1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved HP Laptop Issues

Discussion in 'Malware and Virus Removal Archive' started by Jobin1, 2015/05/29.

Page 1 of 3
  1. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    [Solved] HP Laptop Issues

    Hello,

    I am getting a bunch of redirects when I try to open up a browser window. Please advise
     
    Jobin1,
    #1
  2. 2015/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    HP laptop Log (FRST)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
    Ran by Owner (administrator) on OWNER-HP on 29-05-2015 22:06:34
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    (DeviceVM, Inc.) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\Program Files (x86)\LPT\srpts.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    () C:\Program Files\pcreg\pcreg.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Program Files (x86)\LPT\srptm.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (DisplayLink Corp.) C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Mindspark Interactive Network) C:\Program Files (x86)\RadioRage_4j Chrome Extension\bar\CrxRegPatcher.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Owner\Downloads\FRST64 (2).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ATT-SST_McciTrayApp] => "C:\Program Files\ATT-SST\McciTrayApp.exe "
    HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
    HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe "
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
    HKLM-x32\...\RunOnce: [RadioRage_4j Chrome Extension-bar-CrxRegPatcher] => C:\Program Files (x86)\RadioRage_4j Chrome Extension\bar\CrxRegPatcher.exe [56904 2013-03-26] (Mindspark Interactive Network)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [Spotify] => "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-09] (Google Inc.)
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [AVUS] => C:\Program Files (x86)\AVUS\AVUS.exe [115712 2011-01-29] (Andrea Bonfiglio)
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-28] (SUPERAntiSpyware)
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Policies\Explorer: [HideSCAHealth] 1
    AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File not found
    AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File not found
    Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-28] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-12-25]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk [2014-04-25]
    ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-28]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-4272471082-2487698185-2262164307-1000] => 
    AutoConfigURL: [S-1-5-21-4272471082-2487698185-2262164307-1000] => file://C:/Users/Owner/AppData/Local/LPT/Proxy.pac
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...HitachiXHTS725050A9A364_100825PCK404VLK5L29JX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1395676389&from=tugs&uid=HitachiXHTS725050A9A364_100825PCK404VLK5L29JX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts...HitachiXHTS725050A9A364_100825PCK404VLK5L29JX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1395676389&from=tugs&uid=HitachiXHTS725050A9A364_100825PCK404VLK5L29JX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?p=mKO_Aw...fuQwnQoXLZVdr404q9e6UxtitH0QkesZ2w69SU9UHP6ng,,
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms}
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms}
    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {536C86E3-50D3-4530-9301-4ACA6A9622FD} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {9A68D6A3-9179-41A7-9F9B-0CDB41A47845} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {D9C0B49A-8B5F-4EE8-855D-68FAFE3B4306} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {F286777F-A886-4576-BF6D-0956A75D2255} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> URL http://search.conduit.com/Results.aspx?ctid=CT3317822&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7AC33C7A-3A6B-416A-8F00-7D0CA152284D&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms}
    BHO: media enhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\media enhance\media enhance-bho64.dll [2014-03-23] (freeven)
    BHO: HQ-Vid-1.9b -> {11111111-1111-1111-1111-110511311172} -> C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-bho64.dll [2014-03-23] (HQ-forPC)
    BHO: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
    BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2010-06-08] (Egis Technology Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-09] (Sun Microsystems, Inc.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
    BHO-x32: media enhance -> {11111111-1111-1111-1111-110411411150} -> C:\Program Files (x86)\media enhance\media enhance-bho.dll [2014-03-23] (freeven)
    BHO-x32: HQ-Vid-1.9b -> {11111111-1111-1111-1111-110511311172} -> C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-bho.dll [2014-03-23] (HQ-forPC)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
    BHO-x32: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
    BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft
     
    Jobin1,
    #3
  5. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    HP Laptop Log (FRST) CONTINUED

    Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-10-06] (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
    Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll No File
    Toolbar: HKLM-x32 - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    Toolbar: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://usadrug.lifepics.com/net/Uploader/LPUploader57.cab
    DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts...HitachiXHTS725050A9A364_100825PCK404VLK5L29JX

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-28] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-28] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4272471082-2487698185-2262164307-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-4272471082-2487698185-2262164307-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4272471082-2487698185-2262164307-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
    FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010-10-17]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-25]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
    FF HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
    CHR Extension: (uTorrentBar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-03-24]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
    CHR Extension: (HQ-Video-Pro-1.9) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-28]
    CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-27]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
    CHR Extension: (media enhance) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo [2014-04-28]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
    CHR Extension: (Quick start) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-24]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
    CHR HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Owner\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Owner\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\crx12E1.tmp [2011-08-06]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\Exts\Chrome.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-24]
    StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-25] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8988048 2013-04-03] (DisplayLink Corp.)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
    R2 DvmMDES; C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-06-25] (DeviceVM, Inc.)
    S4 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [697712 2010-06-08] (Egis Technology Inc. )
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [36384 2014-02-25] () <==== ATTENTION
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
    R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X]
    S2 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [X]
    S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1
    S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.46733.0.sys [44944 2015-02-17] ()
    R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
    S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2009-10-26] (HTC, Corporation) [File not signed]
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [X]
    S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1307010.005\ccSetx64.sys [X]
    S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
    S3 EraserUtilDrv11210; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [X]
    S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
    S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120530.001\IDSvia64.sys [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120531.004\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120531.004\EX64.SYS [X]
    S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS [X]
    S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [X]
    S0 SymDS; system32\drivers\NISx64\1307010.005\SYMDS64.SYS [X]
    S0 SymEFA; system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [X]
    S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
    S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1307010.005\Ironx64.SYS [X]
    S3 SymNetS; \SystemRoot\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 22:06 - 2015-05-29 22:06 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (2).exe
    2015-05-29 21:54 - 2015-05-29 21:54 - 00056758 _____ () C:\Users\Owner\Downloads\Addition.txt
    2015-05-29 21:53 - 2015-05-29 22:06 - 00040535 _____ () C:\Users\Owner\Downloads\FRST.txt
    2015-05-29 21:52 - 2015-05-29 22:06 - 00000000 ____D () C:\FRST
    2015-05-29 21:52 - 2015-05-29 21:52 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2015-05-29 21:52 - 2015-05-29 21:52 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
    2015-05-29 21:51 - 2015-05-29 21:51 - 01147392 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2015-05-29 03:33 - 2015-05-29 03:33 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-05-29 03:28 - 2015-05-29 03:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-05-29 03:11 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-05-29 03:11 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-05-28 22:26 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-05-28 22:26 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-05-28 22:26 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-05-28 22:26 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-05-28 22:24 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-28 22:24 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-28 22:24 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-28 22:24 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-28 22:24 - 2015-04-03 22:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-28 22:24 - 2015-04-03 22:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-28 22:24 - 2015-04-03 22:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-28 22:24 - 2015-04-03 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-28 22:24 - 2015-04-03 22:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-28 22:24 - 2015-04-03 22:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-28 22:24 - 2015-04-03 22:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-28 22:24 - 2015-04-03 22:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-28 22:24 - 2015-04-03 22:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-28 22:24 - 2015-04-03 22:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-28 22:24 - 2015-04-03 22:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-28 22:24 - 2015-04-03 22:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-28 22:24 - 2015-04-03 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-28 22:24 - 2015-04-03 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-28 22:24 - 2015-04-03 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-28 22:23 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-28 22:23 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-28 22:23 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-28 22:23 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-28 22:23 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-28 22:23 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-28 22:23 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-28 22:23 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-28 22:23 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-28 22:23 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-28 22:23 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-28 22:23 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-28 22:23 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-28 22:23 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-28 22:23 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-28 22:23 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-28 22:23 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-28 22:23 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-28 22:23 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-28 22:23 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-28 22:23 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-28 22:23 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-28 22:23 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-28 22:23 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-28 22:23 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-28 22:23 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-28 22:23 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-28 22:23 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-28 22:23 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-28 22:23 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-28 22:23 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-28 22:23 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-28 22:23 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-28 22:23 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-28 22:23 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-28 22:23 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-28 22:23 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-28 22:23 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-28 22:23 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-28 22:23 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-28 22:23 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-28 22:23 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-28 22:23 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-28 22:23 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-28 22:23 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-28 22:23 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-28 22:23 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-28 22:23 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-28 22:23 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-28 22:23 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-28 22:23 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-28 22:23 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-28 22:23 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-28 22:23 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-28 22:23 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-28 22:23 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-28 22:23 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-28 22:23 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-28 22:23 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-28 22:23 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-28 22:23 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-28 22:23 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-28 22:23 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-28 22:23 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-28 22:23 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-28 22:23 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-05-28 22:23 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-05-28 22:23 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-05-28 22:23 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-05-28 22:23 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-05-28 22:23 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-05-28 22:23 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-05-28 22:23 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-05-28 22:23 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-05-28 22:23 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-05-28 22:23 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-05-28 22:23 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-05-28 22:23 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-05-28 22:23 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-05-28 22:23 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-05-28 22:23 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-05-28 22:23 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-05-28 22:23 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-05-28 22:23 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-05-28 22:23 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-05-28 22:23 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-05-28 22:23 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-05-28 22:23 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-05-28 22:23 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-05-28 22:23 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-05-28 22:23 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-05-28 22:22 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-28 22:22 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-05-28 22:22 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-05-28 22:22 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-05-28 22:22 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-05-28 22:22 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-05-28 22:22 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-05-28 22:22 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-05-28 22:22 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-05-28 22:22 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-05-28 22:22 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-05-28 22:22 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-05-28 22:22 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-05-28 22:22 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-05-28 22:22 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-05-28 22:22 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-05-28 22:22 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-05-28 22:22 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-05-28 22:22 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-05-28 22:22 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-05-28 22:22 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-05-28 22:22 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-05-28 22:22 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-05-28 22:22 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-05-28 22:22 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-05-28 22:22 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-05-28 22:22 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-05-28 22:22 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-05-28 22:22 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-05-28 22:22 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-05-28 22:22 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-05-28 22:22 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-05-28 22:22 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-05-28 22:22 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-05-28 22:22 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-05-28 22:22 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-05-28 22:22 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-05-28 22:22 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-28 22:22 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-28 22:21 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-28 22:21 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-28 22:21 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-28 22:21 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-28 22:21 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-28 22:21 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-28 22:21 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-28 22:21 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-28 22:21 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-28 22:21 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    20
     
    Jobin1,
    #4
  6. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    FRST Log Continued

    15-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-28 22:21 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-28 22:21 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-28 22:21 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-28 22:21 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-28 22:21 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-28 22:21 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-28 22:21 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-28 22:21 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-28 22:21 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-28 22:21 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-28 22:21 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-28 22:21 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-05-28 22:21 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-28 22:21 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-28 22:21 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-05-28 22:21 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-05-28 22:21 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-05-28 22:21 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-05-28 22:21 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-05-28 22:20 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-28 22:20 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-28 22:20 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-28 22:20 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-28 22:20 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-28 22:20 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-28 22:20 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-28 22:13 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-05-28 22:13 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-05-28 22:13 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-05-28 22:13 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-05-28 22:13 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-05-28 22:01 - 2015-05-28 22:01 - 00000000 ____D () C:\Program Files (x86)\GUMD68.tmp
    2015-05-27 21:14 - 2015-05-28 21:50 - 00000000 ____D () C:\Program Files (x86)\EZ Software Updater
    2015-05-27 21:14 - 2015-05-28 20:47 - 00000000 ____D () C:\Program Files (x86)\Media Downloader
    2015-05-27 03:39 - 2015-05-29 03:32 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-05-26 22:30 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-05-26 22:05 - 2015-05-26 22:05 - 00000000 ____D () C:\Program Files (x86)\Google

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 22:06 - 2011-12-17 21:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000UA.job
    2015-05-29 22:05 - 2011-12-17 21:40 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000Core.job
    2015-05-29 22:03 - 2012-04-01 11:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-29 22:02 - 2010-12-05 04:41 - 00000192 _____ () C:\Users\Owner\AppData\Local\mv_Photo.xml
    2015-05-29 22:02 - 2010-12-05 04:41 - 00000125 _____ () C:\Users\Owner\AppData\Local\mv_music.xml
    2015-05-29 20:34 - 2010-10-17 22:10 - 02087623 _____ () C:\Windows\WindowsUpdate.log
    2015-05-29 19:59 - 2014-03-23 19:54 - 00003100 _____ () C:\Windows\Tasks\media enhance-chromeinstaller.job
    2015-05-29 19:57 - 2014-03-23 19:56 - 00002544 _____ () C:\Windows\Tasks\HQ-Vid-1.9b-firefoxinstaller.job
    2015-05-29 19:56 - 2014-03-23 19:56 - 00003092 _____ () C:\Windows\Tasks\HQ-Vid-1.9b-chromeinstaller.job
    2015-05-29 19:56 - 2014-03-23 19:56 - 00001510 _____ () C:\Windows\Tasks\HQ-Vid-1.9b-updater.job
    2015-05-29 19:56 - 2014-03-23 19:56 - 00001466 _____ () C:\Windows\Tasks\HQ-Vid-1.9b-codedownloader.job
    2015-05-29 19:56 - 2014-03-23 19:54 - 00001540 _____ () C:\Windows\Tasks\media enhance-updater.job
    2015-05-29 19:55 - 2014-03-23 19:54 - 00002324 _____ () C:\Windows\Tasks\media enhance-firefoxinstaller.job
    2015-05-29 19:54 - 2014-03-23 19:54 - 00001496 _____ () C:\Windows\Tasks\media enhance-codedownloader.job
    2015-05-29 15:33 - 2013-03-26 15:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-05-29 04:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-05-29 04:46 - 2009-07-13 23:45 - 00014800 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-29 04:46 - 2009-07-13 23:45 - 00014800 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-29 03:37 - 2009-07-14 00:13 - 00810360 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-29 03:35 - 2014-04-26 22:17 - 00000000 ___RD () C:\Users\Owner\Dropbox
    2015-05-29 03:35 - 2014-04-26 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
    2015-05-29 03:34 - 2011-12-25 20:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2015-05-29 03:31 - 2010-10-17 22:20 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
    2015-05-29 03:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-29 03:31 - 2009-07-13 23:51 - 00088243 _____ () C:\Windows\setupact.log
    2015-05-29 03:31 - 2009-07-13 23:45 - 00424232 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-29 03:30 - 2014-03-24 10:54 - 00000000 ____D () C:\ProgramData\IePluginService
    2015-05-29 03:30 - 2013-11-11 23:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\NativeMessaging
    2015-05-29 03:30 - 2011-08-06 22:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Conduit
    2015-05-29 03:30 - 2011-08-06 22:23 - 00000000 ____D () C:\Program Files (x86)\Conduit
    2015-05-29 03:28 - 2015-02-04 04:16 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-05-29 03:28 - 2014-05-11 23:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-05-29 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-05-29 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-05-29 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-29 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-05-29 03:07 - 2014-04-21 08:33 - 00802974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-05-28 23:09 - 2011-04-24 11:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-05-28 23:03 - 2012-04-01 11:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-05-28 23:03 - 2012-04-01 11:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-05-28 23:03 - 2011-09-07 21:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-28 22:01 - 2011-12-17 21:40 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000UA
    2015-05-28 22:01 - 2011-12-17 21:40 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000Core
    2015-05-28 21:59 - 2014-04-26 22:17 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
    2015-05-28 21:59 - 2014-04-26 22:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-28 20:48 - 2010-12-05 04:35 - 00000000 ____D () C:\Users\Owner
    2015-05-28 20:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-05-28 20:47 - 2015-02-07 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-05-28 20:47 - 2010-10-17 22:31 - 00000000 ____D () C:\ProgramData\CinemaNow
    2015-05-28 20:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-05-28 20:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2015-05-27 03:16 - 2013-09-09 23:11 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-26 22:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

    ==================== Files in the root of some directories =======

    2010-12-25 20:03 - 2010-12-25 20:03 - 0000697 _____ () C:\Users\Owner\AppData\Roaming\ConvAPIPlugin.log
    2010-12-05 04:41 - 2015-05-29 22:02 - 0000125 _____ () C:\Users\Owner\AppData\Local\mv_music.xml
    2010-12-05 04:41 - 2015-05-29 22:02 - 0000192 _____ () C:\Users\Owner\AppData\Local\mv_Photo.xml
    2013-04-05 15:31 - 2013-04-05 15:31 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-12-25 17:57 - 2011-11-27 19:11 - 0001783 _____ () C:\ProgramData\hpzinstall.log
    2010-10-17 22:30 - 2010-10-17 22:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-09-09 14:46 - 2010-09-09 14:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-10-17 22:30 - 2010-10-17 22:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-09-09 14:41 - 2010-09-09 14:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-10-17 22:29 - 2010-10-17 22:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-10-17 22:30 - 2010-10-17 22:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-09-09 14:40 - 2010-09-09 14:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-09-09 14:42 - 2010-09-09 14:45 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-10-17 22:30 - 2010-10-17 22:30 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\air10D2.exe
    C:\Users\Owner\AppData\Local\Temp\airC3E.exe
    C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp75ov_u.dll
    C:\Users\Owner\AppData\Local\Temp\Extract.exe
    C:\Users\Owner\AppData\Local\Temp\file_162014.exe
    C:\Users\Owner\AppData\Local\Temp\file_3827333322.exe
    C:\Users\Owner\AppData\Local\Temp\file_to_run55555.exe
    C:\Users\Owner\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Owner\AppData\Local\Temp\HPQSi.exe
    C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
    C:\Users\Owner\AppData\Local\Temp\mgsqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\MSN96F2.exe
    C:\Users\Owner\AppData\Local\Temp\nsd349A.exe
    C:\Users\Owner\AppData\Local\Temp\nsg3386.exe
    C:\Users\Owner\AppData\Local\Temp\nsg3654.exe
    C:\Users\Owner\AppData\Local\Temp\nsg4222.exe
    C:\Users\Owner\AppData\Local\Temp\nsgDBA.exe
    C:\Users\Owner\AppData\Local\Temp\nsi43F8.exe
    C:\Users\Owner\AppData\Local\Temp\nsoF259.exe
    C:\Users\Owner\AppData\Local\Temp\nsq1069.exe
    C:\Users\Owner\AppData\Local\Temp\nst281B.exe
    C:\Users\Owner\AppData\Local\Temp\nst2CAE.exe
    C:\Users\Owner\AppData\Local\Temp\nstA7A.exe
    C:\Users\Owner\AppData\Local\Temp\nstEECF.exe
    C:\Users\Owner\AppData\Local\Temp\nsx8854.exe
    C:\Users\Owner\AppData\Local\Temp\nsxA597.exe
    C:\Users\Owner\AppData\Local\Temp\ose00000.exe
    C:\Users\Owner\AppData\Local\Temp\Player.exe
    C:\Users\Owner\AppData\Local\Temp\Resource.exe
    C:\Users\Owner\AppData\Local\Temp\setup.exe
    C:\Users\Owner\AppData\Local\Temp\Shortcut_IMsetup.exe
    C:\Users\Owner\AppData\Local\Temp\SP50819.exe
    C:\Users\Owner\AppData\Local\Temp\SP52407.exe
    C:\Users\Owner\AppData\Local\Temp\SP53546.exe
    C:\Users\Owner\AppData\Local\Temp\SP53998.exe
    C:\Users\Owner\AppData\Local\Temp\SP54001.exe
    C:\Users\Owner\AppData\Local\Temp\sp54373.exe
    C:\Users\Owner\AppData\Local\Temp\sp58915.exe
    C:\Users\Owner\AppData\Local\Temp\SPStub.exe
    C:\Users\Owner\AppData\Local\Temp\SweetIMInstallValidator.exe
    C:\Users\Owner\AppData\Local\Temp\tbSwee.dll
    C:\Users\Owner\AppData\Local\Temp\tk6gzqnl.dll
    C:\Users\Owner\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Owner\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Owner\AppData\Local\Temp\WSSetup.exe
    C:\Users\Owner\AppData\Local\Temp\{A91D0E60-7687-4AEF-A233-483613F08191}-29.0.1547.66_chrome_installer.exe
    C:\Users\Owner\AppData\Local\Temp\{B3FD7B5B-8E96-43C7-AF94-8C3FCFAE2870}-28.0.1500.95_27.0.1453.116_chrome_updater.exe
    C:\Users\Owner\AppData\Local\Temp\~SpUnin~.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-26 23:32

    ==================== End of log ============================
     
    Jobin1,
    #5
  7. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Additional Scan Farbar

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
    Ran by Owner at 2015-05-29 21:54:18
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4272471082-2487698185-2262164307-500 - Administrator - Disabled)
    Guest (S-1-5-21-4272471082-2487698185-2262164307-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4272471082-2487698185-2262164307-1004 - Limited - Enabled)
    Owner (S-1-5-21-4272471082-2487698185-2262164307-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4272471082-2487698185-2262164307-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    27-05-2015 03:00:15 Windows Update
    28-05-2015 20:37:48 Restore Operation
    28-05-2015 22:20:31 Windows Update
    29-05-2015 00:11:54 Software Removal Tool
    29-05-2015 03:00:28 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2013-01-22 19:49 - 00000051 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05F3F694-8DAF-4757-917D-2BA7DFF8AA0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {05F3F694-8DAF-4757-917D-2BA7DFF8AA0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {1A436A7A-42B6-40ED-B5AB-3895DB32F53F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {1CFA8E53-356C-45A6-916A-1713ACFD40D5} - System32\Tasks\RealUTask: {05F3F694-8DAF-4757-917D-2BA7DFF8AA0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {05F3F694-8DAF-4757-917D-2BA7DFF8AA0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {1A436A7A-42B6-40ED-B5AB-3895DB32F53F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {1CFA8E53-356C-45A6-916A-1713ACFD40D5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4272471082-2487698185-2262164307-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {23292292-81CA-4931-989C-37BB6CB1A3F0} - System32\Tasks\HQ-Vid-1.9b-firefoxinstaller => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-firefoxinstaller.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {2430BF4C-7AEB-4BB1-8938-A8D6666229F8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4272471082-2487698185-2262164307-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {2430BF4C-7AEB-4BB1-8938-A8D6666229F8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4272471082-2487698185-2262164307-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {290E14A4-68E2-49F1-83A5-6781E946B77B} - System32\Tasks\HQ-Vid-1.9b-chromeinstaller => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-chromeinstaller.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {290E14A4-68E2-49F1-83A5-6781E946B77B} - System32\Tasks\HQ-Vid-1.9b-chromeinstaller => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-chromeinstaller.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {2E85B5B8-0D2A-4887-A28D-DB92E6C176CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2E85B5B8-0D2A-4887-A28D-DB92E6C176CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2F40D4B8-F115-43C6-AA7E-6FDA317357D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\WSCStub.exe
    Task: {2F40D4B8-F115-43C6-AA7E-6FDA317357D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\WSCStub.exe
    Task: {3040FB1D-016F-4BEE-B094-1973CD71C29E} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe [2014-03-23] (freeven) <==== ATTENTION
    Task: {3F993FA1-EBA1-437B-9529-25AC51BB05CF} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {3F993FA1-EBA1-437B-9529-25AC51BB05CF} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {45226DF1-F063-47E0-93ED-D5C680369982} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {45226DF1-F063-47E0-93ED-D5C680369982} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {4F1FD1C6-3770-4FBF-9D36-608D4C50A267} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {4F1FD1C6-3770-4FBF-9D36-608D4C50A267} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {575C20F0-71A5-429F-876D-7EF9C4D5D46C} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {575C20F0-71A5-429F-876D-7EF9C4D5D46C} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {576DE0F5-61F6-4AC6-8118-501F22DAF2CB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
    Task: {6396F534-ADC6-4D25-A963-065038E23FA0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\SymErr.exe
    Task: {63FDAAC3-E7BF-40F0-85B1-0B2A38EE6621} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
    Task: {63FDAAC3-E7BF-40F0-85B1-0B2A38EE6621} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
    Task: {67BD3A49-002B-4CED-87C7-CF13B6991A5D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {71C190F9-906E-4AA4-AB91-949118E547B5} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe [2014-03-23] (freeven) <==== ATTENTION
    Task: {76033E15-5C36-49CF-81B6-E67B286185C1} - System32\Tasks\{0B10488A-FAFE-446A-917D-D1C29974B577} => pcalua.exe -a C:\Users\Owner\AppData\Roaming\key-find\UninstallManager.exe
    Task: {88BC76DD-BDD0-4D35-9555-6CAB260C6559} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4272471082-2487698185-2262164307-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {88BC76DD-BDD0-4D35-9555-6CAB260C6559} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4272471082-2487698185-2262164307-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {8EAE56E0-3469-44EE-9758-7F898027CD70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {9685EA87-3147-4ADD-A1A7-AC96AA1F7750} - System32\Tasks\HQ-Vid-1.9b-codedownloader => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-codedownloader.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {9D35E731-8B60-45FC-92D5-590EF3EFEC59} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe [2014-03-23] (freeven) <==== ATTENTION
    Task: {9D35E731-8B60-45FC-92D5-590EF3EFEC59} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe [2014-03-23] (freeven) <==== ATTENTION
    Task: {A983BA80-F489-4828-88CB-0CEB4135B158} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
    Task: {B36544A0-E72F-400C-8A67-6400D83777B3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {B5D7F514-3D60-4063-A313-E8EB43DD5DB8} - System32\Tasks\HQ-Vid-1.9b-updater => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-updater.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {B5D7F514-3D60-4063-A313-E8EB43DD5DB8} - System32\Tasks\HQ-Vid-1.9b-updater => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-updater.exe [2014-03-23] (HQ-forPC) <==== ATTENTION
    Task: {C58F7537-428A-4C47-AE82-06E67315852D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CTBVGHG => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {C7DF5A5D-E182-462D-BED8-982B5E13475B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {C7DF5A5D-E182-462D-BED8-982B5E13475B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {CB9FF437-0684-47B1-B323-6593291C3D0C} - System32\Tasks\{1EFDCF85-3F4B-4B2D-8FA0-71A40931C8F8} => pcalua.exe -a "C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2G8D8OC\WebInterface[1].exe" -d C:\Users\Joe\Desktop
    Task: {E00C2F78-35CD-40EB-8B31-DC2A15340966} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-05] (Microsoft Corporation)
    Task: {E0C0CDB0-CD53-4A53-9C03-BABA22B3D3EA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4272471082-2487698185-2262164307-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {E0C0CDB0-CD53-4A53-9C03-BABA22B3D3EA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4272471082-2487698185-2262164307-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
    Task: {E2370098-A286-4CE7-B4B2-D18038F30BA4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
    Task: {F267E917-15E3-404C-B302-934ABF58C431} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
    Task: {F267E917-15E3-404C-B302-934ABF58C431} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
    Task: {F3D13C3D-25DB-4A73-AF46-5B4C785E15B4} - System32\Tasks\Norton Internet Security\Norton ErTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272471082-2487698185-2262164307-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HQ-Vid-1.9b-chromeinstaller.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-chromeinstaller.exe <==== ATTENTION
    Task: C:\Windows\Tasks\HQ-Vid-1.9b-codedownloader.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-codedownloader.exe6/reinstallapp /runfrom=task /agentregpath='HQ-Vid-1.9b' /appid=53172 /srcid='001327' /subid='0' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installerfullversion=1.34.3.17 /installationtime=1395622582 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com /defbro=ch /aTask: C:\Windows\Tasks\HQ-Vid-1.9b-chromeinstaller.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-chromeinsTask: C:\Windows\Tasks\HQ-Vid-1.9b-firefoxinstaller.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-firefoxinstaller.exeO/installxpi /agentregpath='HQ-Vid-1.9b' /extensionfilepath C:\Program Files (x86)\HQ-Vid-1.9b\53172.xpi' /appid=53172 /srcid='001327' /subid='0' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installerfullversion=1.34.3.17 /installationtime=1395622582 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com /extensionversion=0.94 /prefsbranch=aee5ad1Task: C:\Windows\Tasks\HQ-Vid-1.9b-firefoxinstaller.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-firefoxinstaller.exeO/installxpi /agentregpath='HQ-Vid-1.9b' /extensionfilepath C:\Program Files (x86)\HQ-Vid-1.9b\53172.xpi' /appid=53172 /srcid='001327' /subid='0' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installerfullversion=1.34.3.17 /installationtime=1395622582 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com /extensionversion=0.94 /prefsbranch=aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/53172.rdf /extensionname='HQ-Vid-1.9b' /extensiondesc='HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.' /publishername='HQ-forPC' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <=Task: C:\WindowTask: C:\Windows\Tasks\HQ-Vid-1.9b-updater.job => C:\Program Files (x86)\HQ-Vid-1.9b\HQ-Vid-1.9b-updater.exeS/runupdater /agentregpaTask: C:\Windows\Tasks\media enhance-codedownloader.job => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exeA/reinstallapp /runfrom=task /agentregpath='media enhance' /appid=44150 /srcid='000555' /subid='verticals-' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installerfullversion=1.34.3.17 /installationtime=1395622421 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossTask: C:\Windows\Tasks\media enhance-chromeinstaller.job => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe <==== Task: C:\Windows\Tasks\media enhance-firefoxinstaller.job => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exeÃ/installxpi /agentregpath='media enhance' /extensionfilepath C:\Program Files (x86)\media enhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installerfullversion=1.34.3.17 /installationtime=1395622421 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.94 Task: C:\Windows\Tasks\media enhance-firefoxinstaller.job => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exeÃ/installxpi /agentregpath='media enhance' /extensionfilepath C:\Program Files (x86)\media enhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversionTask: C:\Windows\Tasks\media enhance-updater.job => C:\Program Files (x86)\media enhance\media enhance-updater.exe^/runupdater /agentregpath='media enhance' /appid=44150 /srcid='000555' /subid='verticals-' /zdata='0/' /bic=72CE9EB6F5A8433EAF0C56E41F373937IE /verifier=7d74c42450dc97b8754389f9340f2ea5 /installerversion=1_34_3_17 /installationtime=1395622421 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=http:/stats.mstatsserv.com /autoupdateulr='http:/update.srvstatsdata.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTIONTa
    ==================== Loaded Modules (Whitelisted) ==============

    2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-02-25 11:54 - 2014-02-25 11:54 - 00036384 _____ () C:\Program Files (x86)\LPT\srpts.exe
    2014-02-25 11:54 - 2014-02-25 11:54 - 00036384 _____ () C:\Program Files (x86)\LPT\srpts.exe
    2014-04-25 03:13 - 2014-04-25 03:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
    2014-02-25 11:54 - 2014-02-25 11:54 - 00023072 _____ () C:\Program Files (x86)\LPT\srptm.exe
    2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    vice "


    e "

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4272471082-2487698185-2262164307-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\ACD Wallpaper.bmp
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A2DFE5C5-5957-4C44-8781-E7B5B6E33B41}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{4EE11704-7B44-412C-A807-46268C1D3FC2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{B8A56CE5-E2D1-4D01-B3F4-804422282AC7}] => (Allow) svchost.exe
    FirewallRules: [{FA4D7FCD-61A5-4CD4-AA10-52A32FA743A0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{BE5C95C1-80AA-4211-BDF3-E799022A8CD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{25D2C11D-4EEC-4CC4-AB9E-F3746C8FD804}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{F76DF5F8-1639-44AF-BA2E-088595BD843E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{757385B3-2802-403F-BB20-A14454AFA875}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{BAA931FD-9214-431D-981F-21CD7E91F3D3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{CD6B6712-8C63-43C1-B1F7-BDE250CA2A85}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{7511328A-1D4B-41DE-8F78-A55D5C427BA3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{C269AC51-B755-4C35-88B1-01FACB9527DF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{0C2457CF-F902-40CB-BC31-5EFDF4358F2F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{7FA177A5-1618-435F-BEF3-9F3EFF2F5E20}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{7BB16B5A-A266-4580-8A96-EA58D3FF4786}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{0A8623F0-CFA2-4EBF-9617-486D9AE5A62F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{6A1CFA53-7795-4B18-BE6D-641E29946B84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{073D0B5A-6F47-45AA-98BF-18A3A17A4F68}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{7A79D341-8B8A-4D4A-9A2B-77C4913AF7B8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{588D91F6-AC47-4E3A-BC0A-BDAE7A834C89}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
    FirewallRules: [{78FD7662-B067-4A83-B952-7D39DBE54EDD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
    FirewallRules: [{11E4FB3A-1B7B-4889-91B2-445E5CE7DCB0}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    FirewallRules: [{49F0C20F-E637-4426-9B78-421DC8CD70C8}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    FirewallRules: [{E430AAAC-0A77-4531-A894-94BEFB389EC9}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [TCP Query User{CA4FE6DE-0990-42FD-BD01-FAF379D04D9A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{D2E7C926-7F5A-4CF8-B25E-08E09B954E3D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{1C5E4DF6-C813-458D-91B1-8AD35067A563}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{A26AA969-74FF-4AA7-94A4-31A93464218A}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{643DADCA-7D5B-440C-85F6-32C9AC55C996}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1BF9\OJ6500vE709_Full_14\setup\hpznui40.exe
    FirewallRules: [{2E1392D7-A85D-487E-8990-D776DF18B17D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9611E8ED-4E46-492E-9C6E-B6316B3100B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{7F15C4EB-92F0-42B3-B837-B84484AB43E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{080A4FC9-53ED-4B55-9BE8-B31C8AE9EA5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{C388539C-FD01-4214-8E03-0E764AF30D7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{E3189D51-45A2-474D-9E67-513F2245B50A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{C071E0EB-1B6A-47DB-AAB7-DA4E92B28EA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{C97AF8C8-5253-4006-BCD2-2D17163853E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{1EC19E80-23C8-4F73-8E30-8A1D1EBD7C52}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{A7C6EF2E-9FCA-4F98-81E1-00725F7A29BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{E3320B10-8792-4C3C-A010-E4B58815E4CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{C93D2A25-C77B-48D2-B30B-311DD329D6E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{450E8842-D191-4C11-A235-617EFA7AC9F6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{87D67BFC-96CE-45E9-8B94-013C90406256}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{80A822AA-D476-4345-8052-0B455B56E6FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{A9BE9360-0F42-4A17-918F-E8A3C3B02807}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{9E09F0B0-6191-4D1D-9233-555248AD1B5A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{9EEC2BE8-E6A6-430D-BF11-FF10C17D53FD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{74C06951-939F-46B8-B92B-A93A9DD17572}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{86DD86AF-5A12-471E-B3A5-60557831C6DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{7A7ACB9F-5B07-41A1-B681-B5D465A369D0}] => (Allow) C:\Program Files (x86)\LemonWire\LemonWire.exe
    FirewallRules: [{3CE42D09-8250-4B39-B131-BDDA0FE5FD7A}] => (Allow) C:\Program Files (x86)\LemonWire\LemonWire.exe
    FirewallRules: [TCP Query User{DAA5CB66-447E-408E-8D72-4CE328639379}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{02C2044E-AB4C-49A5-B937-49E6D39E83A4}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{BA752812-0FEE-4068-853A-36D2A981F0F1}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [UDP Query User{EF078B9A-8FCF-4A7A-964B-08717A64A4D4}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
    FirewallRules: [{5B07BF64-A896-4040-B918-CCB97F80B366}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0517D8DA-3ECA-4766-A0DF-4A8FB2F0C0A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B3B39954-FF3C-4350-877B-AC945DCBAA46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FDC1FB1F-83D9-4E33-99B2-0EE724FE7BCC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{E8B0E48C-66A8-43DD-A6DF-AC10395BF13C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{1E67DFBD-5207-415F-BA34-0E82617F78FC}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{70239831-A983-4F1B-B8BE-7751E1A1F7D1}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    FirewallRules: [{21CCF809-9B5E-4C98-A67C-F95A536DB03C}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    FirewallRules: [{60BC62A9-273A-4AC5-A915-A719B570D53F}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    FirewallRules: [{9364DE7D-482C-4A79-B475-45F57C4303B5}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    FirewallRules: [{14568908-F39B-473A-B4E7-254605255384}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    FirewallRules: [{CBE908B8-DA3A-4177-BC0E-10B322660F56}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{FA6AA359-E816-49AA-83BD-CDD81D54449E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{C8DD51F6-470E-4078-89B8-D1B1808C03CC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{17C0184E-F412-4DB4-BA8B-CCFA955630A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{E199B3EE-22EF-4F58-95F9-0219B9F1C528}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{6A37CBF3-84CD-40A4-AA66-32908D019B1C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{A48A9D8A-A680-4AA4-A59A-72FAE66EA12C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{EF60603B-06ED-4A37-A84A-076E09A22B0E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{A8B823B3-DA60-480C-871F-F6D4A20244DA}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{41384276-977F-46A6-9C82-FE2609012199}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{890A2587-13FC-42D6-83D1-C5CE5920ECCA}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{19AD31F8-41D2-439D-B775-3114F876AAC0}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [TCP Query User{A8EFE8F8-FD87-42B8-9767-C388AAA39AE9}C:\users\owner\appdata\local\temp\teamviewer\version8\teamviewer.exe] => (Allow) C:\users\owner\appdata\local\temp\teamviewer\version8\teamviewer.exe
    FirewallRules: [UDP Query User{A4673682-8F00-432E-B28D-7AC1BF07BBF7}C:\users\owner\appdata\local\temp\teamviewer\version8\teamviewer.exe] => (Allow) C:\users\owner\appdata\local\temp\teamviewer\version8\teamviewer.exe
    FirewallRules: [{0D5AB948-5E64-4DAA-8EA7-818BCE2A501E}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{55A4F59F-D6F5-4C57-8B2D-2E5B38106FFD}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{82C300B5-AAFA-4C23-A5F4-35DD86F58F3C}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{3EB6BB0C-38DA-495A-A866-1E19BCC19C2D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{4E3BE418-6DC1-412C-BDD1-0F5F08A6445B}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{BCEB28FB-3D5A-42EB-89EB-D3AB762F4340}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A9C8B0DF-FB79-4859-8848-D973091EC140}] => (Allow) C:\Users\Owner\AppData\Local\Temp\airC3E.exe
    FirewallRules: [{75AF1273-B4FD-4590-B1A8-957A50D7A198}] => (Allow) C:\Users\Owner\AppData\Local\Temp\file_3827333322.exe
    FirewallRules: [{845874A5-C031-45B0-A456-401DAD2E9F5C}] => (Allow) C:\Users\Owner\AppData\Local\Temp\file_162014.exe
    FirewallRules: [{C52BC448-5268-457D-A77C-C44FFDE843B0}] => (Allow) c:\program files\pcreg\pcreg.exe
    FirewallRules: [{221E354C-94D1-4F63-B64A-E05E7E6B744C}] => (Allow) c:\program files\pcreg\pcreg.exe
    FirewallRules: [{A45EA58B-2113-4CEE-9E48-D8AC666B84DE}] => (Allow) c:\program files\pcreg\service.exe
    FirewallRules: [{40A5769F-C026-49B4-A805-CE9B0266EF3B}] => (Allow) c:\program files\pcreg\service.exe
    FirewallRules: [{367FE6D9-1D46-442C-BD80-E186D6F61F01}] => (Allow) C:\Users\Owner\AppData\Local\Temp\file_to_run55555.exe
    FirewallRules: [{A6A0C086-012C-4CB9-A227-DF211F3E2310}] => (Allow) C:\Users\Owner\AppData\Local\Temp\file_to_run55555.exe
    FirewallRules: [{E41C92EC-49A4-4A6E-90F4-190DD3CCF543}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{D4E3444F-7152-4B71-88D5-023249A355FB}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{8128666A-5583-41B7-85DD-1ADDEC65AFAF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{48B4D143-B391-43ED-A082-94111E0FEBEA}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{7C894694-7674-42FC-B1D1-CBAB9E9AB2D6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

    ==================== Faulty Device Manager Devices =============

    Name: Belkin USB Wireless Adaptor
    Description: Belkin USB Wireless Adaptor
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: Symantec Iron Driver
    Description: Symantec Iron Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SymIRON
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: BHDrvx64
    Description: BHDrvx64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BHDrvx64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Norton Internet Security Settings Manager
    Description: Norton Internet Security Settings Manager
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ccSet_NIS
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
    Jobin1,
    #6
  8. 2015/05/29
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Additional Scan Farbar

    Name: IDSVia64
    Description: IDSVia64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: IDSVia64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Symantec Real Time Storage Protection (PEL) x64
    Description: Symantec Real Time Storage Protection (PEL) x64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SRTSPX
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Symantec Eraser Control driver
    Description: Symantec Eraser Control driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: eeCtrl
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2015 03:33:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Exception code: 0xc0000005
    Fault offset: 0x0002e96d
    Faulting process id: 0x1308
    Faulting application start time: 0xSoftwareUpdater.exe0
    Faulting application path: SoftwareUpdater.exe1
    Faulting module path: SoftwareUpdater.exe2
    Report Id: SoftwareUpdater.exe3

    Error: (05/28/2015 10:04:58 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (05/28/2015 09:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Exception code: 0xc0000005
    Fault offset: 0x0002e96d
    Faulting process id: 0x13c8
    Faulting application start time: 0xSoftwareUpdater.exe0
    Faulting application path: SoftwareUpdater.exe1
    Faulting module path: SoftwareUpdater.exe2
    Report Id: SoftwareUpdater.exe3

    Error: (05/28/2015 08:29:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SUPERANTISPYWARE.EXE version 6.0.0.1194 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 350

    Start Time: 01d098e98ca58b07

    Termination Time: 0

    Application Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    Report Id: 202ea0f5-05a2-11e5-b78f-e4888e6c4ec8

    Error: (05/27/2015 03:44:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Exception code: 0xc0000005
    Fault offset: 0x0002e96d
    Faulting process id: 0xc40
    Faulting application start time: 0xSoftwareUpdater.exe0
    Faulting application path: SoftwareUpdater.exe1
    Faulting module path: SoftwareUpdater.exe2
    Report Id: SoftwareUpdater.exe3

    Error: (05/26/2015 11:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
    Exception code: 0xc0000005
    Fault offset: 0x00000000000295c2
    Faulting process id: 0xb60
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (05/26/2015 10:13:46 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (05/26/2015 10:04:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Exception code: 0xc0000005
    Fault offset: 0x0002e96d
    Faulting process id: 0x1294
    Faulting application start time: 0xSoftwareUpdater.exe0
    Faulting application path: SoftwareUpdater.exe1
    Faulting module path: SoftwareUpdater.exe2
    Report Id: SoftwareUpdater.exe3

    Error: (02/19/2015 11:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0, time stamp: 0x53209c6f
    Exception code: 0xc0000005
    Fault offset: 0x0002e96d
    Faulting process id: 0x1174
    Faulting application start time: 0xSoftwareUpdater.exe0
    Faulting application path: SoftwareUpdater.exe1
    Faulting module path: SoftwareUpdater.exe2
    Report Id: SoftwareUpdater.exe3

    Error: (02/17/2015 09:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3260


    System errors:
    =============
    Error: (05/29/2015 03:32:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Modules Installer service terminated with the following error:
    %%16405

    Error: (05/29/2015 03:31:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    BHDrvx64
    ccSet_NIS
    eeCtrl
    IDSVia64
    SRTSPX
    SymDS
    SymEFA
    SymIRON

    Error: (05/29/2015 03:31:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Norton Online Backup service failed to start due to the following error:
    %%2

    Error: (05/29/2015 03:31:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Norton Internet Security service failed to start due to the following error:
    %%2

    Error: (05/29/2015 03:31:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McciServiceHost service failed to start due to the following error:
    %%2

    Error: (05/29/2015 03:31:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IePlugin Service service failed to start due to the following error:
    %%2

    Error: (05/29/2015 03:31:25 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:29:21 AM on ‎5/‎29/‎2015 was unexpected.

    Error: (05/28/2015 09:56:33 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

    Error: (05/28/2015 09:53:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    BHDrvx64
    ccSet_NIS
    eeCtrl
    IDSVia64
    SRTSPX
    SymDS
    SymEFA
    SymIRON

    Error: (05/28/2015 09:53:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Norton Online Backup service failed to start due to the following error:
    %%2


    Microsoft Office:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2013-02-03 22:00:11.814
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 22:00:11.724
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 21:57:09.306
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 21:57:09.197
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 20:33:18.284
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 20:33:18.194
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 19:23:26.638
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 19:23:26.502
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 18:02:50.838
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 18:02:50.682
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    d not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 18:02:50.838
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-03 18:02:50.682
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
    Percentage of memory in use: 53%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1818.46 MB
    Total Pagefile: 7785.91 MB
    Available Pagefile: 5020.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:441.83 GB) (Free:225.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
    Percentage of memory in use: 53%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1817.93 MB
    Total Pagefile: 7785.91 MB
    Available Pagefile: 5018.47 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive d: (RECOVERY) (Fixed) (Total:23.64 GB) (Free:3.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 5590471A)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=23.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of log ============================Drive d: (RECOVERY) (Fixed) (Total:23.64 GB) (Free:3.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 5590471A)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=23.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of log ============================
     
    Jobin1,
    #7
  9. 2015/05/30
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please keep all posts relating to your original post in this thread in the same thread ....

    Do not start a new thread for each new posting.

    I have merged your threads.
     
    PeteC,
    #8
  10. 2015/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see any AV program running.
    Step 1 in our preliminaries calls for installing one of proposed AV program if you don't have any.
    What's the story there?
     
    broni,
    #9
  11. 2015/05/31
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Broni I am apologize. You are correct. I have installed AVG AV on the computer now.
     
    Jobin1,
    #10
  12. 2015/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported ".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
    broni,
    #11
  13. 2015/06/01
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Rougue Killer Log

    RogueKiller V10.8.0.0 [Jun 1 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Administrator]
    Started from : C:\Users\Owner\Downloads\RogueKiller (2).exe
    Mode : Scan -- Date : 06/01/2015 22:04:46

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 44 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {ae07101b-46d4-4a98-af68-0333ea26e113} : Smartbar -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {ae07101b-46d4-4a98-af68-0333ea26e113} : Smartbar -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} : -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} : -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CitrixReceiver : "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] -> Found
    [PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginService (C:\ProgramData\IePluginService\PluginService.exe -service) -> Found
    [PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginService (C:\ProgramData\IePluginService\PluginService.exe -service) -> Found
    [PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginService (C:\ProgramData\IePluginService\PluginService.exe -service) -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :  -> Found
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.helperbar.com/?p=mKO_Aw...fuQwnQoXLZVdr404q9e6UxtitH0QkesZ2w69SU9UHP6ng,, -> Found
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.helperbar.com/?p=mKO_Aw...fuQwnQoXLZVdr404q9e6UxtitH0QkesZ2w69SU9UHP6ng,, -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dealercentral.net/ -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dealercentral.net/ -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.helperbar.com/?p=mKO_Aw...fuQwnQoXLZVdr404q9e6UxtitH0QkesZ2w69SU9UHP6ng,, -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.helperbar.com/?p=mKO_Aw...fuQwnQoXLZVdr404q9e6UxtitH0QkesZ2w69SU9UHP6ng,, -> Found
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.key-find.com/web/?type=ds&ts=1395676389&from=tugs&uid=HitachiXHTS725050A9A364_100825PCK404VLK5L29JX&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRw,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Lp0IAYwHQV8QDdp3gVa-b7yaGQn4lEOQGmpV_fLPSju5i-n7STPk6pwRDcLbgzX-oy8ZmpR9zPBW8OrUbBpIDP_1GKaymsKoTKgBmOFUX_Aj3kuz2A0as7TMwiE0xRA,,&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.key-find.com/web/?type=ds&ts=1395676389&from=tugs&uid=HitachiXHTS725050A9A364_100825PCK404VLK5L29JX&q={searchTerms} -> Found
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4272471082-2487698185-2262164307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\4704 -- wscript.exe (C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B) -> Found

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
    --- User ---
    [MBR] b69d4771fb28495f862637ec30067f0c
    [BSP] 5f3240cf633363032bf94d5820119876 : Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 452429 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 926984192 | Size: 24207 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_05312015_214649.log - RKreport_DEL_05312015_214921.log - RKreport_SCN_05312015_230413.log - RKreport_SCN_06012015_220045.log
     
    Jobin1,
    #12
  14. 2015/06/01
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Malware log

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, IsLicensed, 13,
    Protection, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, Malware Protection, Stopping,
    Protection, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, Malware Protection, Stopped,

    (end)
     
    Jobin1,
    #13
  15. 2015/06/01
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, IsLicensed, 13,
    Protection, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, Malware Protection, Stopping,
    Protection, 6/1/2015 3:22:02 AM, SYSTEM, OWNER-HP, Protection, Malware Protection, Stopped,

    (end)
     
    Jobin1,
    #14
  16. 2015/06/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    MBAM log is incorrect.
    You posted "protection" log instead of "scan" log.
     
    broni,
    #15
  17. 2015/06/02
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Logfile: Malwarebyte log 6-2-15.txt

    alwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/2/2015
    Scan Time: 9:59:07 AM
    Logfile: Malwarebyte log 6-2-15.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.02.03
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 484534
    Time Elapsed: 47 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
    Jobin1,
    #16
  18. 2015/06/02
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/2/2015
    Scan Time: 9:59:07 AM
    Logfile: Malwarebyte log 6-2-15.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.02.03
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 484534
    Time Elapsed: 47 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
    Jobin1,
    #17
  19. 2015/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #18
  20. 2015/06/02
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    # AdwCleaner v4.206 - Logfile created 02/06/2015 at 18:44:04
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-01.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Owner - OWNER-HP
    # Running from : C:\Users\Owner\Downloads\adwcleaner_4.206 (2).exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\Driver Manager
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Uninstaller
    Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
    Folder Deleted : C:\Windows\SysWOW64\ARFC
    Folder Deleted : C:\Windows\SysWOW64\jmdp
    Folder Deleted : C:\Windows\SysWOW64\WNLT
    Folder Deleted : C:\Users\Owner\AppData\Local\Temp\AirInstaller
    Folder Deleted : C:\Program Files\pcreg
    Folder Deleted : C:\Windows\System32\ljkb
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\NativeMessaging
    Folder Deleted : C:\Users\Owner\AppData\Local\Tuguu_SL
    Folder Deleted : C:\Users\Owner\AppData\Local\WhiteListing
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\HPAppData
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Owner\Documents\PC Speed Maximizer
    File Deleted : C:\END
    File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Owner\AppData\LocalLow\SkwConfig.bin
    File Deleted : C:\Users\Owner\AppData\Roaming\ConvAPIPlugin.log

    ***** [ Scheduled tasks ] *****

    Task Deleted : pcreg

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411150}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511311172}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\SoftwareUpdater
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\DriverTuner_Init
    Key Deleted : HKCU\Software\DriverTuner
    Key Deleted : HKCU\Software\Avg Secure Update
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DeviceVM
    Key Deleted : HKLM\SOFTWARE\IePlugin
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Wpm
    Key Deleted : HKLM\SOFTWARE\Taronja
    Key Deleted : HKU\.DEFAULT\Software\IM
    Key Deleted : HKU\.DEFAULT\Software\ImInstaller
    Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16644


    -\\ Google Chrome v

    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.key-find.com/?type=hp&ts=1409105847&from=tugs&uid=HitachiXHTS725050A9A364_100825PCK404VLK5L29JX

    *************************

    AdwCleaner[R0].txt - [22529 bytes] - [01/06/2015 22:13:56]
    AdwCleaner[R1].txt - [11074 bytes] - [02/06/2015 18:27:13]
    AdwCleaner[S0].txt - [10306 bytes] - [02/06/2015 18:44:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10366 bytes] ##########
     
    Jobin1,
    #19
  21. 2015/06/02
    Jobin1

    Jobin1 Well-Known Member Thread Starter

    Joined:
    2011/09/17
    Messages:
    75
    Likes Received:
    0
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.7 (06.01.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Owner on Tue 06/02/2015 at 19:07:02.94
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

    [C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
    deghekbbihbapplmbffglehkdhkeibbm
    lekgiimbfodefdaoofhlckefjbgpeilo

    [C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    deghekbbihbapplmbffglehkdhkeibbm,
    lekgiimbfodefdaoofhlckefjbgpeilo,
    pelmeidfhdlhlbjimpabfcbnnojbboma
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/02/2015 at 19:10:09.06
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Jobin1,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...