fujimo Posted December 28, 2015 ID:1009360 Share Posted December 28, 2015 Hello This is the misses computer and it is running real slow and have tried the typical at home remedies with little success. Attached are the requested files. Thank You, Fujimo Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015Ran by Kim (administrator) on KIM-PC (28-12-2015 09:21:02)Running from C:\Users\Kim\DesktopLoaded Profiles: Kim & dad (Available Profiles: Kim & dad)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe(Mindspark) C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunHKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)HKLM-x32\...\Run: [OnlineMapFinder EPM Support] => C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmedint.exe [11608 2015-11-23] (Mindspark)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyAD (the data entry has 186 more characters).Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\MountPoints2: {08f20c2e-d6a4-11df-8c24-00266c405352} - F:\setup.exe -aShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyEnable: [s-1-5-21-2631828835-1692535062-918339071-1003] => Proxy is enabled.Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-2631828835-1692535062-918339071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmURLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No FileURLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)SearchScopes: HKLM -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM -> {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> DefaultScope {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM-x32 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {29CBFF08-804D-4F0E-9440-9D8D3B7595E2} URL = hxxps://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5129A74F-7CFA-46BD-A86D-6AA33ADFAB9F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> DefaultScope {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/ie.aspx?q={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No FileBHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)BHO-x32: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2015-11-23] (Mindspark)BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [2009-11-16] (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)Toolbar: HKLM-x32 - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}FireFox:========FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.defaultFF Homepage: hxxp://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\system32\npdeployJava1.dll [2012-05-07] (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @movenetworks.com/Quantum Media Player -> C:\Users\Kim\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-11-05] (Move Networks)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-27] (Unity Technologies ApS)FF Extension: Printing Helper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\yywvepveag@yywvepveag.org.xpi [2012-12-09] [not signed]FF Extension: Coupon Manager - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} [2010-02-09] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-23] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2015-12-20] [not signed]FF HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Kim\AppData\Roaming\Move NetworksFF Extension: Move Media Player - C:\Users\Kim\AppData\Roaming\Move Networks [2010-11-05] [not signed]Chrome:=======CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Chrome Web Store Payments) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)R2 OnlineMapFinder_9pService; C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [89432 2015-11-23] (Mindspark)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation )R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-11] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-28 09:21 - 2015-12-28 09:22 - 00030328 _____ C:\Users\Kim\Desktop\FRST.txt2015-12-28 09:20 - 2015-12-28 09:21 - 00000000 ____D C:\FRST2015-12-28 09:20 - 2015-12-28 09:20 - 02370560 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe2015-12-09 00:12 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2015-12-09 00:12 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll2015-12-09 00:11 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-12-09 00:11 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-12-09 00:11 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-12-09 00:11 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-12-09 00:11 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-12-09 00:11 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-12-09 00:11 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-12-09 00:11 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll2015-12-09 00:11 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll2015-12-09 00:11 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll2015-12-09 00:11 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll2015-12-09 00:11 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-12-09 00:11 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-12-09 00:11 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-12-09 00:11 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-12-09 00:11 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-12-09 00:11 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-12-09 00:11 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll2015-12-09 00:11 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-12-09 00:11 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll2015-12-09 00:11 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-12-09 00:11 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-12-09 00:11 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-12-09 00:11 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-12-09 00:11 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-12-09 00:11 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-12-09 00:11 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-12-09 00:11 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-12-09 00:11 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-12-09 00:11 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-12-09 00:11 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-12-09 00:11 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-12-09 00:11 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-12-09 00:11 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-12-09 00:11 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-09 00:11 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-12-09 00:11 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-12-09 00:11 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll2015-12-09 00:11 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll2015-12-09 00:11 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-12-09 00:11 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-12-09 00:11 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-12-09 00:11 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-12-09 00:11 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-12-09 00:11 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-12-09 00:11 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-12-09 00:11 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-12-09 00:11 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-12-09 00:11 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-12-09 00:11 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-12-09 00:11 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-12-09 00:11 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-12-09 00:11 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-12-09 00:11 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-12-09 00:11 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-12-09 00:11 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-12-09 00:11 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-12-09 00:11 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-12-09 00:11 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-12-09 00:11 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-12-09 00:11 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-12-09 00:11 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-12-09 00:11 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-12-09 00:11 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll2015-12-09 00:11 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-12-09 00:11 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-12-09 00:11 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-12-09 00:11 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-12-09 00:11 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-12-09 00:11 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-12-09 00:11 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-12-09 00:11 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-12-09 00:11 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-12-09 00:11 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll2015-12-09 00:11 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll2015-12-09 00:11 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys2015-12-09 00:11 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll2015-12-09 00:11 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll2015-12-09 00:11 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL2015-12-09 00:11 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll2015-12-09 00:11 - 2015-10-08 14:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls2015-12-09 00:11 - 2015-10-08 13:52 - 00419928 _____ C:\windows\system32\locale.nls2015-12-09 00:10 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll2015-12-09 00:10 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll2015-11-30 17:59 - 2015-11-30 17:59 - 00000000 ____D C:\Users\Kim\AppData\Local\OnlineMapFinder_9p2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Users\Kim\AppData\LocalLow\OnlineMapFinder_9p2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Program Files (x86)\OnlineMapFinder_9p==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-28 09:23 - 2010-02-09 16:19 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-28 09:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows2015-12-28 09:03 - 2010-02-09 16:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-28 08:53 - 2013-09-18 13:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2015-12-27 14:40 - 2015-07-28 22:26 - 00000378 _____ C:\windows\Tasks\REGSERVO.job2015-12-24 17:48 - 2009-11-12 21:21 - 00000000 ____D C:\Program Files (x86)\Java2015-12-24 17:47 - 2014-10-31 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-12-24 17:46 - 2015-10-20 22:16 - 00000000 ____D C:\Users\Kim\.oracle_jre_usage2015-12-24 17:45 - 2014-10-31 09:35 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2015-12-22 20:39 - 2013-10-03 20:36 - 00000000 ____D C:\ProgramData\CanonIJPLM2015-12-20 11:46 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\system32\GWX2015-12-17 11:24 - 2010-02-25 21:18 - 00000000 ____D C:\Users\Kim\AppData\Local\ElevatedDiagnostics2015-12-16 19:09 - 2010-03-25 20:47 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-15 22:51 - 2010-02-22 19:22 - 00000000 ____D C:\ProgramData\Sonic2015-12-15 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF2015-12-09 22:30 - 2015-07-21 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-09 22:30 - 2014-12-23 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-09 22:30 - 2014-10-31 08:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-12-09 22:30 - 2014-02-21 22:05 - 00000000 ____D C:\Program Files\CCleaner2015-12-09 22:30 - 2012-01-18 20:53 - 00000000 ____D C:\Users\Kim\AppData\Local\Autobahn2015-12-09 22:30 - 2011-09-23 21:07 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console2015-12-09 22:30 - 2011-03-29 08:12 - 00000000 ____D C:\Program Files (x86)\iTunes2015-12-09 22:30 - 2011-03-06 13:37 - 00000000 ____D C:\Program Files (x86)\QuickTime2015-12-09 22:30 - 2011-03-06 13:36 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-12-09 22:30 - 2010-02-22 19:24 - 00000000 ____D C:\ProgramData\CinemaNow2015-12-09 22:30 - 2010-02-09 20:31 - 00000000 ____D C:\Users\dad2015-12-09 22:30 - 2010-02-09 11:57 - 00000000 ____D C:\Users\Kim2015-12-09 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration2015-12-09 22:30 - 2008-12-03 21:19 - 00000000 ____D C:\Users\Kim\Documents\worksheets2015-12-09 19:44 - 2013-09-18 13:10 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater2015-12-09 19:44 - 2012-08-30 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-12-09 19:44 - 2011-11-10 06:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-09 04:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache2015-12-09 04:05 - 2009-07-13 23:45 - 00517976 _____ C:\windows\system32\FNTCACHE.DAT2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf2015-12-09 03:44 - 2010-01-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-09 03:41 - 2012-01-28 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-09 03:28 - 2013-08-14 02:10 - 00000000 ____D C:\windows\system32\MRT2015-12-09 03:08 - 2010-02-22 20:01 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-12-05 23:31 - 2009-07-14 00:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI2015-12-03 22:18 - 2010-02-09 16:19 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-03 22:18 - 2010-02-09 16:19 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-11-28 09:18 - 2015-04-30 21:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk==================== Files in the root of some directories =======2011-05-18 19:52 - 2013-07-01 16:55 - 0001940 _____ () C:\Users\Kim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini2010-03-25 20:47 - 2010-03-25 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.datFiles to move or delete:====================C:\Users\Kim\jagex_runescape_preferences.datSome files in TEMP:====================C:\Users\Kim\AppData\Local\Temp\jre-8u66-windows-au.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\SysWOW64\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-12-20 12:35==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015Ran by Kim (2015-12-28 09:24:01)Running from C:\Users\Kim\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2010-02-09 16:57:39)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-2631828835-1692535062-918339071-500 - Administrator - Disabled)dad (S-1-5-21-2631828835-1692535062-918339071-1003 - Administrator - Enabled) => C:\Users\dadGuest (S-1-5-21-2631828835-1692535062-918339071-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2631828835-1692535062-918339071-1005 - Limited - Enabled)Kim (S-1-5-21-2631828835-1692535062-918339071-1001 - Administrator - Enabled) => C:\Users\Kim==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton Security Suite (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Security Suite (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)Aleks 3.16 (HKLM-x32\...\Aleks 3.16) (Version: - )Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )Algebra 1 Teaching Textbook (HKLM-x32\...\Algebra 1 Teaching Textbook) (Version: - Teaching Textbooks Inc.)Amazon Kindle (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Amazon Kindle) (Version: - Amazon)Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.)Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenEdu-Track Home School (HKLM-x32\...\InstallShield_{334396FB-DF73-45A7-94FD-0C576FA87B32}) (Version: 1.46 - ConTECH Solutions, Inc.)Edu-Track Home School (x32 Version: 1.46 - ConTECH Solutions, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenGoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Logos 4 Prerequisites (HKLM-x32\...\{D9EE624B-FEB4-4FBF-9F36-DA6A852FD87E}) (Version: 4.63.00327 - Logos Bible Software)Logos Bible Software 4 (HKLM-x32\...\{8B26A23B-2EBC-4F43-8D72-24D37701C874}) (Version: 4.63.00387 - Logos Bible Software)LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )Monopoly (x32 Version: 2.2.0.82 - WildTangent) HiddenMotoConnect (HKLM-x32\...\{1C643154-0ADF-4B4C-AF17-E315C946A54B}) (Version: 1.1.30 - Motorola)Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)Move Media Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Move Media Player) (Version: - Move Networks)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) HiddenNetwork Recording Player (HKLM-x32\...\{830C1687-F55F-45C1-AD2B-405824DC65DB}) (Version: 2.3.1700 - Cisco WebEx LLC)NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)Norton Security Suite (HKLM-x32\...\N360) (Version: 4.4.0.12 - Symantec Corporation)OnlineMapFinder Internet Explorer Toolbar (HKLM-x32\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTIONOverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenQuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)REA's TESTware for CLEP Western Civilization I (HKLM-x32\...\{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}) (Version: 1.4.5 - REA, Inc. )REA's TESTware for the CLEP Analyzing and Interpreting Literature (HKLM-x32\...\{385A96ED-83C8-4D5A-A092-54DB74762C34}) (Version: 2.1.0 - REA, Inc. )REA's TESTware for the CLEP Sociology (HKLM-x32\...\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}) (Version: 2.1.0 - REA, Inc. )Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)Timez Attack (HKLM-x32\...\Timez Attack 4.04) (Version: 4.04 - Big Brainz)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)Unity Web Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenVirtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVisual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.17 - WildTangent)WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.17 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Product Key Finder Pro® 2.3 (HKLM-x32\...\Windows Product Key Finder Pro®_is1) (Version: - )==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kim\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0411E330-B02E-4DDB-8D83-9384BCD3F0E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {2E7712E1-9224-42E0-A2C0-6A10284B058C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {3C503B32-051C-4CCD-B831-56ED597BF4F1} - System32\Tasks\{77FAD775-F429-4548-A84D-A699CC02DFB8} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeTask: {4125E415-15DC-4A48-8624-94B927BB8A8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {74B8B36B-15C1-4FF1-B74A-9F6BDCC3261B} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)Task: {83617077-7043-46D2-A383-22F16D331902} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)Task: {84C13001-B456-41B1-9856-C0E5D9912E15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {8A4654C3-72C1-45E1-BF68-624F35E7DE92} - System32\Tasks\{6A0597DD-9210-4B2B-8CB5-98961E7CBC55} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {8E26FB08-9DC1-4CA1-87C2-99634E847F26} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)Task: {92547137-8D93-41ED-8DFB-AD01BF503E0D} - System32\Tasks\{3B7B202E-67C9-47FB-801C-BD45E3ADF258} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)Task: {A7E3CA90-71C1-45D8-80B0-030B490959BE} - System32\Tasks\{3AFACA54-2EF1-434E-8CD3-8A12C9D271E1} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {B0BF6FF7-3E53-4CB5-A11A-97E028F1A5C6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)Task: {C2CF61FF-E200-407D-BDA9-0E4AF67F8F2E} - System32\Tasks\{0FE4BE20-286B-4D10-A665-2B5197E46B3E} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {D8A79E2E-C7EC-485A-8102-82F4F0E86690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {E4060FE6-4AD1-4E75-920E-0D77A7B26419} - System32\Tasks\{B277DD0F-9F75-4CA4-9A76-810D6A797A28} => pcalua.exe -a "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU5I8Y8R\aleks316.exe" -d C:\Users\Kim\DesktopTask: {E9D37995-BA16-42BE-8C91-D4F48CD5878B} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTIONTask: {FA4644A0-D68D-48A8-BC8A-47FCA46971BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {FE436B2E-F39C-4319-AEA4-E18F7239627C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-10-03 20:36 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2010-08-26 21:39 - 2010-06-24 13:34 - 00091456 _____ () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll2009-11-12 21:23 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe2009-09-17 14:41 - 2009-09-17 14:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxp://cinemanow.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxps://cinemanow.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\qflix.com -> hxxp://qflix.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\roxio.com -> hxxp://roxio.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\sonic.com -> hxxp://redirect.sonic.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123simsen.com -> www.123simsen.comThere are 7718 more sites.IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123simsen.com -> www.123simsen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123topsearch.com -> www.123topsearch.comThere are 5420 more sites.==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2014-02-21 14:08 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 8.8.8.8 - 8.8.4.4HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: Facebook Update => "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exeFirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeFirewallRules: [{3FD748ED-98F4-456D-913E-E3B96272A548}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exeFirewallRules: [{72A3024A-1FB4-44BB-9219-9519739BC4B8}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exeFirewallRules: [{856E1781-80E9-4176-AEA4-8D80302D2D10}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exeFirewallRules: [{8808DBED-C6D6-4570-AF68-6A7FC5CD3656}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exeFirewallRules: [{083A8ACA-7431-406E-A0A6-8BF662299AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{4D8CCFF1-75CA-4247-92CE-E26C11D8AAAE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{02D4D4C9-C541-4A95-B544-1C68B3CDB5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B877B5CC-B971-4BC4-BABC-55411B049359}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{A2A93002-729F-4B0D-8B54-809BECBA5EDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{6CAE4062-C06D-4AB5-B177-9C4239107046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{019C7C98-FEBC-4A2B-92F6-28F2D76CE7BC}] => (Allow) C:\Users\Kim\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{3757EAE9-6534-4556-9B19-B349EC9D5609}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{DE7B00B8-3F3B-44E9-8986-AC8E86757B1C}] => (Allow) LPort=2869FirewallRules: [{2AA98B20-E522-4806-9866-A9627313C602}] => (Allow) LPort=1900FirewallRules: [{9CD0366B-71AC-452C-8E44-765FAB8122AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{5BD01FFE-DF07-468A-92B0-96389412BF2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Restore Points =========================15-12-2015 22:46:49 Windows Update16-12-2015 19:05:31 Windows Update16-12-2015 19:34:12 Windows Update17-12-2015 03:01:10 Windows Update17-12-2015 10:58:06 Norton Security Suite Registry18-12-2015 10:05:05 Windows Update19-12-2015 10:32:46 Windows Update20-12-2015 11:09:51 Windows Update21-12-2015 03:00:18 Windows Update22-12-2015 03:00:16 Windows Update23-12-2015 09:44:09 Windows Update24-12-2015 09:32:26 Windows Update25-12-2015 10:52:48 Windows Update27-12-2015 14:40:46 Windows Update28-12-2015 08:54:16 Windows Update==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/28/2015 09:25:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 61798782Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 61798782Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6583Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6583Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (12/27/2015 03:16:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/25/2015 01:24:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/24/2015 06:25:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005System errors:=============Error: (12/28/2015 09:25:30 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:20:20 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:18:54 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:14:41 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:14:41 AM) (Source: BROWSER) (EventID: 8020) (User: )Description: The browser was unable to promote itself to master browser. The computer that currentlybelieves it is the master browser is unknown.Error: (12/28/2015 09:09:31 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:04:20 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 08:59:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.Error: (12/28/2015 08:59:10 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 08:54:00 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.CodeIntegrity:=================================== Date: 2014-02-21 14:07:40.143 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 14:07:40.049 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-15 13:14:46.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 13:05:21.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 13:01:18.066 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 12:37:05.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-14 10:21:19.918 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-14 10:14:55.596 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-13 05:39:22.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-13 05:27:26.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHzPercentage of memory in use: 72%Total physical RAM: 3963.99 MBAvailable physical RAM: 1106.12 MBTotal Virtual: 7926.18 MBAvailable Virtual: 4249.86 MB==================== Drives ================================Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:157.9 GB) NTFS ==>[system with boot components (obtained from drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 74B860C1)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 28, 2015 ID:1009361 Share Posted December 28, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please upload them into your next reply. Link to post Share on other sites More sharing options...
fujimo Posted December 28, 2015 Author ID:1009363 Share Posted December 28, 2015 Thanks TwinHeadedEagle for the quick reply attached are the two files rerun. Fujimo Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015Ran by Kim (administrator) on KIM-PC (28-12-2015 10:02:42)Running from C:\Users\Kim\DesktopLoaded Profiles: Kim & dad (Available Profiles: Kim & dad)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe(Mindspark) C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunHKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)HKLM-x32\...\Run: [OnlineMapFinder EPM Support] => C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmedint.exe [11608 2015-11-23] (Mindspark)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyAD (the data entry has 186 more characters).Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\MountPoints2: {08f20c2e-d6a4-11df-8c24-00266c405352} - F:\setup.exe -aShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyEnable: [s-1-5-21-2631828835-1692535062-918339071-1003] => Proxy is enabled.Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-2631828835-1692535062-918339071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepageHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htmURLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No FileURLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)SearchScopes: HKLM -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM -> {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> DefaultScope {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM-x32 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {29CBFF08-804D-4F0E-9440-9D8D3B7595E2} URL = hxxps://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5129A74F-7CFA-46BD-A86D-6AA33ADFAB9F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> DefaultScope {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/ie.aspx?q={searchTerms}SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL =SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No FileBHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)BHO-x32: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2015-11-23] (Mindspark)BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [2009-11-16] (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)Toolbar: HKLM-x32 - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} - No FileToolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}FireFox:========FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.defaultFF Homepage: hxxp://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\system32\npdeployJava1.dll [2012-05-07] (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @movenetworks.com/Quantum Media Player -> C:\Users\Kim\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-11-05] (Move Networks)FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-27] (Unity Technologies ApS)FF Extension: Printing Helper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\yywvepveag@yywvepveag.org.xpi [2012-12-09] [not signed]FF Extension: Coupon Manager - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} [2010-02-09] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-23] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2015-12-20] [not signed]FF HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Kim\AppData\Roaming\Move NetworksFF Extension: Move Media Player - C:\Users\Kim\AppData\Roaming\Move Networks [2010-11-05] [not signed]Chrome:=======CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Chrome Web Store Payments) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)R2 OnlineMapFinder_9pService; C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [89432 2015-11-23] (Mindspark)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation )R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-11] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-28 10:02 - 2015-12-28 10:03 - 00030344 _____ C:\Users\Kim\Desktop\FRST.txt2015-12-28 09:20 - 2015-12-28 10:02 - 00000000 ____D C:\FRST2015-12-28 09:20 - 2015-12-28 09:20 - 02370560 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe2015-12-09 00:12 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2015-12-09 00:12 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll2015-12-09 00:11 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-12-09 00:11 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-12-09 00:11 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-12-09 00:11 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-12-09 00:11 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-12-09 00:11 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-12-09 00:11 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-12-09 00:11 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-12-09 00:11 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-12-09 00:11 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll2015-12-09 00:11 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll2015-12-09 00:11 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll2015-12-09 00:11 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll2015-12-09 00:11 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-12-09 00:11 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-12-09 00:11 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-12-09 00:11 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-12-09 00:11 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-12-09 00:11 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-12-09 00:11 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-12-09 00:11 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll2015-12-09 00:11 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-12-09 00:11 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll2015-12-09 00:11 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-12-09 00:11 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-12-09 00:11 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-12-09 00:11 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-12-09 00:11 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-12-09 00:11 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-12-09 00:11 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-12-09 00:11 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-12-09 00:11 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-12-09 00:11 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-12-09 00:11 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-12-09 00:11 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-12-09 00:11 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-12-09 00:11 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-12-09 00:11 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-09 00:11 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-12-09 00:11 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-12-09 00:11 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll2015-12-09 00:11 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll2015-12-09 00:11 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-12-09 00:11 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-12-09 00:11 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-12-09 00:11 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-12-09 00:11 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-12-09 00:11 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-12-09 00:11 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-12-09 00:11 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-12-09 00:11 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-12-09 00:11 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-12-09 00:11 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-12-09 00:11 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-12-09 00:11 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-12-09 00:11 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-12-09 00:11 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-12-09 00:11 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-12-09 00:11 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-12-09 00:11 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-12-09 00:11 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-12-09 00:11 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-12-09 00:11 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-12-09 00:11 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-12-09 00:11 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-12-09 00:11 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-12-09 00:11 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-12-09 00:11 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll2015-12-09 00:11 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-12-09 00:11 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-12-09 00:11 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-12-09 00:11 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-12-09 00:11 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-12-09 00:11 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-12-09 00:11 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-12-09 00:11 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-12-09 00:11 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-12-09 00:11 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll2015-12-09 00:11 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll2015-12-09 00:11 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys2015-12-09 00:11 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll2015-12-09 00:11 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll2015-12-09 00:11 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL2015-12-09 00:11 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll2015-12-09 00:11 - 2015-10-08 14:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls2015-12-09 00:11 - 2015-10-08 13:52 - 00419928 _____ C:\windows\system32\locale.nls2015-12-09 00:10 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll2015-12-09 00:10 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll2015-11-30 17:59 - 2015-11-30 17:59 - 00000000 ____D C:\Users\Kim\AppData\Local\OnlineMapFinder_9p2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Users\Kim\AppData\LocalLow\OnlineMapFinder_9p2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Program Files (x86)\OnlineMapFinder_9p==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-28 09:43 - 2013-09-18 13:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2015-12-28 09:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows2015-12-28 09:23 - 2010-02-09 16:19 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-28 09:03 - 2010-02-09 16:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-27 14:40 - 2015-07-28 22:26 - 00000378 _____ C:\windows\Tasks\REGSERVO.job2015-12-24 17:48 - 2009-11-12 21:21 - 00000000 ____D C:\Program Files (x86)\Java2015-12-24 17:47 - 2014-10-31 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-12-24 17:46 - 2015-10-20 22:16 - 00000000 ____D C:\Users\Kim\.oracle_jre_usage2015-12-24 17:45 - 2014-10-31 09:35 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2015-12-22 20:39 - 2013-10-03 20:36 - 00000000 ____D C:\ProgramData\CanonIJPLM2015-12-20 11:46 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\system32\GWX2015-12-17 11:24 - 2010-02-25 21:18 - 00000000 ____D C:\Users\Kim\AppData\Local\ElevatedDiagnostics2015-12-16 19:09 - 2010-03-25 20:47 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-15 22:51 - 2010-02-22 19:22 - 00000000 ____D C:\ProgramData\Sonic2015-12-15 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF2015-12-09 22:30 - 2015-07-21 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-09 22:30 - 2014-12-23 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-09 22:30 - 2014-10-31 08:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-12-09 22:30 - 2014-02-21 22:05 - 00000000 ____D C:\Program Files\CCleaner2015-12-09 22:30 - 2012-01-18 20:53 - 00000000 ____D C:\Users\Kim\AppData\Local\Autobahn2015-12-09 22:30 - 2011-09-23 21:07 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console2015-12-09 22:30 - 2011-03-29 08:12 - 00000000 ____D C:\Program Files (x86)\iTunes2015-12-09 22:30 - 2011-03-06 13:37 - 00000000 ____D C:\Program Files (x86)\QuickTime2015-12-09 22:30 - 2011-03-06 13:36 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-12-09 22:30 - 2010-02-22 19:24 - 00000000 ____D C:\ProgramData\CinemaNow2015-12-09 22:30 - 2010-02-09 20:31 - 00000000 ____D C:\Users\dad2015-12-09 22:30 - 2010-02-09 11:57 - 00000000 ____D C:\Users\Kim2015-12-09 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration2015-12-09 22:30 - 2008-12-03 21:19 - 00000000 ____D C:\Users\Kim\Documents\worksheets2015-12-09 19:44 - 2013-09-18 13:10 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater2015-12-09 19:44 - 2012-08-30 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-12-09 19:44 - 2011-11-10 06:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-09 04:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache2015-12-09 04:05 - 2009-07-13 23:45 - 00517976 _____ C:\windows\system32\FNTCACHE.DAT2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf2015-12-09 03:44 - 2010-01-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-09 03:41 - 2012-01-28 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-09 03:28 - 2013-08-14 02:10 - 00000000 ____D C:\windows\system32\MRT2015-12-09 03:08 - 2010-02-22 20:01 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-12-05 23:31 - 2009-07-14 00:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI2015-12-03 22:18 - 2010-02-09 16:19 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-03 22:18 - 2010-02-09 16:19 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-11-28 09:18 - 2015-04-30 21:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk==================== Files in the root of some directories =======2011-05-18 19:52 - 2013-07-01 16:55 - 0001940 _____ () C:\Users\Kim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini2010-03-25 20:47 - 2010-03-25 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.datFiles to move or delete:====================C:\Users\Kim\jagex_runescape_preferences.dat==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\SysWOW64\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-12-20 12:35==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015Ran by Kim (2015-12-28 10:04:20)Running from C:\Users\Kim\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2010-02-09 16:57:39)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-2631828835-1692535062-918339071-500 - Administrator - Disabled)dad (S-1-5-21-2631828835-1692535062-918339071-1003 - Administrator - Enabled) => C:\Users\dadGuest (S-1-5-21-2631828835-1692535062-918339071-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2631828835-1692535062-918339071-1005 - Limited - Enabled)Kim (S-1-5-21-2631828835-1692535062-918339071-1001 - Administrator - Enabled) => C:\Users\Kim==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton Security Suite (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Security Suite (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)Aleks 3.16 (HKLM-x32\...\Aleks 3.16) (Version: - )Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )Algebra 1 Teaching Textbook (HKLM-x32\...\Algebra 1 Teaching Textbook) (Version: - Teaching Textbooks Inc.)Amazon Kindle (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Amazon Kindle) (Version: - Amazon)Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.)Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenEdu-Track Home School (HKLM-x32\...\InstallShield_{334396FB-DF73-45A7-94FD-0C576FA87B32}) (Version: 1.46 - ConTECH Solutions, Inc.)Edu-Track Home School (x32 Version: 1.46 - ConTECH Solutions, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenGoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Logos 4 Prerequisites (HKLM-x32\...\{D9EE624B-FEB4-4FBF-9F36-DA6A852FD87E}) (Version: 4.63.00327 - Logos Bible Software)Logos Bible Software 4 (HKLM-x32\...\{8B26A23B-2EBC-4F43-8D72-24D37701C874}) (Version: 4.63.00387 - Logos Bible Software)LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )Monopoly (x32 Version: 2.2.0.82 - WildTangent) HiddenMotoConnect (HKLM-x32\...\{1C643154-0ADF-4B4C-AF17-E315C946A54B}) (Version: 1.1.30 - Motorola)Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)Move Media Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Move Media Player) (Version: - Move Networks)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) HiddenNetwork Recording Player (HKLM-x32\...\{830C1687-F55F-45C1-AD2B-405824DC65DB}) (Version: 2.3.1700 - Cisco WebEx LLC)NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)Norton Security Suite (HKLM-x32\...\N360) (Version: 4.4.0.12 - Symantec Corporation)OnlineMapFinder Internet Explorer Toolbar (HKLM-x32\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTIONOverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenQuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)REA's TESTware for CLEP Western Civilization I (HKLM-x32\...\{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}) (Version: 1.4.5 - REA, Inc. )REA's TESTware for the CLEP Analyzing and Interpreting Literature (HKLM-x32\...\{385A96ED-83C8-4D5A-A092-54DB74762C34}) (Version: 2.1.0 - REA, Inc. )REA's TESTware for the CLEP Sociology (HKLM-x32\...\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}) (Version: 2.1.0 - REA, Inc. )Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)Timez Attack (HKLM-x32\...\Timez Attack 4.04) (Version: 4.04 - Big Brainz)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)Unity Web Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenVirtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVisual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.17 - WildTangent)WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.17 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Product Key Finder Pro® 2.3 (HKLM-x32\...\Windows Product Key Finder Pro®_is1) (Version: - )==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kim\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0411E330-B02E-4DDB-8D83-9384BCD3F0E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {2E7712E1-9224-42E0-A2C0-6A10284B058C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {3C503B32-051C-4CCD-B831-56ED597BF4F1} - System32\Tasks\{77FAD775-F429-4548-A84D-A699CC02DFB8} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeTask: {4125E415-15DC-4A48-8624-94B927BB8A8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {74B8B36B-15C1-4FF1-B74A-9F6BDCC3261B} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)Task: {83617077-7043-46D2-A383-22F16D331902} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)Task: {84C13001-B456-41B1-9856-C0E5D9912E15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {8A4654C3-72C1-45E1-BF68-624F35E7DE92} - System32\Tasks\{6A0597DD-9210-4B2B-8CB5-98961E7CBC55} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {8E26FB08-9DC1-4CA1-87C2-99634E847F26} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)Task: {92547137-8D93-41ED-8DFB-AD01BF503E0D} - System32\Tasks\{3B7B202E-67C9-47FB-801C-BD45E3ADF258} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)Task: {A7E3CA90-71C1-45D8-80B0-030B490959BE} - System32\Tasks\{3AFACA54-2EF1-434E-8CD3-8A12C9D271E1} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {B0BF6FF7-3E53-4CB5-A11A-97E028F1A5C6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)Task: {C2CF61FF-E200-407D-BDA9-0E4AF67F8F2E} - System32\Tasks\{0FE4BE20-286B-4D10-A665-2B5197E46B3E} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)Task: {D8A79E2E-C7EC-485A-8102-82F4F0E86690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {E4060FE6-4AD1-4E75-920E-0D77A7B26419} - System32\Tasks\{B277DD0F-9F75-4CA4-9A76-810D6A797A28} => pcalua.exe -a "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU5I8Y8R\aleks316.exe" -d C:\Users\Kim\DesktopTask: {E9D37995-BA16-42BE-8C91-D4F48CD5878B} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTIONTask: {FA4644A0-D68D-48A8-BC8A-47FCA46971BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {FE436B2E-F39C-4319-AEA4-E18F7239627C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-10-03 20:36 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2010-08-26 21:39 - 2010-06-24 13:34 - 00091456 _____ () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll2009-11-12 21:23 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe2009-09-17 14:41 - 2009-09-17 14:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxp://cinemanow.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxps://cinemanow.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\qflix.com -> hxxp://qflix.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\roxio.com -> hxxp://roxio.comIE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\sonic.com -> hxxp://redirect.sonic.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123simsen.com -> www.123simsen.comThere are 7718 more sites.IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123simsen.com -> www.123simsen.comIE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123topsearch.com -> www.123topsearch.comThere are 5420 more sites.==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2014-02-21 14:08 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgHKU\S-1-5-21-2631828835-1692535062-918339071-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 8.8.8.8 - 8.8.4.4HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: Facebook Update => "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exeFirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeFirewallRules: [{3FD748ED-98F4-456D-913E-E3B96272A548}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exeFirewallRules: [{72A3024A-1FB4-44BB-9219-9519739BC4B8}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exeFirewallRules: [{856E1781-80E9-4176-AEA4-8D80302D2D10}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exeFirewallRules: [{8808DBED-C6D6-4570-AF68-6A7FC5CD3656}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exeFirewallRules: [{083A8ACA-7431-406E-A0A6-8BF662299AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{4D8CCFF1-75CA-4247-92CE-E26C11D8AAAE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{02D4D4C9-C541-4A95-B544-1C68B3CDB5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B877B5CC-B971-4BC4-BABC-55411B049359}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{A2A93002-729F-4B0D-8B54-809BECBA5EDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{6CAE4062-C06D-4AB5-B177-9C4239107046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{019C7C98-FEBC-4A2B-92F6-28F2D76CE7BC}] => (Allow) C:\Users\Kim\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{3757EAE9-6534-4556-9B19-B349EC9D5609}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{DE7B00B8-3F3B-44E9-8986-AC8E86757B1C}] => (Allow) LPort=2869FirewallRules: [{2AA98B20-E522-4806-9866-A9627313C602}] => (Allow) LPort=1900FirewallRules: [{9CD0366B-71AC-452C-8E44-765FAB8122AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{5BD01FFE-DF07-468A-92B0-96389412BF2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Restore Points =========================15-12-2015 22:46:49 Windows Update16-12-2015 19:05:31 Windows Update16-12-2015 19:34:12 Windows Update17-12-2015 03:01:10 Windows Update17-12-2015 10:58:06 Norton Security Suite Registry18-12-2015 10:05:05 Windows Update19-12-2015 10:32:46 Windows Update20-12-2015 11:09:51 Windows Update21-12-2015 03:00:18 Windows Update22-12-2015 03:00:16 Windows Update23-12-2015 09:44:09 Windows Update24-12-2015 09:32:26 Windows Update25-12-2015 10:52:48 Windows Update27-12-2015 14:40:46 Windows Update28-12-2015 08:54:16 Windows Update==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/28/2015 09:25:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 61798782Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 61798782Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6583Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6583Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (12/27/2015 03:16:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/25/2015 01:24:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005Error: (12/24/2015 06:25:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005System errors:=============Error: (12/28/2015 09:43:35 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:38:24 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:33:14 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:28:04 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:25:30 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:20:20 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:18:54 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:14:41 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.Error: (12/28/2015 09:14:41 AM) (Source: BROWSER) (EventID: 8020) (User: )Description: The browser was unable to promote itself to master browser. The computer that currentlybelieves it is the master browser is unknown.Error: (12/28/2015 09:09:31 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.2 did not allow the name to be claimed bythis computer.CodeIntegrity:=================================== Date: 2014-02-21 14:07:40.143 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 14:07:40.049 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-15 13:14:46.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 13:05:21.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 13:01:18.066 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-15 12:37:05.893 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-14 10:21:19.918 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-14 10:14:55.596 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-13 05:39:22.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-13 05:27:26.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHzPercentage of memory in use: 69%Total physical RAM: 3963.99 MBAvailable physical RAM: 1210.36 MBTotal Virtual: 7926.18 MBAvailable Virtual: 4214.52 MB==================== Drives ================================Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:157.93 GB) NTFS ==>[system with boot components (obtained from drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 74B860C1)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
fujimo Posted December 28, 2015 Author ID:1009364 Share Posted December 28, 2015 Here are the attachments, slow reader--sorry FRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 28, 2015 ID:1009379 Share Posted December 28, 2015 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
fujimo Posted December 28, 2015 Author ID:1009398 Share Posted December 28, 2015 Hello Scan results below. Another thing I noticed, not sure if related, but it took about 8 minutes for the computer to shut down and was very slow rebooting. Thanks Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 28, 2015 ID:1009423 Share Posted December 28, 2015 How is the situation now? Link to post Share on other sites More sharing options...
fujimo Posted December 28, 2015 Author ID:1009454 Share Posted December 28, 2015 Hello, It does seem to be running much better and faster. Do you happen to know why when you load on Yahoo or another web site that wants to start videos will cause the browser to hang and eventually want to stop the script or crash all together. Yes, the computer is running much faster. Thanks Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 29, 2015 ID:1009589 Share Posted December 29, 2015 About video problem, I would say it is due to older and weak CPU. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 2, 2016 Root Admin ID:1010355 Share Posted January 2, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts