karol's Krafts\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_44_ie&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyD0A0CtByE0F0BtByB0AtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0ByDtCyDyE0EtGtAzy0F0CtGyD0AyCyDtGzytA0C0AtGyDtD0AyCyCtBtB0C0A0Ezz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyDtC0EtD0C0A0AtGzytA0BzztGyEtC0DyCtG0B0A0B0DtGyCzztC0CtAtAyEyD0A0FtDzy2Q&cr=1885302309&ir= ************************* AdwCleaner[R0].txt - [13660 octets] - [09/11/2014 15:48:15] AdwCleaner[s0].txt - [14910 octets] - [09/11/2014 15:51:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14971 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Home Premium x64 Ran by Karol's Krafts on Sun 11/09/2014 at 15:54:41.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3278930305-513671393-255404018-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\BetterPriceChec Successfully deleted: [Folder] C:\ProgramData\saverneit Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{03F82449-67EC-40BE-AA0F-15C263C624C9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{04E0B190-E774-4884-8A3F-43F8B04CE90A} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{05801566-0B4A-4DEC-9715-04B02F686FD5} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{0D272D21-627B-481D-A453-F87371187DDF} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{14C4F433-9329-4026-A80C-32C79116DB23} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{165D131F-EC83-45B9-BDB6-2F9D84A43024} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{219BB496-A0CD-4C9E-BCD5-673E0F9C2083} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{2524B21B-0D2A-4BA8-989A-9F26C3B8C8F6} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{28CE29BF-749C-4B57-9707-0A8C6C2CEE2D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{2FBEBB1C-6BA7-4B03-A721-ED9E0692A5CD} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{3E313BBD-F76F-407F-A7A5-F764AE7557F5} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{471D9E57-19D0-4654-8A9E-01C1B35288F9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5320213D-48BB-4DA1-9712-B5C016B4E164} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{57AAAD3E-F5A1-468B-B423-6009136DFCEE} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5ADE26EB-DC04-4FC1-92EE-54F43C1FDC6A} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5C9264AA-8977-42DF-99C5-0961DCC7136D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{5F9BA2CF-2D64-4EF1-B16F-575C59043E10} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{62549F80-65D0-4908-A55D-CB826B68779B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{62907825-1AF4-4C21-B158-D7A7BA4C8346} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{6604B43B-32CB-47F4-942F-E160CB1E3D2E} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{697DE168-4B44-4E68-9332-6C8981F90B57} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{6E373CB8-90E2-4D23-9A82-B3229A2E454E} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{73645B0D-A226-48DE-8C1E-3436B50FBE4C} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{76E58B61-D425-4F3E-84C5-786B2898AFAC} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7B4DB67D-DAB8-4A86-B476-013ED5E63115} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7C5BA1AE-49DD-495C-9B56-2D0EF0BA2482} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{7DAC8E46-F040-4102-93F7-61E5E82C740B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{8993DD2A-1FE3-435B-A9FD-528DC9EFE0E9} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{8BBB14F0-EA82-4D88-8409-FDBE231E839B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{950F8BD9-ECDF-4E8C-A556-63F892449C0C} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{9CF3E279-4A59-4364-884A-A9C1845516CC} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{9FE981E5-F8DB-4537-B588-CACABF5FDE23} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{B5876851-AD2D-4D22-92C7-23C6BB32CCB0} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{B6B1B15F-E426-4795-BD2F-390A3B3F68D8} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{BDAF0920-6DCD-4CFD-B353-B62E67D2BE4D} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{C127E86F-8636-46B6-BAC9-F6990B755F26} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{CE93002D-D08F-48D6-8FD4-70D4F29EB0BF} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{DFB0D789-58E5-4B1B-A948-CAC9148318E0} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{ED90E67D-CB23-463B-BE19-AF73B1723B88} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{EF007199-2B14-47C4-B422-9A7F53F9F9D7} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{F77D224D-2BFD-4312-9A5B-A7CDD79C301B} Successfully deleted: [Empty Folder] C:\Users\Karol's Krafts\appdata\local\{FAEC5551-53C3-4D91-AE43-3C1682A24A04} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 11/09/2014 at 15:59:30.92 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The code ran fine and the browsers reset. Can now access the internet. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01 Ran by Karol's Krafts at 2014-11-08 06:30:13 Run:2 Running from G:\Malware Removal\Farbar Loaded Profile: Karol's Krafts (Available profiles: Karol's Krafts) Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms} S2 MaintainerSvc6.37.565328; "C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe" [X] C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-02 13:45 - 2014-11-02 13:46 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} 2014-11-02 13:44 - 2014-11-02 13:44 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} 2014-11-02 13:42 - 2014-11-02 13:42 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} 2014-10-31 20:20 - 2014-10-31 20:21 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} C:\ProgramData\adf80ae5fb1c0699 2014-11-07 06:09 - 2013-03-23 22:38 - 00000000 ____D () C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis EmptyTemp: end ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. MaintainerSvc6.37.565328 => Service not found. "C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7" => File/Directory not found. C:\Users\Karol's Krafts\AppData\Local\{DFA69DAE-5C3A-40A4-B91F-27C9B1828084} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{D29D090B-AE65-4F34-A820-6B770BE64CDA} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{9D94E47E-D26C-4574-946C-5D251968FCA6} => Moved successfully. C:\Users\Karol's Krafts\AppData\Local\{827691BE-BB6E-465C-A162-577453AC7C98} => Moved successfully. C:\ProgramData\adf80ae5fb1c0699 => Moved successfully. C:\Users\Karol's Krafts\AppData\Roaming\SpeedanAlysis => Moved successfully. EmptyTemp: => Removed 4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by Karol's Krafts at 2014-11-07 20:18:15 Running from G:\Malware Removal\Farbar Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) FUTURA SES1000 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.6 - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - JP (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CreativeStudio (HKLM-x32\...\{319A4F81-CBD7-48EF-91CF-03651E6EFB9B}) (Version: 4.2.0 - Statler Stitcher) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Galil DMC .Net API for Visual Studio 2005 (HKLM-x32\...\{072E9B7C-850B-4397-B104-098170742FAF}) (Version: 2.0.0.0 - Galil Motion Control) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}) (Version: 4.1.7.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Sentinel Protection Installer 7.3.2 (HKLM-x32\...\{EDFE2142-CFB3-44AB-A961-DE85F6408A28}) (Version: 7.3.2 - SafeNet, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 05:11:33 Restore Operation 21-10-2014 05:39:15 Windows Backup 21-10-2014 05:40:34 Restore Operation 21-10-2014 10:26:26 Windows Backup 25-10-2014 06:17:06 Windows Update 28-10-2014 23:44:14 Windows Backup 01-11-2014 02:08:46 Windows Update 03-11-2014 02:02:54 Windows Backup 04-11-2014 02:03:39 Removed BlueStacks Notification Center 05-11-2014 01:06:19 Windows Update 05-11-2014 02:10:09 Removed Java SE Runtime Environment 6 Update 1 05-11-2014 02:13:33 Removed Adobe Reader X (10.1.7) MUI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {001B574F-D9C2-424E-BF80-973C2FDCF8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {365081E8-61DF-4B7E-BC76-094BBFC4FC98} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {487EBD0B-81CD-4B50-9D1C-D6CA374CCDE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {7E29630D-29D5-4C32-8A44-6B1C9CA443E0} - System32\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {9A25F1A8-AAB8-48A6-9A4A-97BA8645E065} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {A84104BC-C353-486C-ADBC-3C8CFB201EFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B2D2F68C-71A1-40A1-B2DB-A76B34938914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {C6C0BECA-EF79-41FB-888A-3FC12BC2DBA2} - System32\Tasks\HPCeeScheduleForKarol's Krafts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C767E5C2-BEA1-4A9E-B9B1-FA2F92F1A2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D04B6F09-0E0D-41EF-AD7A-F61C1FCBC876} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {D290C98A-F1F1-4276-9995-7658CDFADDDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {FDCA346F-E531-4653-A2F3-CA0A497E0198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarol's Krafts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKAROLSKRAFTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-16 20:36 - 2014-10-16 20:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2012-05-07 17:13 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3278930305-513671393-255404018-500 - Administrator - Disabled) Guest (S-1-5-21-3278930305-513671393-255404018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3278930305-513671393-255404018-1008 - Limited - Enabled) Karol's Krafts (S-1-5-21-3278930305-513671393-255404018-1000 - Administrator - Enabled) => C:\Users\Karol's Krafts ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/07/2014 06:13:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 08:04:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (11/06/2014 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (11/06/2014 05:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . System errors: ============= Error: (11/07/2014 06:11:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MaintainerSvc6.37.565328 service failed to start due to the following error: %%2 Error: (11/07/2014 06:11:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/07/2014 06:11:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/07/2014 06:07:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MaintainerSvc6.37.565328 service terminated unexpectedly. It has done this 1 time(s). Error: (11/06/2014 05:24:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/06/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/06/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Error: (11/04/2014 07:56:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MetafileNetSDK.exe service failed to start due to the following error: %%2 Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%13. Error: (11/04/2014 07:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sentinel64 service failed to start due to the following error: %%20 Microsoft Office Sessions: ========================= Error: (11/07/2014 06:13:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 08:04:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (11/06/2014 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (11/06/2014 05:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:13:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. Error: (11/04/2014 08:10:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. CodeIntegrity Errors: =================================== Date: 2014-02-05 00:06:51.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-05 00:06:51.073 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-31 22:32:23.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.543 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-27 17:21:17.449 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-18 20:36:02.171 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-14 23:22:28.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aksfridge.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 46% Total physical RAM: 1899.86 MB Available physical RAM: 1015.13 MB Total Pagefile: 3799.72 MB Available Pagefile: 2552.91 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.47 GB) (Free:206.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32 Drive g: (BOOT) (Removable) (Total:0.98 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 1008.5 MB) (Disk ID: 007BA292) Partition 1: (Active) - (Size=1008 MB) - (Type=0C) ==================== End Of Log ============================