Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access Toolslib & I see Crawler


  • This topic is locked This topic is locked
44 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 August 2014 - 03:49 PM

Hi everybody, how are you?

 

I can't get on toolslib.net in IE.  I freshly downloaded FireFox which started of with Crawler homepage.

 

Can I get help?

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16563  BrowserJavaVersion: 10.67.2
Run by teruko at 16:44:02 on 2014-08-16
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1918.877 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\WinService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\program files\teamviewer\version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
uRun: [MWSnap] "c:\program files\mwsnap\MWSnap.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim6] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TaskTray] <no file>
StartupFolder: c:\users\teruko~1.sco\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: LastPass - c:\users\teruko.scott-pc\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\teruko.scott-pc\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{EBDEB088-4629-45D2-8605-86932FF33781} : DHCPNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\teruko.scott-pc\appdata\roaming\mozilla\firefox\profiles\i3a8t6fa.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\teruko.scott-pc\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\teruko.scott-pc\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 574576]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-23 215624]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2009-7-1 21728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-3-15 233472]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-8-10 106248]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-8 286672]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-9 47640]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 133696]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-4-8 527168]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-8 286672]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-8 286672]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-8 286672]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-8 286672]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-4-8 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-4-8 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-4-8 179600]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2009-7-1 180224]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-6-17 5052224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 61400]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-15 37344]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-25 207360]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-26 236672]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-3-18 345584]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 13408]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-10-2 20328]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-10-16 84248]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-8-11 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-26 66408]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-3-18 81264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [2011-1-16 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [2011-1-16 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [2011-1-16 161040]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-10-16 181912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-08-16 18:59:36 -------- d-----w- c:\users\teruko.scott-pc\appdata\local\Deployment
2014-08-13 16:49:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-12 18:35:38 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-12 18:35:38 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-12 18:35:38 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-08-12 18:35:34 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-12 18:23:21 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-12 18:23:21 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-12 18:23:21 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-12 18:23:21 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-12 18:23:21 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-12 18:22:59 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-12 18:22:59 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-12 18:22:54 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-12 18:21:01 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-12 18:21:01 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2014-08-12 18:21:01 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2014-08-12 18:21:00 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2014-08-12 18:21:00 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-12 18:21:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-12 18:18:17 -------- d-----w- c:\program files\Avanquest update
2014-08-12 18:16:39 -------- d-----w- c:\programdata\Avanquest Software
2014-08-12 00:10:19 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-08-10 19:45:29 -------- d-----w- c:\program files\HitmanPro
2014-08-10 19:45:02 -------- d-----w- c:\programdata\HitmanPro
2014-08-10 18:31:49 -------- d-----w- c:\windows\ERUNT
2014-08-10 18:23:30 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-31 17:13:03 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-31 17:11:40 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-08-13 16:49:31 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-13 16:48:41 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 19:18:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-12 19:18:29 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-25 04:26:29 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-07-25 02:53:24 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-07-24 17:51:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-24 17:49:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-24 17:48:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-24 17:48:21 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-02-16 16:57:00 10965504 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 16:46:08.22 ===============
 


BC AdBot (Login to Remove)

 


#2 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 August 2014 - 03:51 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2008 10:12:59 PM
System Uptime: 8/16/2014 3:31:40 PM (1 hours ago)
.
Motherboard: OEM_MB |  | IVY8
Processor: AMD Sempron™ Dual Core Processor 2200 | Socket AM2  | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 42.661 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.157 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0003
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0003
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0004
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0004
Service: tunmp
.
Class GUID: {bc103702-dd72-406f-9b28-95c868337b59}
Description: Belkin USB Easy Transfer Cable
Device ID: ROOT\TRANSFER_CABLE\0000
Manufacturer: Microsoft
Name: Belkin USB Easy Transfer Cable
PNP Device ID: ROOT\TRANSFER_CABLE\0000
Service: winusb
.
==== System Restore Points ===================
.
RP2304: 8/8/2014 12:00:11 AM - Scheduled Checkpoint
RP2305: 8/9/2014 12:00:10 AM - Scheduled Checkpoint
RP2306: 8/10/2014 12:00:08 AM - Scheduled Checkpoint
RP2307: 8/10/2014 2:20:57 PM - Installed Java 7 Update 67
RP2308: 8/10/2014 4:09:22 PM - Checkpoint by HitmanPro
RP2309: 8/12/2014 12:00:07 AM - Scheduled Checkpoint
RP2310: 8/12/2014 2:25:55 PM - Windows Update
RP2311: 8/13/2014 3:14:40 PM - Scheduled Checkpoint
RP2312: 8/15/2014 5:28:23 AM - Scheduled Checkpoint
RP2313: 8/16/2014 12:00:05 AM - Scheduled Checkpoint
RP2315: 8/16/2014 3:15:45 PM - Revo Uninstaller's restore point - Adobe Reader X (10.1.11)
.
==== Installed Programs ======================
.
3D Ultra MiniGolf Deluxe
ActiveCheck component for HP Active Support Library
Adobe Flash Player 14 ActiveX
AIM 6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Avanquest update
BitTorrent
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Cheat Engine 6.0
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.12.327
CyberLink DVD Suite Deluxe
DAEMON Tools Lite
Driver Whiz
DriverFinder
DVD Play
Enhanced Multimedia Keyboard Solution
EpicPlay
Expert PDF 7 Reader
Facebook Video Calling 3.1.0.521
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Hardware Diagnostic Tools
Hardware Helper
HD Tune 2.55
Hidden Expedition Titanic
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Deskjet 2510 series Basic Device Software
HP Deskjet 2510 series Help
HP Deskjet 2510 series Product Improvement Study
HP Deskjet 2510 series Setup Guide
HP Photo Creations
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
ImgBurn
iTunes
Java 7 Update 67
Java Auto Updater
LabelPrint
LastPass(uninstall only)
Lexmark 3400 Series
Lexmark Fax Solutions
Lexmark Toolbar
LibreOffice 3.6
LightScribe System Software
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
Mozilla Firefox 31.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
MWSnap 3
NETGEAR WG111v2 wireless USB 2.0 adapter
NirSoft Wireless Network Watcher
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PANTECH Handset USB Driver V2
Pantech PCSuite
PC Wizard 2010.1.96
PCIe Soft Data Fax Modem with SmartCP
PeerBlock 1.1 (r518)
Power2Go
PowerDirector
PowerISO
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Rosetta Stone Version 3
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shared C Run-time for x86
Sierra Utilities
Spelling Dictionaries Support For Adobe Reader 9
TeamViewer 9
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Vista Codec Package
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/16/2014 3:34:27 PM, Error: Service Control Manager [7031]  - The TeamViewer 9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
8/16/2014 3:33:40 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/16/2014 3:32:01 PM, Error: volmgr [46]  - Crash dump initialization failed!
8/16/2014 3:20:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/16/2014 3:20:13 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2014 3:20:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2014 2:57:31 PM, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 21 August 2014 - 03:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544651 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 23 August 2014 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
 
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 
Download the  version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.


#5 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 23 August 2014 - 10:24 PM

MBAM was clean.  Below is AdwCleaner - should I click "Clean"?

 

# AdwCleaner v3.308 - Report created 23/08/2014 at 23:20:47
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : teruko - SCOTT-PC
# Running from : C:\Users\teruko.scott-PC\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10180 octets] - [31/07/2014 13:11:47]
AdwCleaner[R1].txt - [860 octets] - [10/08/2014 14:45:15]
AdwCleaner[R2].txt - [919 octets] - [10/08/2014 18:03:57]
AdwCleaner[R3].txt - [1161 octets] - [13/08/2014 23:27:29]
AdwCleaner[R4].txt - [855 octets] - [23/08/2014 23:20:47]
AdwCleaner[S0].txt - [10455 octets] - [31/07/2014 13:15:26]
AdwCleaner[S1].txt - [1227 octets] - [13/08/2014 23:29:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1035 octets] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 24 August 2014 - 07:52 AM

No it's clean.

 

Now run  the Farbar tool and post the requested logs for my review.



#7 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 24 August 2014 - 01:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03
Ran by teruko (administrator) on SCOTT-PC on 24-08-2014 14:20:03
Running from C:\Users\teruko.scott-PC\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxcycoms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\System32\WinService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McA7E36.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lexmark 3400 Series\lxcymon.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 3400 Series\ezprint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mirek Wojtowicz) C:\Program Files\MWSnap\MWSnap.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files\Lexmark 3400 Series\lxcymon.exe [291760 2006-11-29] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 3400 Series\ezprint.exe [82864 2006-11-29] (Lexmark International Inc.)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Lexmark Fax Solutions\fm3032.exe [295856 2006-11-29] ()
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-07-09] (McAfee, Inc.)
HKLM\...\Run: [TaskTray] => [X]
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [496768 2014-07-07] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [MWSnap] => C:\Program Files\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [Aim6] =>  :\Program Files\Windows Media Player\WMPNSCFG.exe                                                                                                                                                       (the data entry has 824 more characters).
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\MountPoints2: {bfa449e7-621e-11e3-8010-00235402edab} - G:\iStudio.exe
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\MountPoints2: {d1033cf5-7bb8-11dd-8340-806e6f6e6963} - E:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\Users\teruko.scott-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyUsers\S-1-5-21-2865942680-3751792326-3576083291-1011\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {4ECD9BFB-55E9-42E0-A875-21F5822773FC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {C5A53BEF-D7B8-4E53-A8D1-E8C44E1B30F9} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
SearchScopes: HKCU - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = 
SearchScopes: HKCU - {4ECD9BFB-55E9-42E0-A875-21F5822773FC} URL = 
SearchScopes: HKCU - {C5A53BEF-D7B8-4E53-A8D1-E8C44E1B30F9} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default
FF SearchEngineOrder.1: Crawler Search
FF Homepage: google.com
FF Keyword.URL: hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: npEpicPlayDisplayHost -> C:\Program Files\EpicPlay\npEpicHost.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-11]
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\textlinks@epicplay.com [2011-10-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2009-06-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-12-29]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks [2009-05-28]
 
Chrome: 
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-01-05]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0299131408241371mcinstcleanup; C:\Windows\TEMP\029913~1.EXE [851136 2014-06-13] (McAfee, Inc.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-08-10] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537520 2006-11-29] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-07-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [527168 2014-07-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-07-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-05-02] (McAfee, Inc.)
R2 SCM_Service; C:\Windows\System32\WinService.exe [180224 2007-03-29] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-05-02] (McAfee, Inc.)
S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-05-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-05-02] (McAfee, Inc.)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-10-10] (Motorola Inc)
S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] () [File not signed]
S3 PTQHBUS; C:\Windows\System32\DRIVERS\PTQHBUS.sys [55056 2009-12-15] (DEVGURU Co., LTD.)
S3 PTQHMDM; C:\Windows\System32\DRIVERS\PTQHMDM.sys [161040 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTQHVSP; C:\Windows\System32\DRIVERS\PTQHVSP.sys [161040 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-06-04] (LogMeIn, Inc.)
R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [288768 2007-12-26] (NETGEAR Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-08] (PowerISO Computing, Inc.) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-18] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-10] () [File not signed]
S3 IpInIp; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 Motorola-Netmon-MF; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U3 mbr; \??\C:\Users\TERUKO~1.SCO\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 14:20 - 2014-08-24 14:20 - 00025098 _____ () C:\Users\teruko.scott-PC\Desktop\FRST.txt
2014-08-24 14:19 - 2014-08-24 14:20 - 00000000 ____D () C:\FRST
2014-08-24 14:19 - 2014-08-24 14:19 - 01095168 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\FRST.exe
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-23 23:19 - 2014-08-23 23:19 - 01364531 _____ () C:\Users\teruko.scott-PC\Desktop\AdwCleaner.exe
2014-08-23 20:20 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-16 16:46 - 2014-08-16 16:46 - 00018023 _____ () C:\Users\teruko.scott-PC\Desktop\dds.txt
2014-08-16 16:46 - 2014-08-16 16:46 - 00008097 _____ () C:\Users\teruko.scott-PC\Desktop\attach.txt
2014-08-16 16:40 - 2014-08-16 16:40 - 00688992 ____R (Swearware) C:\Users\teruko.scott-PC\Desktop\dds.com
2014-08-16 15:07 - 2014-08-16 15:07 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 14:59 - 2014-08-16 14:59 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Deployment
2014-08-15 12:45 - 2014-08-15 12:45 - 00005587 _____ () C:\Users\teruko.scott-PC\Desktop\eset1.txt
2014-08-14 16:07 - 2014-08-14 16:07 - 00000641 _____ () C:\Users\teruko.scott-PC\Desktop\JRT.txt
2014-08-13 22:21 - 2014-08-13 22:21 - 00448512 _____ (OldTimer Tools) C:\Users\teruko.scott-PC\Desktop\TFC.exe
2014-08-13 22:07 - 2014-08-13 22:11 - 00002520 _____ () C:\Users\teruko.scott-PC\Desktop\Rkill.txt
2014-08-13 22:04 - 2014-08-13 22:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\teruko.scott-PC\Desktop\rkill.com
2014-08-13 14:07 - 2014-08-13 14:08 - 00002731 _____ () C:\Users\teruko.scott-PC\Desktop\FSS.txt
2014-08-13 12:49 - 2014-08-13 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-13 12:48 - 2014-08-13 13:55 - 00000000 ____D () C:\Users\teruko.scott-PC\Desktop\mbar
2014-08-12 23:39 - 2014-08-12 23:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\teruko.scott-PC\Desktop\mbar-1.07.0.1012.exe
2014-08-12 22:52 - 2014-08-13 13:59 - 00038976 _____ () C:\Users\teruko.scott-PC\Desktop\Result.txt
2014-08-12 22:50 - 2014-08-12 22:50 - 00401920 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\MiniToolBox.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00854410 _____ () C:\Users\teruko.scott-PC\Desktop\SecurityCheck.exe
2014-08-12 14:35 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 14:35 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 14:35 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 14:35 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 14:23 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:23 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:23 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:23 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-12 14:23 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:22 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:22 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:22 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-12 14:21 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:21 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:21 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-12 14:21 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:21 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:20 - 2014-07-25 00:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 14:20 - 2014-07-24 22:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 14:20 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:20 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:20 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:20 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:20 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-12 14:20 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:20 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:20 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-12 14:20 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-12 14:20 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-12 14:18 - 2014-08-12 14:18 - 00000000 ____D () C:\Program Files\Avanquest update
2014-08-12 14:16 - 2014-08-12 14:16 - 00000000 ____D () C:\ProgramData\Avanquest Software
2014-08-10 16:43 - 2014-08-10 16:43 - 00001146 _____ () C:\Windows\system32\.crusader
2014-08-10 15:45 - 2014-08-10 18:09 - 00001694 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 15:45 - 2014-08-10 16:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 15:45 - 2014-08-10 16:14 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 15:45 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-10 14:31 - 2014-08-10 14:31 - 01016261 _____ (Thisisu) C:\Users\teruko.scott-PC\Desktop\JRT.exe
2014-08-10 14:31 - 2014-08-10 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 14:24 - 2014-08-10 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-31 13:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-31 13:11 - 2014-08-23 23:21 - 00000000 ____D () C:\AdwCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 14:20 - 2014-08-24 14:20 - 00025098 _____ () C:\Users\teruko.scott-PC\Desktop\FRST.txt
2014-08-24 14:20 - 2014-08-24 14:19 - 00000000 ____D () C:\FRST
2014-08-24 14:20 - 2009-06-17 00:21 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{234BEF0A-EA90-4F26-804D-FBEC9D7D4C24}.job
2014-08-24 14:19 - 2014-08-24 14:19 - 01095168 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\FRST.exe
2014-08-24 13:56 - 2012-04-02 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 13:33 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:33 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 11:45 - 2012-07-30 11:40 - 00000946 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA.job
2014-08-24 11:45 - 2012-07-30 11:40 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core.job
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-24 07:11 - 2008-09-05 22:16 - 01357520 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 23:21 - 2014-07-31 13:11 - 00000000 ____D () C:\AdwCleaner
2014-08-23 23:19 - 2014-08-23 23:19 - 01364531 _____ () C:\Users\teruko.scott-PC\Desktop\AdwCleaner.exe
2014-08-23 22:42 - 2009-08-13 17:22 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Roaming\HpUpdate
2014-08-23 22:41 - 2014-05-13 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 16:46 - 2014-08-16 16:46 - 00018023 _____ () C:\Users\teruko.scott-PC\Desktop\dds.txt
2014-08-16 16:46 - 2014-08-16 16:46 - 00008097 _____ () C:\Users\teruko.scott-PC\Desktop\attach.txt
2014-08-16 16:40 - 2014-08-16 16:40 - 00688992 ____R (Swearware) C:\Users\teruko.scott-PC\Desktop\dds.com
2014-08-16 15:32 - 2008-01-20 23:02 - 00429928 _____ () C:\Windows\PFRO.log
2014-08-16 15:32 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 15:32 - 2006-11-02 08:44 - 00357080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 15:30 - 2006-11-02 08:58 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 15:20 - 2009-01-22 00:02 - 00000000 ____D () C:\Program Files\Adobe
2014-08-16 15:20 - 2008-12-25 05:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 15:07 - 2014-08-16 15:07 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 15:07 - 2009-04-12 13:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-16 14:59 - 2014-08-16 14:59 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Deployment
2014-08-16 14:59 - 2010-03-04 17:13 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Apps\2.0
2014-08-15 12:45 - 2014-08-15 12:45 - 00005587 _____ () C:\Users\teruko.scott-PC\Desktop\eset1.txt
2014-08-14 16:07 - 2014-08-14 16:07 - 00000641 _____ () C:\Users\teruko.scott-PC\Desktop\JRT.txt
2014-08-13 22:28 - 2013-12-23 17:08 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Temp
2014-08-13 22:21 - 2014-08-13 22:21 - 00448512 _____ (OldTimer Tools) C:\Users\teruko.scott-PC\Desktop\TFC.exe
2014-08-13 22:11 - 2014-08-13 22:07 - 00002520 _____ () C:\Users\teruko.scott-PC\Desktop\Rkill.txt
2014-08-13 22:04 - 2014-08-13 22:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\teruko.scott-PC\Desktop\rkill.com
2014-08-13 14:08 - 2014-08-13 14:07 - 00002731 _____ () C:\Users\teruko.scott-PC\Desktop\FSS.txt
2014-08-13 13:59 - 2014-08-12 22:52 - 00038976 _____ () C:\Users\teruko.scott-PC\Desktop\Result.txt
2014-08-13 13:55 - 2014-08-13 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-13 13:55 - 2014-08-13 12:48 - 00000000 ____D () C:\Users\teruko.scott-PC\Desktop\mbar
2014-08-13 12:48 - 2014-05-13 12:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 23:39 - 2014-08-12 23:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\teruko.scott-PC\Desktop\mbar-1.07.0.1012.exe
2014-08-12 22:50 - 2014-08-12 22:50 - 00401920 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\MiniToolBox.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00854410 _____ () C:\Users\teruko.scott-PC\Desktop\SecurityCheck.exe
2014-08-12 15:18 - 2012-04-02 22:08 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-12 15:18 - 2011-06-26 19:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-12 15:11 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-08-12 15:04 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-12 14:58 - 2006-11-02 06:33 - 00777308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 14:42 - 2013-07-09 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 14:37 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-12 14:24 - 2012-12-03 18:57 - 00001894 _____ () C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
2014-08-12 14:24 - 2012-12-03 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2014-08-12 14:18 - 2014-08-12 14:18 - 00000000 ____D () C:\Program Files\Avanquest update
2014-08-12 14:18 - 2012-12-03 18:56 - 00000000 ____D () C:\ProgramData\Avanquest
2014-08-12 14:18 - 2008-08-25 08:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-12 14:16 - 2014-08-12 14:16 - 00000000 ____D () C:\ProgramData\Avanquest Software
2014-08-10 18:09 - 2014-08-10 15:45 - 00001694 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 16:43 - 2014-08-10 16:43 - 00001146 _____ () C:\Windows\system32\.crusader
2014-08-10 16:43 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 16:14 - 2014-08-10 15:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 15:45 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-10 14:31 - 2014-08-10 14:31 - 01016261 _____ (Thisisu) C:\Users\teruko.scott-PC\Desktop\JRT.exe
2014-08-10 14:31 - 2014-08-10 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 14:26 - 2013-10-16 16:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 14:24 - 2008-08-25 09:15 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-10 14:23 - 2014-08-10 14:24 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-08 21:59 - 2014-01-21 14:08 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-08 21:59 - 2014-01-21 14:08 - 00000917 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-29 19:42 - 2011-03-31 11:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 14:50 - 2008-08-25 09:15 - 00000000 ____D () C:\Program Files\Java
2014-07-26 14:42 - 2009-10-14 22:48 - 00000000 ____D () C:\Users\scott.scott-PC\AppData\Roaming\HpUpdate
2014-07-25 00:26 - 2014-08-12 14:20 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
 
Files to move or delete:
====================
C:\Users\scott.scott-PC\jagex_runescape_preferences.dat
C:\Users\teruko.scott-PC\jagex_runescape_preferences.dat
C:\Users\theo\jagex_cl_runescape_LIVE.dat
 
 
Some content of TEMP:
====================
C:\Users\teruko.scott-PC\AppData\Local\Temp\ApnIC.dll
C:\Users\teruko.scott-PC\AppData\Local\Temp\ApnStub.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\Execute2App.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\msvcp90.dll
C:\Users\teruko.scott-PC\AppData\Local\Temp\msvcr90.dll
C:\Users\teruko.scott-PC\AppData\Local\Temp\progupd.dll
C:\Users\teruko.scott-PC\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\spiceworks_redist.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\Tsu-0704.dll
C:\Users\teruko.scott-PC\AppData\Local\Temp\VSUSetup.exe
C:\Users\teruko.scott-PC\AppData\Local\Temp\Zynga.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-24 04:35
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03
Ran by teruko at 2014-08-24 14:21:31
Running from C:\Users\teruko.scott-PC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Ultra MiniGolf Deluxe (HKLM\...\3D Ultra MiniGolf Deluxe) (Version:  - )
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
Cheat Engine 6.0 (HKLM\...\Cheat Engine 6.0_is1) (Version:  - Dark Byte)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Driver Whiz (HKLM\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
DriverFinder (HKLM\...\DriverFinder) (Version:  - DeskToolsSoft)
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.5411 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
EpicPlay (HKLM\...\EpicPlay) (Version:  - EpicPlay LLC)
Expert PDF 7 Reader (HKLM\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1800.0 - Avanquest software)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin POI Loader (HKLM\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4861.15 - PC-Doctor, Inc.)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 10.0 - Driver-Soft Inc.)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hidden Expedition Titanic (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111551630}) (Version:  - Oberon Media)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{79992AEE-6F58-4DAB-97D0-ADDF278F08F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Essential 2.5 (Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)
LastPass(uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
LibreOffice 3.6 (HKLM\...\{7654C4E3-86E8-4CD4-B1CE-8DBEA82C36E2}) (Version: 3.6.6.2 - The Document Foundation)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 13.6.1138 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PANTECH Handset USB Driver V2 (HKLM\...\{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}) (Version: 1.1.4583.1215 - PANTECH CO,.LTD)
Pantech PCSuite (HKLM\...\{9B3F33D3-E2BC-4BAE-93AB-41700072F680}) (Version: 1.0 - Pantech)
Pantech PCSuite (Version: 1.0 - Pantech) Hidden
PC Wizard 2010.1.96 (HKLM\...\PC Wizard 2010_is1) (Version:  - CPUID)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (Version: 6.5.2926 - CyberLink Corp.) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2008 WinPerFedFormset (Version: 008.000.0324 - Intuit Inc.) Hidden
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0214 - Intuit Inc.) Hidden
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0169 - Intuit Inc.) Hidden
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0969 - Intuit Inc.) Hidden
TurboTax 2008 WinPerUserEducation (Version: 008.000.0412 - Intuit Inc.) Hidden
TurboTax 2008 wpaiper (Version: 008.000.0112 - Intuit Inc.) Hidden
TurboTax 2008 wrapper (Version: 008.000.0063 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.6.2 - Shark007)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
 
==================== Restore Points  =========================
 
15-08-2014 09:28:23 Scheduled Checkpoint
16-08-2014 04:00:05 Scheduled Checkpoint
16-08-2014 19:15:45 Revo Uninstaller's restore point - Adobe Reader X (10.1.11)
18-08-2014 04:00:04 Scheduled Checkpoint
19-08-2014 04:00:06 Scheduled Checkpoint
20-08-2014 04:00:05 Scheduled Checkpoint
22-08-2014 00:59:09 Scheduled Checkpoint
23-08-2014 04:00:04 Scheduled Checkpoint
24-08-2014 04:00:05 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EC5C9CC-F492-4C39-8E76-60A208C414EF} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {34C88BFD-C905-4743-82B4-1B6C9ED72561} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-12] (Adobe Systems Incorporated)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {5EE1BB3B-05FA-4CD1-88F0-FA80A1A97028} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6CE13CC0-3297-4571-AC37-8AE5D75C031A} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {85846E7B-D4C5-46A7-B3C0-E7440AAA87B6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - teruko => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9BA041F0-4F81-4074-8B8E-BBE8C0A0D6D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A4EC0100-76A3-4BBF-B702-E499C8B41D19} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.)
Task: {D580D683-74F6-468D-B38A-EB1509DB64EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30] (Facebook Inc.)
Task: {E0C1436B-1E78-478B-829E-33E9DD71F952} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {E0DDA9CB-D893-472C-AB56-C0A4AACB472E} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {F2D78E15-606C-4261-9F75-744ACEE9433C} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {F7DCEA37-D29D-43EF-9844-FDB42F9CF98E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FFBAEA1A-B731-4BA4-9690-574AE889F063} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core.job => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA.job => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{234BEF0A-EA90-4F26-804D-FBEC9D7D4C24}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D1D30C02-1740-4FEA-944F-2B33943764A5}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-12-29 19:35 - 2006-11-22 12:51 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2008-12-29 19:35 - 2006-11-22 13:05 - 00012288 _____ () C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll
2008-12-29 19:35 - 2006-11-22 12:49 - 00032768 _____ () C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
2008-12-29 19:37 - 2006-11-27 06:50 - 00117760 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcypp5c.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-01 15:00 - 2007-03-29 18:42 - 00180224 _____ () C:\Windows\System32\WinService.exe
2009-02-20 17:41 - 2009-02-20 17:41 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-02-20 17:47 - 2009-02-20 17:47 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2008-12-29 18:17 - 2009-02-13 12:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2008-12-29 18:17 - 2009-02-13 12:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2008-12-29 18:17 - 2009-02-13 12:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2008-12-29 19:35 - 2006-11-29 15:57 - 00291760 _____ () C:\Program Files\Lexmark 3400 Series\lxcymon.exe
2008-12-29 19:35 - 2006-08-08 18:54 - 00278528 _____ () C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
2008-12-29 19:34 - 2006-05-25 19:20 - 00241664 _____ () C:\Program Files\Lexmark 3400 Series\iptk.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7b778d24921453a8669f3c3b9cc0b71e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-14 12:48 - 2014-02-14 12:48 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\1e35c2da60014113523a116c51f0f03a\Kies.Theme.ni.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 01822208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\98ab01d97977a8631264ad46875bebb3\Kies.UI.ni.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f8aa449d7a7b75bacbce9b9a8a34e\Kies.MVVM.ni.dll
2014-02-14 12:48 - 2014-02-14 12:48 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2009-07-01 15:00 - 2007-05-14 18:26 - 01261568 _____ () C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
2013-02-25 15:40 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-08-23 09:30 - 2013-08-23 09:30 - 06489088 _____ () C:\Users\teruko.scott-PC\AppData\LocalLow\LastPass\LPPlugin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0E660858
AlternateDataStreams: C:\ProgramData\TEMP:7C3E753C
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Belkin USB Easy Transfer Cable
Description: Belkin USB Easy Transfer Cable
Class Guid: {bc103702-dd72-406f-9b28-95c868337b59}
Manufacturer: Microsoft
Service: winusb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2014 08:29:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/19/2014 08:29:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/16/2014 03:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TeamViewer_Service.exe, version 9.0.31064.0, time stamp 0x53e1f644, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000374, fault offset 0x000b06fc,
process id 0x82c, application start time 0xTeamViewer_Service.exe0.
 
Error: (08/16/2014 03:33:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 03:15:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1baafa21-42ea-43d2-b4b9-2b2b73a3a362}
 
Error: (08/14/2014 08:17:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/14/2014 08:17:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/16/2014 03:34:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: TeamViewer 9120001Restart the service
 
Error: (08/16/2014 03:33:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/16/2014 03:32:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/16/2014 03:31:47 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/16/2014 03:20:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (08/16/2014 03:20:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (08/16/2014 03:20:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/16/2014 02:57:31 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (08/16/2014 02:57:28 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (08/16/2014 02:57:24 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
Microsoft Office Sessions:
=========================
Error: (08/19/2014 08:29:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/19/2014 08:29:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/16/2014 03:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer_Service.exe9.0.31064.053e1f644ntdll.dll6.0.6002.1888151da3e27c0000374000b06fc82c01cfb988cd067aa0
 
Error: (08/16/2014 03:33:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 03:15:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1baafa21-42ea-43d2-b4b9-2b2b73a3a362}
 
Error: (08/14/2014 08:17:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/14/2014 08:17:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-24 14:21:11.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 14:21:10.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 14:21:09.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 14:21:08.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:48.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:47.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:45.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:44.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:43.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 22:52:42.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Dual Core Processor 2200
Percentage of memory in use: 60%
Total physical RAM: 1917.76 MB
Available physical RAM: 759.27 MB
Total Pagefile: 4076.77 MB
Available Pagefile: 2121.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.08 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:138.03 GB) (Free:46.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MG_DLX) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 25 August 2014 - 07:28 AM

 
 
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
 
HKLM\...\Run: [TaskTray] => [X]
HKLM\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2865942680-3751792326-3576083291-1011\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - {4ECD9BFB-55E9-42E0-A875-21F5822773FC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
FF Keyword.URL: hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw=
FF Plugin: npEpicPlayDisplayHost -> C:\Program Files\EpicPlay\npEpicHost.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\askcom.xml
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-11]
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\textlinks@epicplay.com [2011-10-11]
S3 IpInIp; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 Motorola-Netmon-MF; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U3 mbr; \??\C:\Users\TERUKO~1.SCO\AppData\Local\Temp\mbr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0E660858
AlternateDataStreams: C:\ProgramData\TEMP:7C3E753C
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
EmptyTemp:
REBOOT:
 
End
 
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
How is the computer running now?


#9 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 August 2014 - 04:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 03
Ran by teruko at 2014-08-25 16:49:51 Run:1
Running from C:\Users\teruko.scott-PC\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [TaskTray] => [X]
HKLM\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2865942680-3751792326-3576083291-1011\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - {4ECD9BFB-55E9-42E0-A875-21F5822773FC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
FF Keyword.URL: hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60002&qkw=
FF Plugin: npEpicPlayDisplayHost -> C:\Program Files\EpicPlay\npEpicHost.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\askcom.xml
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-11]
FF Extension: EpicPlay Games - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\textlinks@epicplay.com [2011-10-11]
S3 IpInIp; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 Motorola-Netmon-MF; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U3 mbr; \??\C:\Users\TERUKO~1.SCO\AppData\Local\Temp\mbr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0E660858
AlternateDataStreams: C:\ProgramData\TEMP:7C3E753C
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
EmptyTemp:
REBOOT:
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2865942680-3751792326-3576083291-1011\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}" => Key deleted successfully.
"HKCR\CLSID\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value deleted successfully.
"HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}" => Key not found.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost" => Key deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll () => Error: No automatic fix found for this entry.
C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com => Moved successfully.
C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\textlinks@epicplay.com => Moved successfully.
IpInIp => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
Motorola-Netmon-MF => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
mbr => Service deleted successfully.
C:\ProgramData\TEMP => ":0E660858" ADS removed successfully.
C:\ProgramData\TEMP => ":7C3E753C" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B0E6FAB-F43A-4988-AF0A-A21646C212F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B0E6FAB-F43A-4988-AF0A-A21646C212F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#10 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 August 2014 - 04:08 PM

"A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK"
 
was that fixed in the above log?


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 26 August 2014 - 08:18 AM

"A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK"

was that fixed in the above log?


I did nothing about it.
If the .lnk file is still present in the \WINDOWS\START MENU\... folder delete it.

It may just be that you will have to reinstall McAfee to get it to work properly.
===


How is the computer running now?

#12 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 August 2014 - 03:14 PM

 

"A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK"

was that fixed in the above log?


I did nothing about it.
If the .lnk file is still present in the \WINDOWS\START MENU\... folder delete it.

It may just be that you will have to reinstall McAfee to get it to work properly.
===


How is the computer running now?

 

I deleted it & restarted the PC.  Do I still need to re-install McAfee?



#13 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 August 2014 - 04:54 PM

First, I completely removed McAfee & rebooted.  I still couldn't get on Toolslib.  I now installed McAfee from scratch.  Should I run Farbar to see if the above McAfee problem/error appears?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 27 August 2014 - 07:52 AM

Yes, I will review it.

#15 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 27 August 2014 - 11:48 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03
Ran by teruko at 2014-08-27 12:45:01
Running from C:\Users\teruko.scott-PC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Ultra MiniGolf Deluxe (HKLM\...\3D Ultra MiniGolf Deluxe) (Version:  - )
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
Cheat Engine 6.0 (HKLM\...\Cheat Engine 6.0_is1) (Version:  - Dark Byte)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Driver Whiz (HKLM\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
DriverFinder (HKLM\...\DriverFinder) (Version:  - DeskToolsSoft)
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.5411 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
EpicPlay (HKLM\...\EpicPlay) (Version:  - EpicPlay LLC)
Expert PDF 7 Reader (HKLM\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1800.0 - Avanquest software)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin POI Loader (HKLM\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4861.15 - PC-Doctor, Inc.)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 10.0 - Driver-Soft Inc.)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hidden Expedition Titanic (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111551630}) (Version:  - Oberon Media)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{79992AEE-6F58-4DAB-97D0-ADDF278F08F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Essential 2.5 (Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)
LastPass(uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
LibreOffice 3.6 (HKLM\...\{7654C4E3-86E8-4CD4-B1CE-8DBEA82C36E2}) (Version: 3.6.6.2 - The Document Foundation)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 13.6.1138 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PANTECH Handset USB Driver V2 (HKLM\...\{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}) (Version: 1.1.4583.1215 - PANTECH CO,.LTD)
Pantech PCSuite (HKLM\...\{9B3F33D3-E2BC-4BAE-93AB-41700072F680}) (Version: 1.0 - Pantech)
Pantech PCSuite (Version: 1.0 - Pantech) Hidden
PC Wizard 2010.1.96 (HKLM\...\PC Wizard 2010_is1) (Version:  - CPUID)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (Version: 6.5.2926 - CyberLink Corp.) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2008 WinPerFedFormset (Version: 008.000.0324 - Intuit Inc.) Hidden
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0214 - Intuit Inc.) Hidden
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0169 - Intuit Inc.) Hidden
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0969 - Intuit Inc.) Hidden
TurboTax 2008 WinPerUserEducation (Version: 008.000.0412 - Intuit Inc.) Hidden
TurboTax 2008 wpaiper (Version: 008.000.0112 - Intuit Inc.) Hidden
TurboTax 2008 wrapper (Version: 008.000.0063 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.6.2 - Shark007)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2865942680-3751792326-3576083291-1007_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
 
==================== Restore Points  =========================
 
18-08-2014 04:00:04 Scheduled Checkpoint
19-08-2014 04:00:06 Scheduled Checkpoint
20-08-2014 04:00:05 Scheduled Checkpoint
22-08-2014 00:59:09 Scheduled Checkpoint
23-08-2014 04:00:04 Scheduled Checkpoint
24-08-2014 04:00:05 Scheduled Checkpoint
25-08-2014 04:00:02 Scheduled Checkpoint
25-08-2014 21:45:10 Scheduled Checkpoint
27-08-2014 03:00:50 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EC5C9CC-F492-4C39-8E76-60A208C414EF} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {34C88BFD-C905-4743-82B4-1B6C9ED72561} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-12] (Adobe Systems Incorporated)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {5EE1BB3B-05FA-4CD1-88F0-FA80A1A97028} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6CE13CC0-3297-4571-AC37-8AE5D75C031A} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {85846E7B-D4C5-46A7-B3C0-E7440AAA87B6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - teruko => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {9BA041F0-4F81-4074-8B8E-BBE8C0A0D6D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A4EC0100-76A3-4BBF-B702-E499C8B41D19} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.)
Task: {D580D683-74F6-468D-B38A-EB1509DB64EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30] (Facebook Inc.)
Task: {E0C1436B-1E78-478B-829E-33E9DD71F952} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {E0DDA9CB-D893-472C-AB56-C0A4AACB472E} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {F2D78E15-606C-4261-9F75-744ACEE9433C} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {F7DCEA37-D29D-43EF-9844-FDB42F9CF98E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FFBAEA1A-B731-4BA4-9690-574AE889F063} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core.job => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA.job => C:\Users\scott.scott-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{234BEF0A-EA90-4F26-804D-FBEC9D7D4C24}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D1D30C02-1740-4FEA-944F-2B33943764A5}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-12-29 19:35 - 2006-11-22 12:51 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2008-12-29 19:35 - 2006-11-22 13:05 - 00012288 _____ () C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll
2008-12-29 19:35 - 2006-11-22 12:49 - 00032768 _____ () C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
2008-12-29 19:37 - 2006-11-27 06:50 - 00117760 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcypp5c.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-01 15:00 - 2007-03-29 18:42 - 00180224 _____ () C:\Windows\System32\WinService.exe
2009-02-20 17:41 - 2009-02-20 17:41 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-02-20 17:47 - 2009-02-20 17:47 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-10-30 14:02 - 2006-12-03 14:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2008-12-29 19:35 - 2006-11-29 15:57 - 00291760 _____ () C:\Program Files\Lexmark 3400 Series\lxcymon.exe
2008-12-29 19:35 - 2006-08-08 18:54 - 00278528 _____ () C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
2008-12-29 19:34 - 2006-05-25 19:20 - 00241664 _____ () C:\Program Files\Lexmark 3400 Series\iptk.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7b778d24921453a8669f3c3b9cc0b71e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-14 12:48 - 2014-02-14 12:48 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\1e35c2da60014113523a116c51f0f03a\Kies.Theme.ni.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 01822208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\98ab01d97977a8631264ad46875bebb3\Kies.UI.ni.dll
2014-02-14 12:46 - 2014-02-14 12:46 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f8aa449d7a7b75bacbce9b9a8a34e\Kies.MVVM.ni.dll
2014-02-14 12:48 - 2014-02-14 12:48 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2009-07-01 15:00 - 2007-05-14 18:26 - 01261568 _____ () C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
2013-02-25 15:40 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Belkin USB Easy Transfer Cable
Description: Belkin USB Easy Transfer Cable
Class Guid: {bc103702-dd72-406f-9b28-95c868337b59}
Manufacturer: Microsoft
Service: winusb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2014 05:27:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/26/2014 05:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/26/2014 04:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:21:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:21:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:21:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:21:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/26/2014 04:15:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 05:06:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/26/2014 06:00:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: McAfee Proxy Servicemfefire
 
Error: (08/26/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (08/26/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (08/26/2014 05:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/26/2014 05:27:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/26/2014 05:26:08 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/26/2014 05:26:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/26/2014 05:16:13 PM) (Source: nvstor32) (EventID: 5) (User: )
Description: A parity error was detected on \Device\RaidPort0.
 
Error: (08/26/2014 05:04:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/26/2014 05:02:19 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (08/26/2014 05:27:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/26/2014 05:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/26/2014 04:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:21:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:21:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:21:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:21:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
Error: (08/26/2014 04:15:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 05:06:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-27 12:44:45.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 12:44:44.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 12:44:43.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 12:44:42.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:09.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:08.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:07.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:06.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:04.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 23:16:03.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Dual Core Processor 2200
Percentage of memory in use: 55%
Total physical RAM: 1917.76 MB
Available physical RAM: 855.3 MB
Total Pagefile: 4082.69 MB
Available Pagefile: 2577.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.29 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:138.03 GB) (Free:46.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03
Ran by teruko (administrator) on SCOTT-PC on 27-08-2014 12:43:33
Running from C:\Users\teruko.scott-PC\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxcycoms.exe
() C:\Windows\System32\WinService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 3400 Series\ezprint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mirek Wojtowicz) C:\Program Files\MWSnap\MWSnap.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files\Lexmark 3400 Series\lxcymon.exe [291760 2006-11-29] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 3400 Series\ezprint.exe [82864 2006-11-29] (Lexmark International Inc.)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Lexmark Fax Solutions\fm3032.exe [295856 2006-11-29] ()
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [496768 2014-07-07] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [MWSnap] => C:\Program Files\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [Aim6] =>  :\Program Files\Windows Media Player\WMPNSCFG.exe                                                                                                                                                       (the data entry has 824 more characters).
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-2865942680-3751792326-3576083291-1007\...\MountPoints2: {bfa449e7-621e-11e3-8010-00235402edab} - G:\iStudio.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\Users\teruko.scott-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {F0988CB2-086B-4F9E-AC11-E65295833343} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
SearchScopes: HKCU - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = 
SearchScopes: HKCU - {4ECD9BFB-55E9-42E0-A875-21F5822773FC} URL = 
SearchScopes: HKCU - {F0988CB2-086B-4F9E-AC11-E65295833343} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default
FF SearchEngineOrder.1: Crawler Search
FF Homepage: google.com
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\teruko.scott-PC\AppData\Roaming\Mozilla\Firefox\Profiles\i3a8t6fa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2009-06-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-08-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\teruko.scott-PC\AppData\Roaming\Move Networks [2009-05-28]
 
Chrome: 
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-08-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0171161409090373mcinstcleanup; C:\Users\TERUKO~1.SCO\AppData\Local\Temp\017116~1.EXE [851136 2014-06-13] (McAfee, Inc.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-08-10] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537520 2006-11-29] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [527168 2014-07-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-07-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-05-02] (McAfee, Inc.)
R2 SCM_Service; C:\Windows\System32\WinService.exe [180224 2007-03-29] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-05-02] (McAfee, Inc.)
S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-05-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-05-02] (McAfee, Inc.)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-10-10] (Motorola Inc)
S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] () [File not signed]
S3 PTQHBUS; C:\Windows\System32\DRIVERS\PTQHBUS.sys [55056 2009-12-15] (DEVGURU Co., LTD.)
S3 PTQHMDM; C:\Windows\System32\DRIVERS\PTQHMDM.sys [161040 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTQHVSP; C:\Windows\System32\DRIVERS\PTQHVSP.sys [161040 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-06-04] (LogMeIn, Inc.)
R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [288768 2007-12-26] (NETGEAR Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-08] (PowerISO Computing, Inc.) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-18] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-10] () [File not signed]
U3 mfeapfk01; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 18:02 - 2014-08-26 18:02 - 00001713 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-08-26 18:02 - 2014-08-26 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-26 18:01 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-26 17:59 - 2014-08-26 18:01 - 00000000 ____D () C:\Program Files\McAfee
2014-08-26 17:59 - 2014-08-26 17:59 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-26 17:45 - 2014-08-26 21:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-26 17:45 - 2014-08-26 18:01 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-26 17:45 - 2014-05-02 08:41 - 00179600 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-08-24 14:21 - 2014-08-24 14:22 - 00037646 _____ () C:\Users\teruko.scott-PC\Desktop\Addition.txt
2014-08-24 14:20 - 2014-08-27 12:44 - 00022901 _____ () C:\Users\teruko.scott-PC\Desktop\FRST.txt
2014-08-24 14:19 - 2014-08-27 12:43 - 00000000 ____D () C:\FRST
2014-08-24 14:19 - 2014-08-24 14:19 - 01095168 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\FRST.exe
2014-08-23 23:19 - 2014-08-23 23:19 - 01364531 _____ () C:\Users\teruko.scott-PC\Desktop\AdwCleaner.exe
2014-08-16 16:46 - 2014-08-16 16:46 - 00018023 _____ () C:\Users\teruko.scott-PC\Desktop\dds.txt
2014-08-16 16:46 - 2014-08-16 16:46 - 00008097 _____ () C:\Users\teruko.scott-PC\Desktop\attach.txt
2014-08-16 16:40 - 2014-08-16 16:40 - 00688992 ____R (Swearware) C:\Users\teruko.scott-PC\Desktop\dds.com
2014-08-16 15:07 - 2014-08-16 15:07 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 14:59 - 2014-08-16 14:59 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Deployment
2014-08-15 12:45 - 2014-08-15 12:45 - 00005587 _____ () C:\Users\teruko.scott-PC\Desktop\eset1.txt
2014-08-14 16:07 - 2014-08-14 16:07 - 00000641 _____ () C:\Users\teruko.scott-PC\Desktop\JRT.txt
2014-08-13 22:21 - 2014-08-13 22:21 - 00448512 _____ (OldTimer Tools) C:\Users\teruko.scott-PC\Desktop\TFC.exe
2014-08-13 22:07 - 2014-08-13 22:11 - 00002520 _____ () C:\Users\teruko.scott-PC\Desktop\Rkill.txt
2014-08-13 22:04 - 2014-08-13 22:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\teruko.scott-PC\Desktop\rkill.com
2014-08-13 14:07 - 2014-08-13 14:08 - 00002731 _____ () C:\Users\teruko.scott-PC\Desktop\FSS.txt
2014-08-13 12:49 - 2014-08-13 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-13 12:48 - 2014-08-13 13:55 - 00000000 ____D () C:\Users\teruko.scott-PC\Desktop\mbar
2014-08-12 23:39 - 2014-08-12 23:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\teruko.scott-PC\Desktop\mbar-1.07.0.1012.exe
2014-08-12 22:52 - 2014-08-13 13:59 - 00038976 _____ () C:\Users\teruko.scott-PC\Desktop\Result.txt
2014-08-12 22:50 - 2014-08-12 22:50 - 00401920 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\MiniToolBox.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00854410 _____ () C:\Users\teruko.scott-PC\Desktop\SecurityCheck.exe
2014-08-12 14:35 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 14:35 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 14:35 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 14:35 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 14:23 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 14:23 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 14:23 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 14:23 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-12 14:23 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 14:22 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 14:22 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 14:22 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-12 14:21 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 14:21 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 14:21 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-12 14:21 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 14:21 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 14:21 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 14:20 - 2014-07-25 00:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 14:20 - 2014-07-24 22:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 14:20 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 14:20 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 14:20 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 14:20 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 14:20 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-12 14:20 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 14:20 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 14:20 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 14:20 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-12 14:20 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-12 14:20 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-12 14:18 - 2014-08-12 14:18 - 00000000 ____D () C:\Program Files\Avanquest update
2014-08-12 14:16 - 2014-08-12 14:16 - 00000000 ____D () C:\ProgramData\Avanquest Software
2014-08-10 16:43 - 2014-08-10 16:43 - 00001146 _____ () C:\Windows\system32\.crusader
2014-08-10 15:45 - 2014-08-10 18:09 - 00001694 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 15:45 - 2014-08-10 16:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 15:45 - 2014-08-10 16:14 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 15:45 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-10 14:31 - 2014-08-10 14:31 - 01016261 _____ (Thisisu) C:\Users\teruko.scott-PC\Desktop\JRT.exe
2014-08-10 14:31 - 2014-08-10 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 14:24 - 2014-08-10 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-31 13:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-31 13:11 - 2014-08-23 23:21 - 00000000 ____D () C:\AdwCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 12:44 - 2014-08-24 14:20 - 00022901 _____ () C:\Users\teruko.scott-PC\Desktop\FRST.txt
2014-08-27 12:43 - 2014-08-24 14:19 - 00000000 ____D () C:\FRST
2014-08-27 12:43 - 2009-06-17 00:21 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{234BEF0A-EA90-4F26-804D-FBEC9D7D4C24}.job
2014-08-27 12:26 - 2014-05-13 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:56 - 2012-04-02 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 11:45 - 2012-07-30 11:40 - 00000946 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010UA.job
2014-08-27 11:45 - 2012-07-30 11:40 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2865942680-3751792326-3576083291-1010Core.job
2014-08-27 11:27 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 11:27 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 09:55 - 2008-09-05 22:16 - 01419745 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 21:00 - 2014-08-26 17:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-26 18:02 - 2014-08-26 18:02 - 00001713 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-08-26 18:02 - 2014-08-26 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-26 18:01 - 2014-08-26 17:59 - 00000000 ____D () C:\Program Files\McAfee
2014-08-26 18:01 - 2014-08-26 17:45 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-26 17:59 - 2014-08-26 17:59 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-26 17:26 - 2008-01-20 23:02 - 00608660 _____ () C:\Windows\PFRO.log
2014-08-26 17:26 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 17:26 - 2006-11-02 08:44 - 00357080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 17:25 - 2006-11-02 08:58 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-26 17:22 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-08-26 16:55 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-08-25 17:02 - 2009-02-13 21:49 - 00000008 __RSH () C:\Users\teruko.scott-PC\ntuser.pol
2014-08-25 17:02 - 2009-02-13 21:49 - 00000000 ____D () C:\Users\teruko.scott-PC
2014-08-25 16:49 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-24 14:22 - 2014-08-24 14:21 - 00037646 _____ () C:\Users\teruko.scott-PC\Desktop\Addition.txt
2014-08-24 14:19 - 2014-08-24 14:19 - 01095168 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\FRST.exe
2014-08-23 23:21 - 2014-07-31 13:11 - 00000000 ____D () C:\AdwCleaner
2014-08-23 23:19 - 2014-08-23 23:19 - 01364531 _____ () C:\Users\teruko.scott-PC\Desktop\AdwCleaner.exe
2014-08-23 22:42 - 2009-08-13 17:22 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Roaming\HpUpdate
2014-08-16 16:46 - 2014-08-16 16:46 - 00018023 _____ () C:\Users\teruko.scott-PC\Desktop\dds.txt
2014-08-16 16:46 - 2014-08-16 16:46 - 00008097 _____ () C:\Users\teruko.scott-PC\Desktop\attach.txt
2014-08-16 16:40 - 2014-08-16 16:40 - 00688992 ____R (Swearware) C:\Users\teruko.scott-PC\Desktop\dds.com
2014-08-16 15:20 - 2009-01-22 00:02 - 00000000 ____D () C:\Program Files\Adobe
2014-08-16 15:20 - 2008-12-25 05:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 15:07 - 2014-08-16 15:07 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 15:07 - 2009-04-12 13:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-16 14:59 - 2014-08-16 14:59 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Deployment
2014-08-16 14:59 - 2010-03-04 17:13 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Local\Apps\2.0
2014-08-15 12:45 - 2014-08-15 12:45 - 00005587 _____ () C:\Users\teruko.scott-PC\Desktop\eset1.txt
2014-08-14 16:07 - 2014-08-14 16:07 - 00000641 _____ () C:\Users\teruko.scott-PC\Desktop\JRT.txt
2014-08-13 22:28 - 2013-12-23 17:08 - 00000000 ____D () C:\Users\teruko.scott-PC\AppData\Temp
2014-08-13 22:21 - 2014-08-13 22:21 - 00448512 _____ (OldTimer Tools) C:\Users\teruko.scott-PC\Desktop\TFC.exe
2014-08-13 22:11 - 2014-08-13 22:07 - 00002520 _____ () C:\Users\teruko.scott-PC\Desktop\Rkill.txt
2014-08-13 22:04 - 2014-08-13 22:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\teruko.scott-PC\Desktop\rkill.com
2014-08-13 14:08 - 2014-08-13 14:07 - 00002731 _____ () C:\Users\teruko.scott-PC\Desktop\FSS.txt
2014-08-13 13:59 - 2014-08-12 22:52 - 00038976 _____ () C:\Users\teruko.scott-PC\Desktop\Result.txt
2014-08-13 13:55 - 2014-08-13 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-13 13:55 - 2014-08-13 12:48 - 00000000 ____D () C:\Users\teruko.scott-PC\Desktop\mbar
2014-08-13 12:48 - 2014-05-13 12:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 23:39 - 2014-08-12 23:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\teruko.scott-PC\Desktop\mbar-1.07.0.1012.exe
2014-08-12 22:50 - 2014-08-12 22:50 - 00401920 _____ (Farbar) C:\Users\teruko.scott-PC\Desktop\MiniToolBox.exe
2014-08-12 22:34 - 2014-08-12 22:34 - 00854410 _____ () C:\Users\teruko.scott-PC\Desktop\SecurityCheck.exe
2014-08-12 15:18 - 2012-04-02 22:08 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-12 15:18 - 2011-06-26 19:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-12 15:11 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-08-12 15:04 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-12 14:58 - 2006-11-02 06:33 - 00777308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 14:42 - 2013-07-09 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 14:37 - 2006-11-02 06:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-12 14:24 - 2012-12-03 18:57 - 00001894 _____ () C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
2014-08-12 14:24 - 2012-12-03 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
2014-08-12 14:18 - 2014-08-12 14:18 - 00000000 ____D () C:\Program Files\Avanquest update
2014-08-12 14:18 - 2012-12-03 18:56 - 00000000 ____D () C:\ProgramData\Avanquest
2014-08-12 14:18 - 2008-08-25 08:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-12 14:16 - 2014-08-12 14:16 - 00000000 ____D () C:\ProgramData\Avanquest Software
2014-08-10 18:09 - 2014-08-10 15:45 - 00001694 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 16:43 - 2014-08-10 16:43 - 00001146 _____ () C:\Windows\system32\.crusader
2014-08-10 16:43 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 16:14 - 2014-08-10 15:45 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 15:45 - 2014-08-10 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-10 14:31 - 2014-08-10 14:31 - 01016261 _____ (Thisisu) C:\Users\teruko.scott-PC\Desktop\JRT.exe
2014-08-10 14:31 - 2014-08-10 14:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 14:26 - 2013-10-16 16:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 14:24 - 2008-08-25 09:15 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-10 14:23 - 2014-08-10 14:24 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-10 14:23 - 2014-08-10 14:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-08 21:59 - 2014-01-21 14:08 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-08 21:59 - 2014-01-21 14:08 - 00000917 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-29 19:42 - 2011-03-31 11:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 14:50 - 2008-08-25 09:15 - 00000000 ____D () C:\Program Files\Java
 
Files to move or delete:
====================
C:\Users\scott.scott-PC\jagex_runescape_preferences.dat
C:\Users\teruko.scott-PC\jagex_runescape_preferences.dat
C:\Users\theo\jagex_cl_runescape_LIVE.dat
 
 
Some content of TEMP:
====================
C:\Users\teruko.scott-PC\AppData\Local\Temp\0171161409090373mcinst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 05:36
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users