Jump to content

MyOSProtect.dll BAD IMAGE ERROR


mattyc8

Recommended Posts

Hello mattyc8, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to a USB drive.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Move the file from your USB onto the Desktop of the infected PC.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites

Hello, 

 

Yes, that's OK. 

But perhaps you have an alternative method to transfer files from computer to computer? 

 

-----------------------

 

MyOSProtect is known to affect the Winsock. It sounds as if the infection may have been removed, but has left the Winsock corrupt.  

So in the meantime, please do the following on the infected PC, and let me know if this resolves your Internet issue.

 

MgeHyNE.png Internet Flush

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ipv4 resetnetsh int ipv6 resetshutdown -r -t 1del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
Link to post
Share on other sites

Hello, 

 

This machine is in quite a mess. 

After running the script in Step 1, you should be able to connect to the Internet. 
If not, please stop and let me know. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • ASPCA Reminder by We-Care.com v4.1.19.1
    • AVG Web TuneUp
    • FreeFixer
    • GoSave
    • LPT System Updater Service
    • MyPC Backup
    • OffersWizard Network System Driver
    • Playtopus
    • QuickShare
    • RegClean Pro
    • Search Protect
    • Severe Weather Alerts
    • Software Version Updater
    • suprasavings
    • SupraSavings
    • System Update kb70007
    • WiseConvert B Toolbar
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the programmes uninstall OK? 
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Lisa Elkins at 2014-11-27 21:53:53
Running from K:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.19.1 (HKLM-x32\...\{F5575DD6-8112-45A6-8FFA-C7249C3D8E1F}) (Version: 4.1.19.1 - We-Care.com)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.6 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CardRecoveryPro 2.1.5 (HKLM-x32\...\{CE13C819-54FF-44B0-8195-5A2095142CF0}_is1) (Version: 2.1.5 - LionSea SoftWare)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contents (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version: - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.1 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.224 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio 2010 (HKLM-x32\...\_{CBC7FF57-42A3-414E-B8EA-D971C986BA40}) (Version: 1.5.0.227 - Corel Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Disk SpeedUp 1.4.0.888 (HKLM-x32\...\Disk SpeedUp) (Version: 1.4.0.888 - Glarysoft Ltd)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3960248527-375143567-1064361422-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoSave (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: - ) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 1.00.0005 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.224 - Corel Corporation) Hidden
IPM_PSP_CL (x32 Version: 1.00.0000 - Your Company Name) Hidden
IPM_PSP_COM (x32 Version: 1.00.0000 - Your Company Name) Hidden
IPM_V (x32 Version: 1.52 - Corel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MLE (x32 Version: 1.00.0005 - Corel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pacesetter BES Lettering (HKLM-x32\...\{4DE9A762-7EEF-435F-B7E7-EAEADE5EE97A}) (Version: 1.0.0.2303 - Pulse Microsystems)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PE-DESIGN 8 (HKLM-x32\...\{DDA3DECF-AC1F-41AD-A1C7-A2617BEA1E26}) (Version: 8.03.0000 - Brother Industries, Ltd.)
PE-DESIGN NEXT (HKLM-x32\...\{041EDAC5-853E-4A10-A0C8-ED0CF7769306}) (Version: 9.01.0000 - Brother Industries, Ltd.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Playtopus (HKU\S-1-5-21-3960248527-375143567-1064361422-1000\...\Playtopus) (Version: - Playtopus)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.00.0005 - Corel Corporation) Hidden
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Setup (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.224 - Corel Corporation) Hidden
Severe Weather Alerts (HKU\S-1-5-21-3960248527-375143567-1064361422-1000\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
Share (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Share64 (Version: 1.00.0005 - Corel Corporation) Hidden
Silhouette Studio (HKLM-x32\...\{0706D4E8-C4DD-408C-94DA-4F7E8B3BCC66}) (Version: 3.0.343 - Silhouette America)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.9 - ) <==== ATTENTION
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Sure Cuts A Lot 2.044 (HKLM-x32\...\Sure Cuts A Lot 2_is1) (Version: - Craft Edge)
Sure Cuts A Lot 3.053 (HKLM-x32\...\Sure Cuts A Lot 3_is1) (Version: - Craft Edge)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VDS10 (x32 Version: 1.00.0005 - Corel Corporation) Hidden
VIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WiseConvert B Toolbar (HKLM-x32\...\WiseConvert_B Toolbar) (Version: 6.10.3.508 - WiseConvert B)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3960248527-375143567-1064361422-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-11-2014 08:00:13 Windows Update
24-11-2014 00:00:06 Windows Backup
26-11-2014 04:10:33 Installed AVG 2015
26-11-2014 04:11:28 Installed AVG 2015
27-11-2014 14:24:12 Restore Operation
27-11-2014 15:06:00 Removed iTunes
27-11-2014 15:25:20 Removed iTunes
27-11-2014 15:28:07 Removed Norton Online Backup
27-11-2014 17:11:05 Restore Operation
27-11-2014 17:25:47 Removed iTunes
27-11-2014 17:32:17 Windows Backup
27-11-2014 20:48:09 Removed iTunes
27-11-2014 22:52:55 Restore Operation
28-11-2014 01:16:36 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D6E8D6E-148C-4A30-8365-24EA7C3D4E20} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {1CE3AF6F-5522-4794-8573-8226B170C3A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1D1D15A5-5C6A-4824-9BF4-C32A195CDCD4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {21F5B5F1-C67D-4324-B1F2-B5FF565E4B45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2AC74109-2D46-4BEA-A7E2-4A4922A8C49E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {2AE63067-BD04-46E5-84C9-026DFDE93B2C} - System32\Tasks\{00EC50B7-DA3C-4BF4-A621-0CB477B1A493} => E:\mbam.exe
Task: {321E0AE3-C1D4-40DA-90D3-05C616356964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {3874DC32-7FA8-476D-97CE-B9653421C99B} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Lisa Elkins\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {3FD921CA-AB35-4E6F-A4F3-9B39E6E70851} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {5B414F09-FD3C-4B7D-9481-4F2E29336EA5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {6B048521-2F99-481F-96C5-E140848BCF4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {701C228C-8AEE-42D3-B5AE-ECDF7A7143B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {70D06F89-7D49-44D2-9CBF-949845C9B377} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\LISAEL~1\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest <==== ATTENTION
Task: {76267201-1276-4AC8-B5F8-DB3991D370D9} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
Task: {78F4DDF3-CE03-44E3-A074-0EE30B00A2CB} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-09-16] (Kephyr)
Task: {7CCCBBAB-7964-49D0-94ED-256A4944491A} - System32\Tasks\{EDDDC4CF-3960-4197-948D-111C81661782} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-06-17] (AVG Technologies CZ, s.r.o.)
Task: {97042621-4F8F-47B0-AB04-6C0607FA9548} - System32\Tasks\hpUrlLauncher.exe_{5175D7BD-4FF6-4575-A741-A9AD2D33AD41} => C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AE304BB8-6207-4B50-AE34-71D4733B8003} - System32\Tasks\{30E2C6B6-33C3-42ED-B557-73B78F7E5F7A} => E:\mbam.exe
Task: {AEC7979A-678B-4C9F-848D-49ED845B424A} - System32\Tasks\{23E79FA6-66F4-45F8-89F7-DF697D8795C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-06-17] (AVG Technologies CZ, s.r.o.)
Task: {B6496A40-88B4-4BD2-88BA-2084800C88C0} - System32\Tasks\AmiUpdXp => C:\Users\Lisa Elkins\AppData\Local\31874\a10052.exe [2014-09-23] () <==== ATTENTION
Task: {BB3F6951-A8EE-4518-897C-5B7CA45197A8} - System32\Tasks\HPCeeScheduleForLISAELKINS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BBDDA8B5-17AC-49A2-8976-1DFC687FAE62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BEF25205-545C-4CB8-9FA5-449F56B36DDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D550D3FF-122B-4BBB-BAAB-82425D00B323} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {DD632920-9DA0-487B-86E0-19E9433A23F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E88F8412-0B86-4B7E-A5AE-8B86B9ED52E1} - System32\Tasks\HPCeeScheduleForLisa Elkins => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EB0E82C0-17C7-43BE-878D-8D541AC157BE} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: {EF42FF38-3CDC-4563-9D2C-F59380DE9D7B} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F4611494-B531-4408-B92B-16F43F82DE2C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Lisa Elkins\AppData\Local\31874\a10052.exe <==== ATTENTION
Task: C:\windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForLisa Elkins.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForLISAELKINS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\Playtopus Updater.job => C:\Users\LISAEL~1\AppData\Local\PLAYTO~1\Updater.dll <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-28 17:33 - 2014-07-28 17:33 - 00180736 _____ () C:\windows\SysWOW64\nethtsrv.exe
2014-07-31 02:33 - 2014-07-31 02:33 - 00162816 _____ () C:\windows\SysWOW64\netupdsrv.exe
2011-09-08 15:53 - 2011-09-08 15:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 14:41 - 2011-08-02 14:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-16 17:14 - 2014-04-16 17:14 - 58503920 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio.exe
2014-04-16 17:14 - 2014-04-16 17:14 - 04849376 _____ () C:\Program Files (x86)\Silhouette Studio\Resources\Resources\SPEC_ANY\AH\aspex_helper.exe
2014-11-27 21:41 - 2014-11-27 21:41 - 00043008 _____ () c:\Users\Lisa Elkins\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq56kvq.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Lisa Elkins\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-09 10:46 - 2014-09-09 10:46 - 00108544 _____ () C:\windows\SysWOW64\hfnapi.dll
2014-09-09 10:47 - 2014-09-09 10:47 - 00246784 _____ () C:\windows\SysWOW64\hfpapi.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 01865216 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\RBGUIFramework.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00096256 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\Appearance Pak.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00088576 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\Crypto.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00137216 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\Browser Plugin.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00013824 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\Internet Encodings.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00031744 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\Shell.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 01418398 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\SSLSocket.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00293376 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\XML.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00077824 _____ () C:\Program Files (x86)\Silhouette Studio\Silhouette Studio Libs\RBAutoProxySetup.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00462336 _____ () C:\Program Files (x86)\Silhouette Studio\libFreeType-6.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 01865216 _____ () C:\Program Files (x86)\Silhouette Studio\Resources\Resources\SPEC_ANY\AH\aspex_helper Libs\RBGUIFramework.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00013824 _____ () C:\Program Files (x86)\Silhouette Studio\Resources\Resources\SPEC_ANY\AH\aspex_helper Libs\Internet Encodings.dll
2014-04-16 17:13 - 2014-04-16 17:13 - 00031744 _____ () C:\Program Files (x86)\Silhouette Studio\Resources\Resources\SPEC_ANY\AH\aspex_helper Libs\Shell.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Lisa Elkins\Downloads\IC# 838776 Jonathan Elkins v. Sears Holding Corp.PR-Product Repair.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Lisa Elkins^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-3960248527-375143567-1064361422-500 - Administrator - Disabled)
Guest (S-1-5-21-3960248527-375143567-1064361422-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3960248527-375143567-1064361422-1002 - Administrator - Enabled)
Lisa Elkins (S-1-5-21-3960248527-375143567-1064361422-1000 - Administrator - Enabled) => C:\Users\Lisa Elkins

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2014 09:44:00 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 06:05:44 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 05:48:43 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 05:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QuickShare.exe, version: 11.24.60.15709, time stamp: 0x531c99c9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xQuickShare.exe0
Faulting application path: QuickShare.exe1
Faulting module path: QuickShare.exe2
Report Id: QuickShare.exe3

Error: (11/27/2014 03:53:14 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 03:51:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QuickShare.exe, version: 11.24.60.15709, time stamp: 0x531c99c9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xQuickShare.exe0
Faulting application path: QuickShare.exe1
Faulting module path: QuickShare.exe2
Report Id: QuickShare.exe3

Error: (11/27/2014 00:23:59 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 00:23:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QuickShare.exe, version: 11.24.60.15709, time stamp: 0x531c99c9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xQuickShare.exe0
Faulting application path: QuickShare.exe1
Faulting module path: QuickShare.exe2
Report Id: QuickShare.exe3

Error: (11/27/2014 10:34:57 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/27/2014 10:24:37 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
Exception Type: System.Net.Sockets.SocketException
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
at HPTouchSmartSyncCalReminderApp.Program.StartExecution()


System errors:
=============
Error: (11/27/2014 09:52:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/27/2014 09:52:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/27/2014 09:52:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/27/2014 09:41:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Error: (11/27/2014 09:41:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcmaxservice Service service failed to start due to the following error:
%%2

Error: (11/27/2014 09:41:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LPT System Updater Service service failed to start due to the following error:
%%216

Error: (11/27/2014 09:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (11/27/2014 09:41:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (11/27/2014 09:41:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (11/27/2014 07:32:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}


Microsoft Office Sessions:
=========================
Error: (07/10/2014 02:20:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 195382 seconds with 11520 seconds of active time. This session ended with a crash.

Error: (12/13/2013 03:25:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 153767 seconds with 4140 seconds of active time. This session ended with a crash.

Error: (12/05/2013 01:38:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 200095 seconds with 4740 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD A6-3650 APU with Radeon HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7666.86 MB
Available physical RAM: 5399.34 MB
Total Pagefile: 15331.89 MB
Available Pagefile: 12950.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.52 GB) (Free:788.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.77 GB) (Free:2.1 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:413.78 GB) NTFS
Drive k: (MINI JUMP) (Removable) (Total:3.73 GB) (Free:3.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 02309E53)

Partition: GPT Partition Type.

========================================================
Disk: 5 (Size: 465.8 GB) (Disk ID: 03C21875)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by Dad (administrator) on JDUMOND-PC on 01-12-2014 17:48:48
Running from C:\Users\Dad\Desktop
Loaded Profile: Dad (Available profiles: Dad & Matty & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.6.0.32\n360.exe
() C:\monitor.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-27] (Dell Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [uSB2Check] => RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM\...\Run: [uSBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Run: [MicroUpdate] => [X]
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2451990378-2058768758-2733107056-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-2451990378-2058768758-2733107056-1002] => http=127.0.0.1:13989;https=127.0.0.1:13989
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN39312857011267729&UM=2&ctid=CT3306058&UP=SP9D792C3B-0A80-4BB5-9431-C36762685702&SSPV=
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x609722DC2A06CD01
HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0BtBtDtD0FyD0ByD0EtDtN0D0Tzu0CyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1631432615&ir=
URLSearchHook: HKLM - appmarket- Toolbar - {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Users\Dad\AppData\LocalLow\appmarket-\prxtbapp0.dll (ClientConnect Ltd.)
URLSearchHook: HKLM - Connect DLC 2 Toolbar - {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Users\Dad\AppData\LocalLow\Connect_DLC_2\prxtbCon0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 - appmarket- Toolbar - {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Users\Dad\AppData\LocalLow\appmarket-\prxtbapp0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 - Connect DLC 2 Toolbar - {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Users\Dad\AppData\LocalLow\Connect_DLC_2\prxtbCon0.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> DefaultScope {4F359E24-B28A-4E4B-9937-BA30B29C4070} URL =
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> DefaultScope {4F359E24-B28A-4E4B-9937-BA30B29C4070} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN39312857011267729&UM=2
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {184B14BD-C633-4300-8441-1724DB251B69} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN19811707528341170&UM=2
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {4F359E24-B28A-4E4B-9937-BA30B29C4070} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN39312857011267729&UM=2
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {51D3A28E-60E2-4ED1-90E7-18969E96ED6E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=663769&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NSS&chn=retail&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {042B31D1-2C44-453D-94D4-CA688FC698Fb} -> No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PassShow -> {3E46BA33-472C-C70B-98B5-C897A2B2BC82} -> C:\Program Files\PassShow-soft\171.dll ()
BHO: Connect DLC 2 Toolbar -> {515b2424-5911-40bd-8a2c-bdb20286d8f5} -> C:\Users\Dad\AppData\LocalLow\Connect_DLC_2\prxtbCon0.dll (ClientConnect Ltd.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: appmarket- Toolbar -> {64d64833-9296-421b-a362-83cfbd6291b6} -> C:\Users\Dad\AppData\LocalLow\appmarket-\prxtbapp0.dll (ClientConnect Ltd.)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TheSea.TheSeaPlugin -> {C585D593-E7F3-4852-A200-561686EE02E4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - appmarket- Toolbar - {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Users\Dad\AppData\LocalLow\appmarket-\prxtbapp0.dll (ClientConnect Ltd.)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Connect DLC 2 Toolbar - {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Users\Dad\AppData\LocalLow\Connect_DLC_2\prxtbCon0.dll (ClientConnect Ltd.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> appmarket- Toolbar - {64D64833-9296-421B-A362-83CFBD6291B6} - C:\Users\Dad\AppData\LocalLow\appmarket-\prxtbapp0.dll (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-2451990378-2058768758-2733107056-1002 -> Connect DLC 2 Toolbar - {515B2424-5911-40BD-8A2C-BDB20286D8F5} - C:\Users\Dad\AppData\LocalLow\Connect_DLC_2\prxtbCon0.dll (ClientConnect Ltd.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [0] ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [0] ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [0] ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [0] ()
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 33 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 34 C:\Windows\system32\MyOSProtect.dll [0] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default
FF DefaultSearchEngine: appmarket- Customized Web Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN41421927631559864&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN18108188262929716&UM=2&SearchSource=13&UP=SP9D792C3B-0A80-4BB5-9431-C36762685702&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN18108188262929716&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-2451990378-2058768758-2733107056-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\searchplugins\whitesmoke-new-customized-web-search.xml
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safesearch.xml
FF Extension: mysearchdial.com - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\ffxtlbr@mysearchdial.com [2013-11-16]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-03-16]
FF Extension: Connect DLC 2 - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5} [2013-12-23]
FF Extension: appmarket- - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6} [2013-11-15]
FF Extension: WhiteSmoke New - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [2013-10-01]
FF Extension: MySearchDial NewTab - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-11-16]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2014-06-17]
FF Extension: No Name - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\33l6bxim.default\Extensions\{d8c88b89-2bf0-5cb8-6032-67872fb5aa5c} [2013-10-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-15]
FF HKLM\...\Firefox\Extensions: [Hotbar@Hotbar.com] - C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-01]
FF HKU\S-1-5-21-2451990378-2058768758-2733107056-1002\...\Firefox\Extensions: [{9E25901B-AC01-F78A-23FB-ADE6AABA5737}] - C:\Program Files\PassShow-soft\171.xpi
FF Extension: PassShow - C:\Program Files\PassShow-soft\171.xpi [2014-05-27]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3307181&SearchSource=48&CUI=UN31125349353133041&UM=2&UP=SP9D792C3B-0A80-4BB5-9431-C36762685702&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9D792C3B-0A80-4BB5-9431-C36762685702&SSPV=", "", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0BtBtDtD0FyD0ByD0EtDtN0D0Tzu0CyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1631432615&ir=", "hxxp://search.conduit.com/?ctid=CT3306058&SearchSource=48&CUI=UN26372883141568231&UM=2", "hxxp://search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9D792C3B-0A80-4BB5-9431-C36762685702&SSPV="
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (Connect DLC 2) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj [2013-12-23]
CHR Extension: (AdBlock) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-26]
CHR Extension: (Domain Error Assistant) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-10-08]
CHR Extension: (WhiteSmoke New) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-10-08]
CHR Extension: (PassShow) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjanhkopfogkecfihffbncbgedljhdn [2014-05-27]
CHR Extension: (Slick Savings) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-10-08]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (GreatArcadeHits) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2014-01-17]
CHR Extension: (MySearchDial) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-09]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]
CHR HKLM\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx [2014-09-22]
CHR HKLM\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Dad\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-12-11]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-09-20]
CHR HKLM\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Dad\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2013-09-20]
CHR HKLM\...\Chrome\Extension: [jhjjdgbhohaallcimgcmakfiobacimkm] - C:\Program Files\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx [2014-03-13]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Dad\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-24]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM\...\Chrome\Extension: [mphpbdjcljebbcnfopfngmfdackbbdgf] - C:\Program Files\DealPly\DealPly.crx [2014-10-15]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Dad\AppData\Local\mysearchdial-speeddial.crx [2013-11-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-19] (APN LLC.)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S3 HcwDevCentralService; C:\Program Files\Hauppauge\DeviceCentral\HcwDevCentralService.exe [394512 2013-12-16] (Hauppauge Computer Works, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3904976 2010-11-03] (INCA Internet Co., Ltd.) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-30] (Avanquest Software) [File not signed]
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [800856 2013-11-04] (Hauppauge Computer Work, Inc.)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141126.001\IDSvix86.sys [479448 2014-11-26] (Symantec Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141126.005\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141126.005\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-19] (Creative Technology Ltd.)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed]
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-08-25] (Symantec Corporation)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 17:48 - 2014-12-01 17:48 - 00038720 _____ () C:\Users\Dad\Desktop\Addition.txt
2014-12-01 17:46 - 2014-12-01 17:49 - 00034309 _____ () C:\Users\Dad\Desktop\FRST.txt
2014-12-01 17:45 - 2014-12-01 17:48 - 00000000 ____D () C:\FRST
2014-12-01 17:42 - 2014-12-01 22:28 - 01109504 _____ (Farbar) C:\Users\Dad\Desktop\FRST.exe
2014-11-26 21:56 - 2014-11-26 21:56 - 00000000 ____D () C:\Windows\pss
2014-11-26 21:10 - 2014-11-26 21:11 - 00000000 ____D () C:\Users\Dad\Downloads\Remix Chasing Time
2014-11-09 14:08 - 2014-11-09 14:08 - 00166104 _____ () C:\Users\Dad\Documents\Track 1 - 36.sfk
2014-11-09 14:08 - 2014-11-09 14:08 - 00001024 _____ () C:\Users\Dad\Documents\Track 1 - 37.wav
2014-11-09 14:04 - 2014-11-09 14:25 - 1246677871 _____ () C:\Users\Dad\Desktop\2014_11_9_14_4_44.MP4
2014-11-09 14:04 - 2014-11-09 14:08 - 42509018 _____ () C:\Users\Dad\Documents\Track 1 - 36.wav
2014-11-09 14:04 - 2014-11-09 14:04 - 00017656 _____ () C:\Users\Dad\Documents\Track 1 - 35.sfk
2014-11-09 14:03 - 2014-11-09 14:04 - 04505074 _____ () C:\Users\Dad\Documents\Track 1 - 35.wav
2014-11-09 14:03 - 2014-11-09 14:03 - 00087432 _____ () C:\Users\Dad\Documents\Track 1 - 34.sfk
2014-11-09 14:02 - 2014-11-09 14:04 - 143561999 _____ () C:\Users\Dad\Desktop\2014_11_9_14_2_0.MP4
2014-11-09 14:01 - 2014-11-09 14:03 - 11184002 _____ () C:\Users\Dad\Documents\Track 1 - 34.wav
2014-11-09 14:01 - 2014-11-09 14:01 - 00039480 _____ () C:\Users\Dad\Documents\Track 1 - 33.sfk
2014-11-09 13:59 - 2014-11-09 14:01 - 10092462 _____ () C:\Users\Dad\Documents\Track 1 - 33.wav
2014-11-09 13:59 - 2014-11-09 13:59 - 00022872 _____ () C:\Users\Dad\Documents\Track 1 - 32.sfk
2014-11-09 13:58 - 2014-11-09 14:01 - 140024979 _____ () C:\Users\Dad\Desktop\2014_11_9_13_58_54.MP4
2014-11-09 13:58 - 2014-11-09 13:59 - 05840946 _____ () C:\Users\Dad\Documents\Track 1 - 32.wav
2014-11-09 13:58 - 2014-11-09 13:58 - 00021256 _____ () C:\Users\Dad\Documents\Track 1 - 31.sfk
2014-11-09 13:56 - 2014-11-09 13:58 - 05426782 _____ () C:\Users\Dad\Documents\Track 1 - 31.wav
2014-11-09 13:56 - 2014-11-09 13:56 - 01067114 _____ () C:\Users\Dad\Documents\Track 1 - 30.wav
2014-11-09 13:56 - 2014-11-09 13:56 - 00004224 _____ () C:\Users\Dad\Documents\Track 1 - 30.sfk
2014-11-02 13:42 - 2014-11-02 13:42 - 2178978586 _____ () C:\Users\Dad\Downloads\Adobe Illustrator CS6.exe
2014-11-01 14:22 - 2014-11-27 13:28 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-11-01 14:22 - 2014-11-01 14:22 - 00000000 ____D () C:\Users\Dad\AppData\Local\AskPartnerNetwork
2014-11-01 14:22 - 2014-11-01 14:22 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-11-01 14:21 - 2014-11-01 14:21 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\RHEng
2014-11-01 14:20 - 2014-11-01 14:21 - 00000755 _____ () C:\Users\Dad\Desktop\µTorrent.lnk
2014-11-01 14:20 - 2014-11-01 14:21 - 00000735 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-11-01 14:20 - 2014-11-01 14:20 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\OpenCandy
2014-11-01 14:20 - 2014-11-01 14:20 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-11-01 14:19 - 2014-11-01 14:19 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2014-11-01 14:19 - 2014-11-01 14:19 - 00000912 _____ () C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2014-11-01 14:19 - 2014-11-01 14:19 - 00000000 ____D () C:\Program Files\Adobe Download Assistant
2014-11-01 14:18 - 2014-11-26 21:56 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\uTorrent
2014-11-01 14:18 - 2014-11-01 14:18 - 02524336 _____ () C:\Users\Dad\Downloads\AdobeDownloadAssistant.exe
2014-11-01 14:16 - 2014-11-01 14:16 - 00010848 _____ () C:\Users\Dad\Downloads\13F1D8CBAD14B91DEE4F2776B50A4F9A0EA4DFA4.torrent
2014-11-01 14:15 - 2014-11-01 14:15 - 01689168 _____ (BitTorrent Inc.) C:\Users\Dad\Downloads\uTorrent.exe
2014-11-01 13:58 - 2014-11-01 13:58 - 00000000 ____D () C:\Users\Dad\Downloads\EVERYTHING_v.1_SESOHQ
2014-11-01 13:32 - 2014-11-01 13:32 - 00000779 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-11-01 13:31 - 2014-11-01 13:31 - 00000000 ____D () C:\ProgramData\Gyazo
2014-11-01 13:13 - 2014-11-01 13:58 - 693055770 _____ () C:\Users\Dad\Downloads\EVERYTHING_v.1_SESOHQ.rar
2014-11-01 13:09 - 2014-11-01 13:09 - 00000000 ____D () C:\Users\Dad\Desktop\CONCERSION 6K GFX PACK PART 1
2014-11-01 13:01 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-01 13:01 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-01 13:01 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 17:43 - 2012-03-15 22:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1003UA.job
2014-12-01 17:41 - 2010-03-11 06:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 17:40 - 2006-11-02 05:33 - 00006768 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 17:37 - 2013-11-16 18:06 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job
2014-12-01 17:37 - 2008-01-20 20:35 - 01811426 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 17:34 - 2014-08-05 20:49 - 00002399 _____ () C:\Windows\setupact.log
2014-12-01 17:33 - 2010-03-11 06:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 17:32 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 17:32 - 2006-11-02 07:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 17:32 - 2006-11-02 07:47 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 14:08 - 2011-11-06 11:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1001UA.job
2014-11-27 14:07 - 2014-04-13 21:08 - 00000000 ____D () C:\Users\Matty\AppData\Local\CrashDumps
2014-11-27 13:55 - 2013-08-26 12:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 13:37 - 2006-11-02 08:01 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-26 23:46 - 2014-09-13 14:14 - 00000000 ____D () C:\Program Files\Web Protect
2014-11-26 23:43 - 2012-03-15 22:38 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1003Core.job
2014-11-26 22:48 - 2014-07-19 19:43 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Gameo
2014-11-26 22:48 - 2014-01-08 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-26 22:48 - 2014-01-08 17:22 - 00000000 ____D () C:\Program Files\Gyazo
2014-11-26 22:48 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-11-26 22:16 - 2014-01-31 23:48 - 00000000 ____D () C:\Program Files\D
2014-11-26 22:08 - 2013-08-26 21:03 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1002UA.job
2014-11-26 22:08 - 2013-08-26 21:03 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1002Core.job
2014-11-26 22:01 - 2014-09-13 14:17 - 00000000 _____ () C:\Windows\system32\MyOSProtect.dll
2014-11-26 21:56 - 2013-08-26 12:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 21:56 - 2012-03-24 17:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 21:49 - 2009-11-06 14:52 - 00000000 ____D () C:\Program Files\Steam
2014-11-26 21:34 - 2009-12-03 13:21 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-26 21:13 - 2014-07-19 19:44 - 00000000 ____D () C:\Users\Dad\AppData\Local\Gameo
2014-11-10 19:34 - 2011-11-06 11:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451990378-2058768758-2733107056-1001Core.job
2014-11-02 13:44 - 2014-08-12 10:44 - 00023736 _____ () C:\Windows\PFRO.log
2014-11-02 13:41 - 2012-03-16 00:53 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2014-11-02 03:58 - 2014-02-18 20:55 - 00000000 __SHD () C:\Users\Dad\Desktop\Photoshop Full - Crack
2014-11-02 02:01 - 2013-12-19 17:07 - 00000172 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG
2014-11-01 13:55 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-01 13:32 - 2014-07-12 21:31 - 00000779 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-11-01 13:07 - 2013-09-08 19:04 - 00000000 ____D () C:\Users\Dad\Documents\Outlook Files
2014-11-01 13:07 - 2011-02-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-01 12:32 - 2006-11-02 07:47 - 00694296 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\John\Illustrator_15_LS1.exe


Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\_is10D9.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-01 17:41

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.