Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Computer Running Slow


fujimo
 Share

Recommended Posts

Hello

 

This is the misses computer and  it  is running real slow and have tried the typical at home remedies with little success.  Attached are the requested files.

 

Thank You,

 

Fujimo

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Kim (administrator) on KIM-PC (28-12-2015 09:21:02)
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim & dad (Available Profiles: Kim & dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Mindspark) C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [OnlineMapFinder EPM Support] => C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmedint.exe [11608 2015-11-23] (Mindspark)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyAD (the data entry has 186 more characters).
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\MountPoints2: {08f20c2e-d6a4-11df-8c24-00266c405352} - F:\setup.exe -a
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-2631828835-1692535062-918339071-1003] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
URLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {29CBFF08-804D-4F0E-9440-9D8D3B7595E2} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5129A74F-7CFA-46BD-A86D-6AA33ADFAB9F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> DefaultScope {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/ie.aspx?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
BHO-x32: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2015-11-23] (Mindspark)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [2009-11-16] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\system32\npdeployJava1.dll [2012-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @movenetworks.com/Quantum Media Player -> C:\Users\Kim\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-11-05] (Move Networks)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-27] (Unity Technologies ApS)
FF Extension: Printing Helper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\yywvepveag@yywvepveag.org.xpi [2012-12-09] [not signed]
FF Extension: Coupon Manager - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} [2010-02-09] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2015-12-20] [not signed]
FF HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Kim\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Kim\AppData\Roaming\Move Networks [2010-11-05] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 OnlineMapFinder_9pService; C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [89432 2015-11-23] (Mindspark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 09:21 - 2015-12-28 09:22 - 00030328 _____ C:\Users\Kim\Desktop\FRST.txt
2015-12-28 09:20 - 2015-12-28 09:21 - 00000000 ____D C:\FRST
2015-12-28 09:20 - 2015-12-28 09:20 - 02370560 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2015-12-09 00:12 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-09 00:12 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-09 00:11 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-09 00:11 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-09 00:11 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-09 00:11 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-09 00:11 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-09 00:11 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-09 00:11 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-09 00:11 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-09 00:11 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-09 00:11 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-09 00:11 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-09 00:11 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-09 00:11 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-09 00:11 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-09 00:11 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-09 00:11 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-09 00:11 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-09 00:11 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-09 00:11 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-09 00:11 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-09 00:11 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-09 00:11 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-09 00:11 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-09 00:11 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-09 00:11 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-09 00:11 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-09 00:11 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-09 00:11 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-09 00:11 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-09 00:11 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-09 00:11 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-09 00:11 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-09 00:11 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 00:11 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-09 00:11 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-09 00:11 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-09 00:11 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-09 00:11 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-09 00:11 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-09 00:11 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-09 00:11 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-09 00:11 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-09 00:11 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-09 00:11 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-09 00:11 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-09 00:11 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-09 00:11 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-09 00:11 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-09 00:11 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-09 00:11 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-09 00:11 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-09 00:11 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-09 00:11 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-09 00:11 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-09 00:11 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-09 00:11 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 00:11 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-09 00:11 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-09 00:11 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-09 00:11 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-09 00:11 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-09 00:11 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-09 00:11 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-09 00:11 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-09 00:11 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-09 00:11 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-09 00:11 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-09 00:11 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-09 00:11 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-09 00:11 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-09 00:11 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-09 00:11 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-09 00:11 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-09 00:11 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-09 00:11 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2015-12-09 00:11 - 2015-10-08 14:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2015-12-09 00:11 - 2015-10-08 13:52 - 00419928 _____ C:\windows\system32\locale.nls
2015-12-09 00:10 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-09 00:10 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-11-30 17:59 - 2015-11-30 17:59 - 00000000 ____D C:\Users\Kim\AppData\Local\OnlineMapFinder_9p
2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Users\Kim\AppData\LocalLow\OnlineMapFinder_9p
2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Program Files (x86)\OnlineMapFinder_9p

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 09:23 - 2010-02-09 16:19 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 09:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-28 09:03 - 2010-02-09 16:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 08:53 - 2013-09-18 13:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-27 14:40 - 2015-07-28 22:26 - 00000378 _____ C:\windows\Tasks\REGSERVO.job
2015-12-24 17:48 - 2009-11-12 21:21 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-24 17:47 - 2014-10-31 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-24 17:46 - 2015-10-20 22:16 - 00000000 ____D C:\Users\Kim\.oracle_jre_usage
2015-12-24 17:45 - 2014-10-31 09:35 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-22 20:39 - 2013-10-03 20:36 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-20 11:46 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\system32\GWX
2015-12-17 11:24 - 2010-02-25 21:18 - 00000000 ____D C:\Users\Kim\AppData\Local\ElevatedDiagnostics
2015-12-16 19:09 - 2010-03-25 20:47 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 22:51 - 2010-02-22 19:22 - 00000000 ____D C:\ProgramData\Sonic
2015-12-15 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-09 22:30 - 2015-07-21 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 22:30 - 2014-12-23 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-09 22:30 - 2014-10-31 08:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-09 22:30 - 2014-02-21 22:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-09 22:30 - 2012-01-18 20:53 - 00000000 ____D C:\Users\Kim\AppData\Local\Autobahn
2015-12-09 22:30 - 2011-09-23 21:07 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2015-12-09 22:30 - 2011-03-29 08:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-09 22:30 - 2011-03-06 13:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-09 22:30 - 2011-03-06 13:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-09 22:30 - 2010-02-22 19:24 - 00000000 ____D C:\ProgramData\CinemaNow
2015-12-09 22:30 - 2010-02-09 20:31 - 00000000 ____D C:\Users\dad
2015-12-09 22:30 - 2010-02-09 11:57 - 00000000 ____D C:\Users\Kim
2015-12-09 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2015-12-09 22:30 - 2008-12-03 21:19 - 00000000 ____D C:\Users\Kim\Documents\worksheets
2015-12-09 19:44 - 2013-09-18 13:10 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 19:44 - 2012-08-30 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 19:44 - 2011-11-10 06:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 04:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-12-09 04:05 - 2009-07-13 23:45 - 00517976 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2015-12-09 03:44 - 2010-01-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 03:41 - 2012-01-28 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 03:28 - 2013-08-14 02:10 - 00000000 ____D C:\windows\system32\MRT
2015-12-09 03:08 - 2010-02-22 20:01 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-05 23:31 - 2009-07-14 00:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-03 22:18 - 2010-02-09 16:19 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 22:18 - 2010-02-09 16:19 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-28 09:18 - 2015-04-30 21:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2011-05-18 19:52 - 2013-07-01 16:55 - 0001940 _____ () C:\Users\Kim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-03-25 20:47 - 2010-03-25 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kim\jagex_runescape_preferences.dat

Some files in TEMP:
====================
C:\Users\Kim\AppData\Local\Temp\jre-8u66-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-20 12:35

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Kim (2015-12-28 09:24:01)
Running from C:\Users\Kim\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-09 16:57:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2631828835-1692535062-918339071-500 - Administrator - Disabled)
dad (S-1-5-21-2631828835-1692535062-918339071-1003 - Administrator - Enabled) => C:\Users\dad
Guest (S-1-5-21-2631828835-1692535062-918339071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631828835-1692535062-918339071-1005 - Limited - Enabled)
Kim (S-1-5-21-2631828835-1692535062-918339071-1001 - Administrator - Enabled) => C:\Users\Kim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Aleks 3.16 (HKLM-x32\...\Aleks 3.16) (Version:  - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Algebra 1 Teaching Textbook (HKLM-x32\...\Algebra 1 Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
Amazon Kindle (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Edu-Track Home School (HKLM-x32\...\InstallShield_{334396FB-DF73-45A7-94FD-0C576FA87B32}) (Version: 1.46 - ConTECH Solutions, Inc.)
Edu-Track Home School (x32 Version: 1.46 - ConTECH Solutions, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logos 4 Prerequisites (HKLM-x32\...\{D9EE624B-FEB4-4FBF-9F36-DA6A852FD87E}) (Version: 4.63.00327 - Logos Bible Software)
Logos Bible Software 4 (HKLM-x32\...\{8B26A23B-2EBC-4F43-8D72-24D37701C874}) (Version: 4.63.00387 - Logos Bible Software)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
MotoConnect (HKLM-x32\...\{1C643154-0ADF-4B4C-AF17-E315C946A54B}) (Version: 1.1.30 - Motorola)
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
Move Media Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Move Media Player) (Version:  - Move Networks)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network Recording Player (HKLM-x32\...\{830C1687-F55F-45C1-AD2B-405824DC65DB}) (Version: 2.3.1700 - Cisco WebEx LLC)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Norton Security Suite (HKLM-x32\...\N360) (Version: 4.4.0.12 - Symantec Corporation)
OnlineMapFinder Internet Explorer Toolbar (HKLM-x32\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
REA's TESTware for CLEP Western Civilization I (HKLM-x32\...\{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}) (Version: 1.4.5 - REA, Inc. )
REA's TESTware for the CLEP Analyzing and Interpreting Literature (HKLM-x32\...\{385A96ED-83C8-4D5A-A092-54DB74762C34}) (Version: 2.1.0 - REA, Inc. )
REA's TESTware for the CLEP Sociology (HKLM-x32\...\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}) (Version: 2.1.0 - REA, Inc. )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Timez Attack (HKLM-x32\...\Timez Attack 4.04) (Version: 4.04 - Big Brainz)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Unity Web Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.17 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.17 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Product Key Finder Pro® 2.3 (HKLM-x32\...\Windows Product Key Finder Pro®_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kim\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0411E330-B02E-4DDB-8D83-9384BCD3F0E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2E7712E1-9224-42E0-A2C0-6A10284B058C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {3C503B32-051C-4CCD-B831-56ED597BF4F1} - System32\Tasks\{77FAD775-F429-4548-A84D-A699CC02DFB8} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {4125E415-15DC-4A48-8624-94B927BB8A8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {74B8B36B-15C1-4FF1-B74A-9F6BDCC3261B} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {83617077-7043-46D2-A383-22F16D331902} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {84C13001-B456-41B1-9856-C0E5D9912E15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8A4654C3-72C1-45E1-BF68-624F35E7DE92} - System32\Tasks\{6A0597DD-9210-4B2B-8CB5-98961E7CBC55} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {8E26FB08-9DC1-4CA1-87C2-99634E847F26} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {92547137-8D93-41ED-8DFB-AD01BF503E0D} - System32\Tasks\{3B7B202E-67C9-47FB-801C-BD45E3ADF258} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {A7E3CA90-71C1-45D8-80B0-030B490959BE} - System32\Tasks\{3AFACA54-2EF1-434E-8CD3-8A12C9D271E1} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {B0BF6FF7-3E53-4CB5-A11A-97E028F1A5C6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {C2CF61FF-E200-407D-BDA9-0E4AF67F8F2E} - System32\Tasks\{0FE4BE20-286B-4D10-A665-2B5197E46B3E} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {D8A79E2E-C7EC-485A-8102-82F4F0E86690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {E4060FE6-4AD1-4E75-920E-0D77A7B26419} - System32\Tasks\{B277DD0F-9F75-4CA4-9A76-810D6A797A28} => pcalua.exe -a "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU5I8Y8R\aleks316.exe" -d C:\Users\Kim\Desktop
Task: {E9D37995-BA16-42BE-8C91-D4F48CD5878B} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
Task: {FA4644A0-D68D-48A8-BC8A-47FCA46971BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {FE436B2E-F39C-4319-AEA4-E18F7239627C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-03 20:36 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-08-26 21:39 - 2010-06-24 13:34 - 00091456 _____ () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-12 21:23 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2009-09-17 14:41 - 2009-09-17 14:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\sonic.com -> hxxp://redirect.sonic.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123simsen.com -> www.123simsen.com

There are 7718 more sites.

IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123topsearch.com -> www.123topsearch.com

There are 5420 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-02-21 14:08 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Facebook Update => "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exe
FirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3FD748ED-98F4-456D-913E-E3B96272A548}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{72A3024A-1FB4-44BB-9219-9519739BC4B8}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{856E1781-80E9-4176-AEA4-8D80302D2D10}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{8808DBED-C6D6-4570-AF68-6A7FC5CD3656}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{083A8ACA-7431-406E-A0A6-8BF662299AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8CCFF1-75CA-4247-92CE-E26C11D8AAAE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02D4D4C9-C541-4A95-B544-1C68B3CDB5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B877B5CC-B971-4BC4-BABC-55411B049359}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A2A93002-729F-4B0D-8B54-809BECBA5EDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CAE4062-C06D-4AB5-B177-9C4239107046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{019C7C98-FEBC-4A2B-92F6-28F2D76CE7BC}] => (Allow) C:\Users\Kim\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3757EAE9-6534-4556-9B19-B349EC9D5609}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DE7B00B8-3F3B-44E9-8986-AC8E86757B1C}] => (Allow) LPort=2869
FirewallRules: [{2AA98B20-E522-4806-9866-A9627313C602}] => (Allow) LPort=1900
FirewallRules: [{9CD0366B-71AC-452C-8E44-765FAB8122AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BD01FFE-DF07-468A-92B0-96389412BF2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-12-2015 22:46:49 Windows Update
16-12-2015 19:05:31 Windows Update
16-12-2015 19:34:12 Windows Update
17-12-2015 03:01:10 Windows Update
17-12-2015 10:58:06 Norton Security Suite Registry
18-12-2015 10:05:05 Windows Update
19-12-2015 10:32:46 Windows Update
20-12-2015 11:09:51 Windows Update
21-12-2015 03:00:18 Windows Update
22-12-2015 03:00:16 Windows Update
23-12-2015 09:44:09 Windows Update
24-12-2015 09:32:26 Windows Update
25-12-2015 10:52:48 Windows Update
27-12-2015 14:40:46 Windows Update
28-12-2015 08:54:16 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2015 09:25:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61798782

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61798782

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6583

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6583

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2015 03:16:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/25/2015 01:24:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/24/2015 06:25:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

System errors:
=============
Error: (12/28/2015 09:25:30 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:20:20 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:18:54 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:14:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:14:41 AM) (Source: BROWSER) (EventID: 8020) (User: )
Description: The browser was unable to promote itself to master browser.  The computer that currently
believes it is the master browser is unknown.

Error: (12/28/2015 09:09:31 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:04:20 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 08:59:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (12/28/2015 08:59:10 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 08:54:00 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
  Date: 2014-02-21 14:07:40.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-21 14:07:40.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-15 13:14:46.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 13:05:21.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 13:01:18.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 12:37:05.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 10:21:19.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 10:14:55.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 05:39:22.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 05:27:26.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 3963.99 MB
Available physical RAM: 1106.12 MB
Total Virtual: 7926.18 MB
Available Virtual: 4249.86 MB

==================== Drives ================================

Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:157.9 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 74B860C1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

Thanks TwinHeadedEagle for the quick reply attached are the two files rerun.

 

Fujimo

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Kim (administrator) on KIM-PC (28-12-2015 10:02:42)
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim & dad (Available Profiles: Kim & dad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Mindspark) C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [OnlineMapFinder EPM Support] => C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pmedint.exe [11608 2015-11-23] (Mindspark)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyAD (the data entry has 186 more characters).
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\MountPoints2: {08f20c2e-d6a4-11df-8c24-00266c405352} - F:\setup.exe -a
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll [2010-03-18] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-2631828835-1692535062-918339071-1003] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
URLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {5295061D-688D-42C6-82E3-7A738C002888} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> DefaultScope {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {29CBFF08-804D-4F0E-9440-9D8D3B7595E2} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm133^YYA^us&si=49588_MOTEST-OMF&ptb=D281E0BD-A678-4D95-90B6-FAC596C406E6&ind=2015113017&n=781c2f39&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5129A74F-7CFA-46BD-A86D-6AA33ADFAB9F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> DefaultScope {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/ie.aspx?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {5295061D-688D-42C6-82E3-7A738C002888} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {81B2B96E-7F16-4168-84C2-A016D901E020} URL =
SearchScopes: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> {BB58B24A-C897-4FB0-9722-47E338165436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS366US366
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
BHO-x32: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2015-11-23] (Mindspark)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [2009-11-16] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2015-11-23] (Mindspark)
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKU\S-1-5-21-2631828835-1692535062-918339071-1003 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\system32\npdeployJava1.dll [2012-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @movenetworks.com/Quantum Media Player -> C:\Users\Kim\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-11-05] (Move Networks)
FF Plugin HKU\S-1-5-21-2631828835-1692535062-918339071-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-27] (Unity Technologies ApS)
FF Extension: Printing Helper - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\yywvepveag@yywvepveag.org.xpi [2012-12-09] [not signed]
FF Extension: Coupon Manager - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} [2010-02-09] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2015-12-20] [not signed]
FF HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Kim\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Kim\AppData\Roaming\Move Networks [2010-11-05] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 OnlineMapFinder_9pService; C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [89432 2015-11-23] (Mindspark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20151227.022\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 10:02 - 2015-12-28 10:03 - 00030344 _____ C:\Users\Kim\Desktop\FRST.txt
2015-12-28 09:20 - 2015-12-28 10:02 - 00000000 ____D C:\FRST
2015-12-28 09:20 - 2015-12-28 09:20 - 02370560 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2015-12-09 00:12 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-09 00:12 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-09 00:11 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-09 00:11 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-09 00:11 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-09 00:11 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-09 00:11 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-09 00:11 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-09 00:11 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-09 00:11 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-09 00:11 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-09 00:11 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-09 00:11 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-09 00:11 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-09 00:11 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-09 00:11 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-09 00:11 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-09 00:11 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-09 00:11 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-09 00:11 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-09 00:11 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-09 00:11 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-09 00:11 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-09 00:11 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-09 00:11 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-09 00:11 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-09 00:11 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-09 00:11 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-09 00:11 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-09 00:11 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-09 00:11 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-09 00:11 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-09 00:11 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-09 00:11 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-09 00:11 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-09 00:11 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-09 00:11 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-09 00:11 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 00:11 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-09 00:11 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-09 00:11 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-09 00:11 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-09 00:11 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-09 00:11 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-09 00:11 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-09 00:11 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-09 00:11 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-09 00:11 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-09 00:11 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-09 00:11 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-09 00:11 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-09 00:11 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-09 00:11 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-09 00:11 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-09 00:11 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-09 00:11 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-09 00:11 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-09 00:11 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-09 00:11 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-09 00:11 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-09 00:11 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-09 00:11 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-09 00:11 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 00:11 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-09 00:11 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-09 00:11 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-09 00:11 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-09 00:11 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-09 00:11 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-09 00:11 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-09 00:11 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-09 00:11 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-09 00:11 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-09 00:11 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-09 00:11 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-09 00:11 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-09 00:11 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-09 00:11 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-09 00:11 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-09 00:11 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-09 00:11 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-09 00:11 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-09 00:11 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2015-12-09 00:11 - 2015-10-08 14:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2015-12-09 00:11 - 2015-10-08 13:52 - 00419928 _____ C:\windows\system32\locale.nls
2015-12-09 00:10 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-09 00:10 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-11-30 17:59 - 2015-11-30 17:59 - 00000000 ____D C:\Users\Kim\AppData\Local\OnlineMapFinder_9p
2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Users\Kim\AppData\LocalLow\OnlineMapFinder_9p
2015-11-30 17:58 - 2015-11-30 17:58 - 00000000 ____D C:\Program Files (x86)\OnlineMapFinder_9p

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 09:43 - 2013-09-18 13:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-28 09:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-28 09:23 - 2010-02-09 16:19 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 09:21 - 2009-07-13 23:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 09:03 - 2010-02-09 16:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 14:40 - 2015-07-28 22:26 - 00000378 _____ C:\windows\Tasks\REGSERVO.job
2015-12-24 17:48 - 2009-11-12 21:21 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-24 17:47 - 2014-10-31 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-24 17:46 - 2015-10-20 22:16 - 00000000 ____D C:\Users\Kim\.oracle_jre_usage
2015-12-24 17:45 - 2014-10-31 09:35 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-22 20:39 - 2013-10-03 20:36 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-20 11:46 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-19 10:58 - 2015-04-05 18:48 - 00000000 ___SD C:\windows\system32\GWX
2015-12-17 11:24 - 2010-02-25 21:18 - 00000000 ____D C:\Users\Kim\AppData\Local\ElevatedDiagnostics
2015-12-16 19:09 - 2010-03-25 20:47 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 22:51 - 2010-02-22 19:22 - 00000000 ____D C:\ProgramData\Sonic
2015-12-15 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-09 22:30 - 2015-07-21 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 22:30 - 2014-12-23 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-09 22:30 - 2014-10-31 08:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-09 22:30 - 2014-02-21 22:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-09 22:30 - 2012-01-18 20:53 - 00000000 ____D C:\Users\Kim\AppData\Local\Autobahn
2015-12-09 22:30 - 2011-09-23 21:07 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2015-12-09 22:30 - 2011-03-29 08:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-09 22:30 - 2011-03-06 13:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-09 22:30 - 2011-03-06 13:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-09 22:30 - 2010-02-22 19:24 - 00000000 ____D C:\ProgramData\CinemaNow
2015-12-09 22:30 - 2010-02-09 20:31 - 00000000 ____D C:\Users\dad
2015-12-09 22:30 - 2010-02-09 11:57 - 00000000 ____D C:\Users\Kim
2015-12-09 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2015-12-09 22:30 - 2008-12-03 21:19 - 00000000 ____D C:\Users\Kim\Documents\worksheets
2015-12-09 19:44 - 2013-09-18 13:10 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 19:44 - 2012-08-30 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 19:44 - 2011-11-10 06:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 04:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-12-09 04:05 - 2009-07-13 23:45 - 00517976 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 04:03 - 2012-01-28 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2015-12-09 03:44 - 2010-01-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 03:41 - 2012-01-28 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 03:28 - 2013-08-14 02:10 - 00000000 ____D C:\windows\system32\MRT
2015-12-09 03:08 - 2010-02-22 20:01 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-05 23:31 - 2009-07-14 00:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-03 22:18 - 2010-02-09 16:19 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 22:18 - 2010-02-09 16:19 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-28 09:18 - 2015-04-30 21:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2011-05-18 19:52 - 2013-07-01 16:55 - 0001940 _____ () C:\Users\Kim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-03-25 20:47 - 2010-03-25 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kim\jagex_runescape_preferences.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-20 12:35

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by Kim (2015-12-28 10:04:20)
Running from C:\Users\Kim\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-09 16:57:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2631828835-1692535062-918339071-500 - Administrator - Disabled)
dad (S-1-5-21-2631828835-1692535062-918339071-1003 - Administrator - Enabled) => C:\Users\dad
Guest (S-1-5-21-2631828835-1692535062-918339071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631828835-1692535062-918339071-1005 - Limited - Enabled)
Kim (S-1-5-21-2631828835-1692535062-918339071-1001 - Administrator - Enabled) => C:\Users\Kim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Aleks 3.16 (HKLM-x32\...\Aleks 3.16) (Version:  - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Algebra 1 Teaching Textbook (HKLM-x32\...\Algebra 1 Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
Amazon Kindle (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Edu-Track Home School (HKLM-x32\...\InstallShield_{334396FB-DF73-45A7-94FD-0C576FA87B32}) (Version: 1.46 - ConTECH Solutions, Inc.)
Edu-Track Home School (x32 Version: 1.46 - ConTECH Solutions, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logos 4 Prerequisites (HKLM-x32\...\{D9EE624B-FEB4-4FBF-9F36-DA6A852FD87E}) (Version: 4.63.00327 - Logos Bible Software)
Logos Bible Software 4 (HKLM-x32\...\{8B26A23B-2EBC-4F43-8D72-24D37701C874}) (Version: 4.63.00387 - Logos Bible Software)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
MotoConnect (HKLM-x32\...\{1C643154-0ADF-4B4C-AF17-E315C946A54B}) (Version: 1.1.30 - Motorola)
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
Move Media Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\Move Media Player) (Version:  - Move Networks)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network Recording Player (HKLM-x32\...\{830C1687-F55F-45C1-AD2B-405824DC65DB}) (Version: 2.3.1700 - Cisco WebEx LLC)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Norton Security Suite (HKLM-x32\...\N360) (Version: 4.4.0.12 - Symantec Corporation)
OnlineMapFinder Internet Explorer Toolbar (HKLM-x32\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
REA's TESTware for CLEP Western Civilization I (HKLM-x32\...\{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}) (Version: 1.4.5 - REA, Inc. )
REA's TESTware for the CLEP Analyzing and Interpreting Literature (HKLM-x32\...\{385A96ED-83C8-4D5A-A092-54DB74762C34}) (Version: 2.1.0 - REA, Inc. )
REA's TESTware for the CLEP Sociology (HKLM-x32\...\{E21541B5-28DE-44BF-8E4A-8CCBC07BBBC2}) (Version: 2.1.0 - REA, Inc. )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Timez Attack (HKLM-x32\...\Timez Attack 4.04) (Version: 4.04 - Big Brainz)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Unity Web Player (HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.17 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.17 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Product Key Finder Pro® 2.3 (HKLM-x32\...\Windows Product Key Finder Pro®_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
CustomCLSID: HKU\S-1-5-21-2631828835-1692535062-918339071-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kim\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0411E330-B02E-4DDB-8D83-9384BCD3F0E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2E7712E1-9224-42E0-A2C0-6A10284B058C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {3C503B32-051C-4CCD-B831-56ED597BF4F1} - System32\Tasks\{77FAD775-F429-4548-A84D-A699CC02DFB8} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {4125E415-15DC-4A48-8624-94B927BB8A8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {74B8B36B-15C1-4FF1-B74A-9F6BDCC3261B} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {83617077-7043-46D2-A383-22F16D331902} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {84C13001-B456-41B1-9856-C0E5D9912E15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8A4654C3-72C1-45E1-BF68-624F35E7DE92} - System32\Tasks\{6A0597DD-9210-4B2B-8CB5-98961E7CBC55} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {8E26FB08-9DC1-4CA1-87C2-99634E847F26} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {92547137-8D93-41ED-8DFB-AD01BF503E0D} - System32\Tasks\{3B7B202E-67C9-47FB-801C-BD45E3ADF258} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {A7E3CA90-71C1-45D8-80B0-030B490959BE} - System32\Tasks\{3AFACA54-2EF1-434E-8CD3-8A12C9D271E1} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {B0BF6FF7-3E53-4CB5-A11A-97E028F1A5C6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {C2CF61FF-E200-407D-BDA9-0E4AF67F8F2E} - System32\Tasks\{0FE4BE20-286B-4D10-A665-2B5197E46B3E} => C:\Users\Kim\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {D8A79E2E-C7EC-485A-8102-82F4F0E86690} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {E4060FE6-4AD1-4E75-920E-0D77A7B26419} - System32\Tasks\{B277DD0F-9F75-4CA4-9A76-810D6A797A28} => pcalua.exe -a "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DU5I8Y8R\aleks316.exe" -d C:\Users\Kim\Desktop
Task: {E9D37995-BA16-42BE-8C91-D4F48CD5878B} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
Task: {FA4644A0-D68D-48A8-BC8A-47FCA46971BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {FE436B2E-F39C-4319-AEA4-E18F7239627C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-03 20:36 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-08-26 21:39 - 2010-06-24 13:34 - 00091456 _____ () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-12 21:23 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2009-09-17 14:41 - 2009-09-17 14:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\qflix.com -> hxxp://qflix.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\sonic.com -> hxxp://redirect.sonic.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1001\...\123simsen.com -> www.123simsen.com

There are 7718 more sites.

IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\S-1-5-21-2631828835-1692535062-918339071-1003\...\123topsearch.com -> www.123topsearch.com

There are 5420 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-02-21 14:08 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2631828835-1692535062-918339071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2631828835-1692535062-918339071-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Facebook Update => "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exe
FirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3FD748ED-98F4-456D-913E-E3B96272A548}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{72A3024A-1FB4-44BB-9219-9519739BC4B8}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{856E1781-80E9-4176-AEA4-8D80302D2D10}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{8808DBED-C6D6-4570-AF68-6A7FC5CD3656}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{083A8ACA-7431-406E-A0A6-8BF662299AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8CCFF1-75CA-4247-92CE-E26C11D8AAAE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02D4D4C9-C541-4A95-B544-1C68B3CDB5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B877B5CC-B971-4BC4-BABC-55411B049359}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A2A93002-729F-4B0D-8B54-809BECBA5EDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CAE4062-C06D-4AB5-B177-9C4239107046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{019C7C98-FEBC-4A2B-92F6-28F2D76CE7BC}] => (Allow) C:\Users\Kim\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3757EAE9-6534-4556-9B19-B349EC9D5609}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DE7B00B8-3F3B-44E9-8986-AC8E86757B1C}] => (Allow) LPort=2869
FirewallRules: [{2AA98B20-E522-4806-9866-A9627313C602}] => (Allow) LPort=1900
FirewallRules: [{9CD0366B-71AC-452C-8E44-765FAB8122AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BD01FFE-DF07-468A-92B0-96389412BF2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-12-2015 22:46:49 Windows Update
16-12-2015 19:05:31 Windows Update
16-12-2015 19:34:12 Windows Update
17-12-2015 03:01:10 Windows Update
17-12-2015 10:58:06 Norton Security Suite Registry
18-12-2015 10:05:05 Windows Update
19-12-2015 10:32:46 Windows Update
20-12-2015 11:09:51 Windows Update
21-12-2015 03:00:18 Windows Update
22-12-2015 03:00:16 Windows Update
23-12-2015 09:44:09 Windows Update
24-12-2015 09:32:26 Windows Update
25-12-2015 10:52:48 Windows Update
27-12-2015 14:40:46 Windows Update
28-12-2015 08:54:16 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2015 09:25:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61798782

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61798782

Error: (12/28/2015 08:53:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6583

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6583

Error: (12/27/2015 03:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/27/2015 03:16:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/25/2015 01:24:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/24/2015 06:25:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

System errors:
=============
Error: (12/28/2015 09:43:35 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:38:24 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:33:14 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:28:04 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:25:30 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:20:20 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:18:54 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:14:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (12/28/2015 09:14:41 AM) (Source: BROWSER) (EventID: 8020) (User: )
Description: The browser was unable to promote itself to master browser.  The computer that currently
believes it is the master browser is unknown.

Error: (12/28/2015 09:09:31 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
  Date: 2014-02-21 14:07:40.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-21 14:07:40.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-15 13:14:46.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 13:05:21.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 13:01:18.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-15 12:37:05.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 10:21:19.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 10:14:55.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 05:39:22.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 05:27:26.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 69%
Total physical RAM: 3963.99 MB
Available physical RAM: 1210.36 MB
Total Virtual: 7926.18 MB
Available Virtual: 4214.52 MB

==================== Drives ================================

Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:157.93 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 74B860C1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Hello,

 

It does seem to be running much better and faster.  Do you happen to know why when you load on Yahoo or another web site that wants to start videos will cause the browser to hang and eventually want to stop the script or crash all together. 

 

Yes, the computer is running much faster.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.