Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkill find zeroaccess rootkit symptoms - any help?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Voodoorae

Voodoorae

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 12 October 2014 - 01:57 PM

Moved from AII to MRL - Hamluis.

 

Hello - I have been struggling with a computer that keeps using up very high CPU, Windows keeps having problems as does IE and frequently has  to close. I have been attempting to clean it and have tried many clean up facilities available, but still get the following from rkill.
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/11/2014 09:10:37 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 * ALERT: ZEROACCESS rootkit symptoms found!
     * C:\Users\Gusto\AppData\Local\Google\Desktop\Install\{20c6343b-f07a-c0e2-f411-17a0515252a3}\ [ZA Dir]
     * C:\Users\Gusto\AppData\Local\Google\Desktop\Install\{20c6343b-f07a-c0e2-f411-17a0515252a3}\❤≸⋙\ [ZA Dir]
     * C:\Users\Gusto\AppData\Local\Google\Desktop\Install\{20c6343b-f07a-c0e2-f411-17a0515252a3}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\Gusto\AppData\Local\Google\Desktop\Install\{20c6343b-f07a-c0e2-f411-17a0515252a3}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\Gusto\AppData\Local\Google\Desktop\Install\{20c6343b-f07a-c0e2-f411-17a0515252a3}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{20c6343b-f07a-c0e2-f411-17a0515252a3}\ [ZA Dir]
 
Does anyone have any advice?
 
Thanks in advance.


Edited by hamluis, 12 October 2014 - 02:37 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 12 October 2014 - 02:11 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Voodoorae,

I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 12 October 2014 - 02:42 PM

Hi Toffee - sounds quite scary!

Anyhow the scans as requested, and thankyou for your assistance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Gusto (administrator) on GUSTO-PC on 12-10-2014 20:33:38
Running from H:\
Loaded Profile: Gusto (Available profiles: Gusto)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) H:\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AutoRunExterminator] => C:\Users\Gusto\AppData\Local\Temp\Temp1_autorunexterminator.zip\AutoRunExterminator.exe [47104 2014-10-02] (Inside Core) <===== ATTENTION
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-3786802838-3704873833-897920317-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3786802838-3704873833-897920317-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3786802838-3704873833-897920317-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {099EF85B-3260-4b87-9239-33355EE6A548} URL = http://results.myway.com/GGmain.jhtml?id=YH&ptb=434D28D1-DD33-42C7-9672-9993A05C8FCE&psa=&ind=2010070815&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {E4EA0E38-4882-4C68-9ADA-9B6DA9473FB7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {099EF85B-3260-4b87-9239-33355EE6A548} URL = http://results.myway.com/GGmain.jhtml?id=YH&ptb=434D28D1-DD33-42C7-9672-9993A05C8FCE&psa=&ind=2010070815&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKCU - {E4EA0E38-4882-4C68-9ADA-9B6DA9473FB7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF SearchEngineOrder.2: Google
FF Homepage: hxxp://uk.foxstart.com/?rls=en:uk:mh
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Gusto\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxstart.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Ads Removal - C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net [2014-09-19]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\ascsurfingprotection@iobit.com [2014-09-04]
FF Extension: Update Service - C:\Program Files (x86)\Mozilla Firefox\extensions\updater@foxstart.com [2010-06-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-10-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Ads Removal) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-15]
CHR Extension: (Hola Better Internet) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-22]
CHR Extension: (Premiumplay Codec-C) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2013-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\Users\Gusto\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx [2012-01-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-20] (Macrovision Europe Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-01] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S4 !SASCORE; No ImagePath
S2 SupportSoft RemoteAssist; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2009-04-21] (Andrea Electronics Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2014-01-03] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U4 eabfiltr; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 20:33 - 2014-10-12 20:33 - 00000000 ____D () C:\FRST
2014-10-11 18:16 - 2014-10-11 18:16 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Gusto\Downloads\rkill64.com
2014-10-11 17:19 - 2014-10-11 17:19 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 17:18 - 2014-10-11 20:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 17:18 - 2014-10-11 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 17:17 - 2014-10-11 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-11 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 17:16 - 2014-10-11 17:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gusto\Desktop\mbam2.exe
2014-10-11 17:13 - 2014-10-11 17:13 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Gusto\Downloads\rkill.com
2014-10-09 09:21 - 2014-10-11 18:41 - 00000392 _____ () C:\Windows\setupact.log
2014-10-09 09:21 - 2014-10-09 09:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-09 09:20 - 2014-10-11 18:41 - 00260116 _____ () C:\Windows\PFRO.log
2014-10-09 09:19 - 2014-10-09 09:19 - 00000000 _____ () C:\asc_rdflag
2014-10-07 20:54 - 2014-10-11 21:10 - 00003002 _____ () C:\Users\Gusto\Desktop\Rkill.txt
2014-10-06 11:00 - 2014-10-06 12:47 - 00115944 _____ () C:\Users\Gusto\Desktop\IW Gusto ppt 061014.pptx
2014-10-06 11:00 - 2014-10-06 11:00 - 00030720 _____ () C:\Users\Gusto\Desktop\R One page 3 year Forecast.xls
2014-10-01 08:27 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:27 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 13:08 - 2014-09-29 13:08 - 00000000 ____D () C:\Users\Gusto\AppData\Local\BBC
2014-09-27 16:31 - 2014-09-27 16:31 - 18319483 _____ () C:\Users\Gusto\Desktop\My Movie.mp4
2014-09-27 10:08 - 2014-09-27 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-26 14:22 - 2014-09-26 14:22 - 00040629 _____ () C:\ProgramData\1411737733.bdinstall.bin
2014-09-26 14:22 - 2014-09-26 14:22 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-26 14:15 - 2014-09-26 14:15 - 53957723 _____ () C:\ProgramData\1411735768.bdinstall.bin
2014-09-26 14:15 - 2014-09-26 14:15 - 00002172 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2014-09-26 14:15 - 2014-09-26 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-09-26 14:14 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-09-26 14:14 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-09-26 14:14 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-09-26 13:54 - 2014-09-26 14:15 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-26 13:53 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-09-26 13:49 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-09-26 13:38 - 2014-09-26 13:38 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-26 13:37 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-26 13:36 - 2014-09-26 13:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 13:36 - 2014-09-26 13:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-24 08:32 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:32 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 20:16 - 2014-09-23 20:17 - 00000000 ____D () C:\d938569ff95288b43476
2014-09-23 18:08 - 2014-09-23 18:08 - 00045263 _____ () C:\ProgramData\1411492074.bdinstall.bin
2014-09-23 18:06 - 2014-09-23 18:06 - 00045337 _____ () C:\ProgramData\1411491973.bdinstall.bin
2014-09-23 11:33 - 2014-09-23 11:33 - 00045324 _____ () C:\ProgramData\1411468389.bdinstall.bin
2014-09-23 11:30 - 2014-09-23 11:30 - 00045247 _____ () C:\ProgramData\1411468243.bdinstall.bin
2014-09-23 11:30 - 2014-09-23 11:30 - 00045247 _____ () C:\ProgramData\1411468194.bdinstall.bin
2014-09-23 11:29 - 2014-09-23 11:29 - 10447328 _____ () C:\Users\Gusto\Downloads\Antivirus_Free_Edition_x64.exe
2014-09-23 11:27 - 2014-09-23 11:27 - 00045260 _____ () C:\ProgramData\1411468021.bdinstall.bin
2014-09-23 11:26 - 2014-09-23 11:26 - 00045392 _____ () C:\ProgramData\1411467949.bdinstall.bin
2014-09-23 11:25 - 2014-09-26 13:54 - 00000000 ____D () C:\Users\Gusto\AppData\Roaming\QuickScan
2014-09-23 08:34 - 2014-09-23 08:34 - 00000000 ____D () C:\Windows\TempF66A5FF8-F437-B65C-5662-1D2DFF1753CE-Signatures
2014-09-22 10:37 - 2014-09-22 10:38 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\HpUpdate
2014-09-21 07:06 - 2014-09-21 07:06 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\Hewlett-Packard
2014-09-21 07:00 - 2014-09-21 07:00 - 00000000 __SHD () C:\Users\GUSTO ADMIN\AppData\Local\EmieUserList
2014-09-21 07:00 - 2014-09-21 07:00 - 00000000 __SHD () C:\Users\GUSTO ADMIN\AppData\Local\EmieSiteList
2014-09-20 21:09 - 2014-10-12 20:18 - 00000000 ____D () C:\Users\Gusto\AppData\Local\62F78DFE-88E7-4390-AE9D-3AEFE70A48BA.aplzod
2014-09-20 21:02 - 2014-09-26 16:39 - 00000160 _____ () C:\Users\Gusto\iCloud Photos.lnk
2014-09-19 21:45 - 2014-10-11 09:34 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGusto
2014-09-19 21:45 - 2014-10-11 09:34 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForGusto.job
2014-09-19 20:40 - 2014-10-11 18:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-19 19:52 - 2014-09-19 19:52 - 00002177 _____ () C:\Users\Gusto\Desktop\HP Support Assistant.lnk
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-09-19 19:35 - 2014-09-19 19:35 - 00000000 ____D () C:\ProgramData\{EC3BBC27-096F-437F-AA20-6B5E46D778AE}
2014-09-19 18:43 - 2014-09-19 18:43 - 00000000 _____ () C:\Users\GUSTO ADMIN\AppData\Local\QSwitch.txt
2014-09-19 18:43 - 2014-09-19 18:43 - 00000000 _____ () C:\Users\GUSTO ADMIN\AppData\Local\DSwitch.txt
2014-09-19 18:43 - 2014-09-19 18:43 - 00000000 _____ () C:\Users\GUSTO ADMIN\AppData\Local\AtStart.txt
2014-09-19 18:42 - 2014-09-19 18:42 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\HP
2014-09-19 18:41 - 2014-09-19 18:41 - 00001413 _____ () C:\Users\GUSTO ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 18:41 - 2014-09-19 18:41 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\Adobe
2014-09-19 18:41 - 2014-09-19 18:41 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Local\Google
2014-09-19 18:40 - 2014-09-19 18:40 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\ProductData
2014-09-19 18:39 - 2014-09-19 18:45 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\IObit
2014-09-19 18:38 - 2014-09-19 18:41 - 00000000 ____D () C:\Users\GUSTO ADMIN
2014-09-19 18:38 - 2014-09-19 18:38 - 00000020 ___SH () C:\Users\GUSTO ADMIN\ntuser.ini
2014-09-19 18:38 - 2014-05-15 18:06 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Local\Trusteer
2014-09-19 18:38 - 2014-01-22 16:04 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Roaming\Macromedia
2014-09-19 18:38 - 2010-08-01 17:32 - 00000000 ____D () C:\Users\GUSTO ADMIN\AppData\Local\Microsoft Help
2014-09-19 18:38 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\GUSTO ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 18:38 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\GUSTO ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 18:33 - 2014-09-19 18:33 - 00000000 ____D () C:\Windows\TempE1CF1AB0-1829-FF4A-F063-7341013D3629-Signatures
2014-09-19 18:05 - 2014-09-19 18:05 - 00002938 _____ () C:\Windows\System32\Tasks\{CB8615B3-3CB6-4A54-A936-EB7E24700592}
2014-09-19 18:04 - 2014-09-19 18:05 - 00000000 ____D () C:\df7390fe008c891ebf5f9efa41e7e274
2014-09-19 17:42 - 2014-09-19 17:42 - 00002938 _____ () C:\Windows\System32\Tasks\{283E69A4-28B0-4CFE-8C24-99E07DF41C90}
2014-09-19 17:41 - 2014-09-19 17:41 - 00002938 _____ () C:\Windows\System32\Tasks\{3DF4B8A8-CCE0-41C7-8C60-6139C63E5367}
2014-09-19 16:51 - 2014-09-19 16:51 - 00000000 ____D () C:\Windows\Temp40A658AE-91E3-3120-AB49-DF8C940B6716-Signatures
2014-09-19 12:45 - 2014-09-19 12:45 - 00000000 ____D () C:\Windows\Temp98620271-53A2-11CA-E2D3-C8A169262419-Signatures
2014-09-19 09:50 - 2014-09-19 09:50 - 00000000 ____D () C:\Windows\TempD11ED4F8-6EC7-69A3-5B6E-CF9E219F0345-Signatures
2014-09-18 12:05 - 2014-09-18 21:08 - 00000000 ____D () C:\Windows\TempC943DB58-0DBF-6ACA-9DCC-DA23FD960BFC-Signatures
2014-09-18 12:05 - 2014-09-18 12:06 - 00000000 ____D () C:\2e5ba8524ca2dfeebe4820260f39e9
2014-09-18 11:39 - 2014-09-18 11:41 - 00000000 ____D () C:\160283d6753af37c06bfb37708560e
2014-09-18 08:07 - 2014-09-18 21:08 - 00000000 ____D () C:\Windows\Temp726AC1A4-BB3E-4EA6-F41A-D319DEEE7315-Signatures
2014-09-18 08:07 - 2014-09-18 08:08 - 00000000 ____D () C:\1912eb01adda4f285583
2014-09-18 07:53 - 2014-09-18 07:56 - 00000000 ____D () C:\270a73c7753d4c72242e53f461e843bb
2014-09-15 12:39 - 2014-09-15 12:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 12:39 - 2014-09-15 12:39 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-15 12:38 - 2014-09-15 12:38 - 00003122 _____ () C:\Windows\System32\Tasks\{E268D970-2B2C-42FB-9F45-E2802232013F}
2014-09-15 12:35 - 2014-09-15 12:35 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-15 12:35 - 2014-09-15 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-15 12:34 - 2014-09-15 12:34 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 12:34 - 2014-09-15 12:34 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-15 12:34 - 2014-09-15 12:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-15 12:34 - 2014-09-15 12:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-15 12:34 - 2014-09-15 12:34 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-15 12:27 - 2014-09-15 12:28 - 37553464 _____ (Hewlett-Packard ) C:\Users\Gusto\Downloads\sp68058.exe
2014-09-15 12:25 - 2014-09-15 12:25 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 12:25 - 2014-09-15 12:25 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 05148672 _____ () C:\Users\Gusto\Downloads\HPSupportSolutionsFramework-11.51.0004.msi
2014-09-15 12:22 - 2014-09-15 12:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 12:22 - 2014-09-15 12:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 12:22 - 2014-09-15 12:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 12:22 - 2014-09-15 12:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 12:22 - 2014-09-15 12:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 12:22 - 2014-09-15 12:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 12:22 - 2014-09-15 12:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 12:22 - 2014-09-15 12:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 12:22 - 2014-09-15 12:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 12:22 - 2014-09-15 12:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 12:22 - 2014-09-15 12:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 20:24 - 2009-11-05 10:32 - 01100928 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 20:07 - 2012-09-05 19:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 20:03 - 2012-07-19 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 07:01 - 2012-09-05 19:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 18:52 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 18:52 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 18:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 18:41 - 2014-01-22 15:22 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 18:41 - 2010-03-27 23:39 - 00321158 ____N () C:\Windows\Minidump\101114-27175-01.dmp
2014-10-11 18:11 - 2011-03-24 17:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-11 17:41 - 2012-03-10 21:24 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-11 17:41 - 2012-03-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Premiumplay Codec-C
2014-10-11 17:17 - 2010-03-27 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 17:10 - 2014-04-03 15:45 - 00147968 ___SH () C:\Users\Gusto\Desktop\Thumbs.db
2014-10-11 16:42 - 2010-05-25 20:03 - 00007612 ____H () C:\Users\Gusto\AppData\Local\Resmon.ResmonCfg
2014-10-11 16:38 - 2013-11-11 19:01 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-11 16:35 - 2010-03-27 23:39 - 00323206 ____N () C:\Windows\Minidump\101114-29296-01.dmp
2014-10-10 14:23 - 2014-05-30 21:01 - 00002131 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-10-09 09:20 - 2013-12-31 17:03 - 92225536 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-10-09 09:20 - 2013-12-31 17:03 - 02060288 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-10-09 09:20 - 2013-12-31 17:03 - 00098304 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-10-09 09:20 - 2013-12-31 17:03 - 00024576 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-10-09 09:20 - 2010-03-27 17:19 - 00000000 ____D () C:\Users\Gusto
2014-10-06 16:34 - 2009-07-14 06:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 17:35 - 2014-02-01 12:41 - 00000000 ____D () C:\Users\Gusto\Desktop\WORK
2014-10-02 19:32 - 2011-12-06 09:44 - 00000000 ____D () C:\ProgramData\DivX
2014-10-02 18:03 - 2014-07-05 09:54 - 00003222 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-09-29 13:08 - 2013-09-30 16:37 - 00001288 _____ () C:\Users\Gusto\Desktop\BBC iPlayer Downloads.lnk
2014-09-29 11:21 - 2010-03-27 17:34 - 00000000 ____D () C:\Users\Gusto\AppData\Roaming\HpUpdate
2014-09-26 18:01 - 2010-04-14 11:59 - 00000000 ____D () C:\ProgramData\Recovery
2014-09-26 15:29 - 2014-05-06 09:28 - 00573427 _____ () C:\Users\Gusto\Desktop\Gusto ppt Apollo.pptx
2014-09-26 13:38 - 2014-06-11 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 13:37 - 2014-06-11 16:19 - 00000000 ____D () C:\Program Files\iTunes
2014-09-26 13:36 - 2014-06-11 16:19 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 18:51 - 2013-05-03 10:37 - 00000000 ____D () C:\MATS
2014-09-25 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 09:19 - 2014-01-24 12:34 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 08:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-23 20:30 - 2014-08-29 08:50 - 00000000 ____D () C:\Users\Gusto\AppData\Local\Adobe
2014-09-23 20:30 - 2012-07-19 15:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 20:30 - 2012-04-05 09:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:30 - 2011-06-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 10:41 - 2011-07-09 13:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-23 10:40 - 2011-07-09 13:29 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-09-20 21:10 - 2010-12-27 19:27 - 00000000 ___HD () C:\Users\Gusto\AppData\Local\Apple
2014-09-20 21:03 - 2013-05-03 08:53 - 00000000 ____D () C:\Users\Gusto\AppData\Roaming\Apple Computer
2014-09-19 21:45 - 2010-03-27 17:28 - 00000000 ____D () C:\Users\Gusto\AppData\Local\Hewlett-Packard
2014-09-19 20:21 - 2012-12-13 08:46 - 00121744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-09-19 19:54 - 2009-07-14 05:45 - 00445208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 19:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-09-19 19:44 - 2009-11-07 03:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 19:44 - 2009-11-05 10:50 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-09-19 19:43 - 2009-11-07 03:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-19 19:30 - 2009-11-07 04:33 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-19 19:29 - 2012-10-24 15:35 - 00121744 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-09-19 18:41 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-19 18:13 - 2010-10-12 12:44 - 00770888 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-19 17:36 - 2010-12-27 19:27 - 00000000 ____D () C:\ProgramData\Apple
2014-09-19 16:26 - 2009-09-07 01:40 - 00000000 ____D () C:\SwSetup
2014-09-19 12:25 - 2014-07-05 09:54 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-09-19 12:25 - 2014-07-05 09:54 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-09-19 12:24 - 2014-07-05 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-09-19 09:52 - 2009-11-07 04:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-19 09:50 - 2013-08-06 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-19 09:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 09:38 - 2010-04-06 09:27 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-18 22:00 - 2011-06-17 15:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 21:17 - 2014-05-30 21:03 - 00000000 ____D () C:\Users\Gusto\AppData\Roaming\ProductData
2014-09-18 21:17 - 2013-03-08 16:10 - 00000000 ____D () C:\Users\Gusto\Documents\PERSONAL
2014-09-18 21:17 - 2010-12-27 20:19 - 00000000 ____D () C:\Users\Gusto\Desktop\HP
2014-09-18 21:17 - 2010-08-01 18:20 - 00000000 ___RD () C:\Users\Gusto\Documents\MEDIA
2014-09-18 21:17 - 2010-06-13 19:23 - 00000000 ____D () C:\Users\Gusto\AppData\Roaming\Skype
2014-09-18 21:17 - 2010-03-28 16:57 - 00000000 ____D () C:\Users\Gusto\Downloads\POKER
2014-09-18 21:17 - 2010-03-27 17:41 - 00000000 ____D () C:\Users\Gusto\Downloads\SECURITY
2014-09-18 21:12 - 2014-07-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-18 21:12 - 2014-05-30 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-18 21:12 - 2011-04-21 10:22 - 00000000 ____D () C:\ProgramData\IObit
2014-09-18 21:11 - 2014-07-20 18:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-09-18 21:04 - 2013-03-08 17:27 - 00000000 ____D () C:\Users\Gusto\Documents\BUSINESS
2014-09-15 12:52 - 2014-01-05 19:11 - 45723648 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-09-15 09:06 - 2010-03-28 02:58 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
ZeroAccess:
C:\Users\Gusto\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Gusto\AppData\Local\Temp\Temp1_autorunexterminator.zip\AutoRunExterminator.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-06 10:23

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by Gusto at 2014-10-12 20:35:10
Running from H:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 6.0 (x32 Version: 6.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Barcode Producer (HKLM-x32\...\Barcode Producer_is1) (Version:  - )
BBC iPlayer Downloads (HKLM-x32\...\{26FB1064-0CC3-49D8-97AB-CAE376428297}) (Version: 1.10.0 - BBC)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
Clifton StrengthsFinder Screen Saver 1.0 (HKLM-x32\...\{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1) (Version:  - Gallup)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6284.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2869 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mflow (HKLM-x32\...\mflow) (Version: 1.1.11269 - Digital Distribution Networks Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Money 99 (HKLM-x32\...\MSMONEYV70) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 (HKLM-x32\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
Outlook Backup Toolbox 1.0 (HKLM-x32\...\Outlook Backup Toolbox_is1) (Version:  - Recovery Toolbox, Inc.)
Premiumplay Codec-C (HKLM-x32\...\Premiumplay Codec-C) (Version: 1.6.146.147 - WebPicks) <==== ATTENTION
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version:  - IObit)
PS_AIO_04_C4500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Recovery Toolbox for Outlook 2.2 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version:  - Recovery ToolBox)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (HKLM-x32\...\Spotify) (Version: 0.4.7 - )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gusto\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3786802838-3704873833-897920317-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gusto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-10-2014 17:18:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-23 19:23 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04F12A73-29E3-4ECC-877A-C6E2EA38774F} - System32\Tasks\{8157131E-F1E8-4FEC-81E1-010C89B9EDBC} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {0DE95D77-DF63-4A69-B0CA-80C8908E0499} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {12657B11-BC07-403A-A675-7139CA8F633F} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {12C2B510-35F7-4D32-BEFF-7645B6810FDD} - System32\Tasks\{0E84D5DC-D5EB-4FAA-85F3-2AA8F595D815} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {159C54E2-237C-4AD1-94D5-58B68F6F25FE} - System32\Tasks\{E05441B8-F408-443D-9026-513E1EADB223} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {15AB15B2-005C-40F5-9433-AE389A278BB5} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {15EBB827-D4C3-42D7-A79B-98FD75E0B3E1} - System32\Tasks\{5DB6821B-29F4-427D-A4DF-C27D86141B77} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {17A271E8-FEA5-4D87-9219-46D68E8F2345} - System32\Tasks\{3DF4B8A8-CCE0-41C7-8C60-6139C63E5367} => C:\Users\Gusto\Downloads\sp68058.exe [2014-09-15] (Hewlett-Packard                                             )
Task: {18771D3A-A287-4A86-B73A-8371F88F5CE6} - System32\Tasks\{E1414761-D338-413D-896D-6444A66FD5A6} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {21F4F80F-D4F3-4647-97EF-9316B56FE420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)
Task: {23269611-6A92-47A5-A1E7-66B81513D4CC} - System32\Tasks\{E10A0811-3719-47F4-932C-3486AA9EA987} => C:\Program Files (x86)\Spotify\spotify.exe [2011-12-28] (Spotify Ltd)
Task: {34BC2A9E-253C-4F66-B09B-39B03A44F1DA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {38B142E2-046E-4B45-AAB5-331D6BE1C0D7} - System32\Tasks\{77BAC066-134F-47AB-BF75-87097B188471} => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: {44969272-8EBC-4A10-81FE-36A4B1375A12} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {468FB53B-2A03-47BA-AC45-39534D1E3FCA} - System32\Tasks\{9E008998-7997-4323-9BDE-2539D01687D0} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {4F8C9C80-FCC4-4DAE-AF28-C80085673EDF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3786802838-3704873833-897920317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {509954F9-8F10-4C74-AC1B-B2A734665A75} - System32\Tasks\{CB8615B3-3CB6-4A54-A936-EB7E24700592} => C:\Users\Gusto\Downloads\sp68058.exe [2014-09-15] (Hewlett-Packard                                             )
Task: {51E3823E-130C-401C-95CF-F80207C2E195} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5300671C-5487-47D3-99B2-E88DEB3C2BC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)
Task: {56E7F33E-501E-407F-B8A5-6EB19082DCFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-05] (Google Inc.)
Task: {571FC816-C23F-4291-A550-31A8B44CABF1} - System32\Tasks\{AC31F49B-10A3-48D5-A0F2-756C0FD0EF69} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {577E4A4A-4200-4C76-AF3F-AB3105E9AA2F} - System32\Tasks\{C8CE0532-8D60-4E20-A3FE-75982373DCEF} => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: {587FF8C7-775B-4CE4-91C9-478BF47EBC56} - System32\Tasks\{1A85971D-44B0-4356-9C06-7913C3C63002} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {6EE88D23-5BBD-4046-AC17-8BE60EE45A75} - System32\Tasks\{C1DCE731-6158-4A83-A565-58886E1EB864} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {72D1E2F5-A1B5-467E-BCC0-B5D004C9316A} - System32\Tasks\{0F0567B4-FE45-4EE8-A001-752AFDF738CA} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {74CF11AA-FB41-4660-A15B-371CA42DB44A} - System32\Tasks\{229A79F9-D762-4DF2-BF39-05AA4C3A7188} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {7A04690B-7E11-40EA-8EF6-8BFA319FF3E3} - System32\Tasks\ASC7_SkipUac_Gusto => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {7B436D11-795A-427B-A335-340545627044} - System32\Tasks\{1F20B599-5764-48ED-B9AE-3CCC701C6AF1} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {7D0CDD8E-8A27-480B-A620-EEEF2AB1EDEE} - System32\Tasks\{C60D4F08-C22D-4226-A14F-9C25B80BE0D3} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {8CFA53A7-BE3F-4387-AFC9-7676EC1E3848} - System32\Tasks\{0BA4914C-B29C-47A5-B86E-C0FB77A48441} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {8F4D1FFA-8631-408D-99BF-547587FD03BF} - System32\Tasks\HPCeeScheduleForGusto => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8FD4647B-9421-4F20-BA9C-2E827809D88E} - System32\Tasks\{C896E041-DA6E-438E-A071-6AFCE61BB123} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {90F4B295-D610-48A1-B30E-06202F769126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)
Task: {AA15E98A-5946-4A10-8C3D-3C309E8D287B} - System32\Tasks\{D3EAC55B-EDE0-4214-8500-AD32AF705DAA} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {AE0F567B-C8B9-4536-906A-17A2F67D373C} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe
Task: {B2105F9E-4D44-4B33-9CC8-FA9A5E87404F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-08-01] (IObit)
Task: {B3902436-91B6-4471-8504-DB677531B3B6} - System32\Tasks\{F9DA7971-7204-4D7A-91A6-756E8A30BC0D} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {B5EFE94A-9D7C-4673-B84A-C45B0521C247} - System32\Tasks\{1AFAEB13-70C0-4E97-B912-41626DABFFBD} => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: {BB77318A-BC6A-4C08-8E8C-77C6C3A74D2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C6B6DA32-6E7D-4423-BB40-1E0DD1D160E1} - System32\Tasks\{65D0A093-D4CC-456E-AE80-7964A56981F0} => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: {C7849B69-3FAA-4786-9C03-2D7EF738C683} - System32\Tasks\{3F0E8D91-5431-42B4-A0C4-536C42431EB5} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {CA9686CC-B231-4B41-AD33-6FDEB8C31274} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CDA88128-190F-48BA-A96F-9403DF87CF11} - System32\Tasks\{281A8A79-441B-4D0E-B238-31A0D20E7D52} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {CF5D309D-729D-41E1-9E24-58014D05F117} - System32\Tasks\{248B4B23-4979-43F0-A4EA-C772F433DBE2} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {D0EA0931-A910-4E4C-AEF0-142DB7AD2CDB} - System32\Tasks\{8552B2E9-C2A9-4DA4-B90E-57196A4F8EA8} => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: {D7873DA1-08CD-427F-BEA1-00AD28F34E9B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3786802838-3704873833-897920317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D85C18CA-545C-4731-B2E3-DD44EEAD704C} - System32\Tasks\{07A56DAD-2827-44FB-B165-F3E5899CFCD4} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {E1DAF6A9-60D1-4FCC-AA26-40A6DDE482DB} - System32\Tasks\{57932F10-5166-46E8-8495-9788F3261646} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {E6469654-B8AA-44A7-8D0A-D145660628A0} - System32\Tasks\{283E69A4-28B0-4CFE-8C24-99E07DF41C90} => C:\Users\Gusto\Downloads\sp68058.exe [2014-09-15] (Hewlett-Packard                                             )
Task: {EBDF75F4-225C-4084-8CEA-160FB86A5A7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-05] (Google Inc.)
Task: {EC7BC0E7-4222-41F0-A955-749FEE961CB5} - System32\Tasks\{E932D914-C994-4161-874B-7151EBB76F47} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {EDAB5A17-08D2-4FC4-91D2-4536A47F8BDE} - System32\Tasks\{969EF0ED-0C97-4BA9-B3D3-B0050F431EEA} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {EFAAC55A-1A7F-411E-9DE7-43CCA0ABB064} - System32\Tasks\{59B1B527-72A3-4D46-AD6C-DC2F6F6569A3} => C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {EFBE0FFE-91E0-4F5E-AE09-F5FD41C923D4} - System32\Tasks\{D8B19015-9C49-4F11-B221-50F6C54CF010} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {F75F64B5-F996-4E60-AB80-C2E2EBBCCB8D} - System32\Tasks\{A85A9E78-370B-40E0-8E67-CD311C4536DC} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {F76B3A54-45FE-48C6-B436-61C88EF20A3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {F9475899-A343-4FFB-A493-3C69C1FCD6FF} - System32\Tasks\{3E57B6D6-AB30-4956-96B0-A0002658BD28} => C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
Task: {FCA835DB-D893-4DB4-9358-BA19E0C50BA0} - System32\Tasks\{E120549A-5C42-4D02-82C1-76A320F07ADD} => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {FD5B029E-49D2-4A0C-BB4A-2B96BDE3A722} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {FEE9250F-E6A1-46F5-B51D-242C8FB3A669} - System32\Tasks\{9C35587F-F660-4973-B252-9B763D706EE8} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {FF25D5F6-72D2-4E6C-89DC-7C320B00CE9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGusto.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-09-26 14:14 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-09-26 14:14 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-05-30 21:01 - 2014-02-13 16:44 - 01214240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gusto\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ESO Survey Live.lnk => C:\Windows\pss\ESO Survey Live.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => c:\program files (x86)\adobe\photoshop elements 6.0\apdproxy.exe
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: Amazon Music => "C:\Users\Gusto\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon =>
MSCONFIG\startupreg: DivXMediaServer =>
MSCONFIG\startupreg: DivXUpdate =>
MSCONFIG\startupreg: Easybits Recovery =>
MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: O2DA =>
MSCONFIG\startupreg: Persistence => c:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => c:\program files (x86)\common files\research in motion\usb drivers\rimbblaunchagent.exe
MSCONFIG\startupreg: Spotify => "c:\users\gusto\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Gusto\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3786802838-3704873833-897920317-500 - Administrator - Disabled)
Guest (S-1-5-21-3786802838-3704873833-897920317-501 - Limited - Disabled)
Gusto (S-1-5-21-3786802838-3704873833-897920317-1001 - Administrator - Enabled) => C:\Users\Gusto
HomeGroupUser$ (S-1-5-21-3786802838-3704873833-897920317-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2014 05:57:18 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (10/11/2014 05:57:18 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (10/11/2014 05:57:14 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (10/11/2014 05:57:14 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (10/11/2014 04:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x000ff6dd
Faulting process id: 0xee0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/11/2014 04:32:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: igdumd32.dll, version: 8.15.10.1883, time stamp: 0x4a969f6f
Exception code: 0xc0000005
Fault offset: 0x0000e183
Faulting process id: 0xbc8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/11/2014 10:00:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc0000005
Fault offset: 0x00084119
Faulting process id: 0xf98
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/11/2014 10:00:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: uDWM.dll, version: 6.1.7600.16385, time stamp: 0x4a5be06f
Exception code: 0xc0000005
Fault offset: 0x0000000000001552
Faulting process id: 0x78c
Faulting application start time: 0xDwm.exe0
Faulting application path: Dwm.exe1
Faulting module path: Dwm.exe2
Report Id: Dwm.exe3

Error: (10/09/2014 08:28:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x00660238
Faulting process id: 0x15dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/09/2014 03:38:13 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

System errors:
=============
Error: (10/11/2014 06:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/11/2014 06:42:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft RemoteAssist service failed to start due to the following error:
%%3

Error: (10/11/2014 06:41:58 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8800759cee1, 0xfffff88006f69ce0, 0x0000000000000000)C:\Windows\Minidump\101114-27175-01.dmp101114-27175-01

Error: (10/11/2014 06:41:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:40:06 on ‎11/‎10/‎2014 was unexpected.

Error: (10/11/2014 05:59:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SupportSoft RemoteAssist service failed to start due to the following error:
%%3

Error: (10/11/2014 05:53:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/11/2014 05:53:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/11/2014 05:53:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/11/2014 05:53:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/11/2014 05:53:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (09/25/2013 03:46:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/25/2013 03:45:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/25/2013 03:35:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/03/2013 08:52:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/01/2013 11:02:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3020 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/05/2012 09:01:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/31/2012 10:34:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 579 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (06/15/2012 06:18:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10041 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/17/2012 10:00:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9036 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (03/12/2012 08:00:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3100 @ 1.90GHz
Percentage of memory in use: 41%
Total physical RAM: 3998.93 MB
Available physical RAM: 2354.25 MB
Total Pagefile: 7996.03 MB
Available Pagefile: 5805.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.37 GB) (Free:198.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.53 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:7.49 GB) (Free:4.69 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50D0CCD5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 13 October 2014 - 11:03 AM

Hi Voodoorae,
 
Hehe, it's okay actually. The malware does nasty things, but not that hard to remove.
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

FromDocToPDF Internet Explorer Toolbar
Advanced SystemCare 7
Driver Booster
IObit Malware Fighter
IObit Uninstaller
Premiumplay Codec-C 
Protected Folder
Smart Defrag 3
Surfing Protection
Yahoo! Detect

Additional instructions can be found here if needed.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Extension: (Ads Removal) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-15]
FF Extension: Ads Removal - C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net [2014-09-19]
[color=#282828][font=helvetica, arial, sans-serif]BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)[/font][/color]
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net
CHR Extension: (Premiumplay Codec-C) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2013-12-09]
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\Users\Gusto\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx [2012-01-15]
S4 !SASCORE; No ImagePath
S2 SupportSoft RemoteAssist; No ImagePath
U4 eabfiltr; No ImagePath
C:\Users\Gusto\AppData\Local\Google\Desktop\Install
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 13 October 2014 - 12:05 PM

Here is the log as requested.

Most of the programs I uninstalled are for a paid for suite of computer upkeep tools - are they at fault?

The were not all the other ones present, but uninstalled all I could see.

 

Thanks for your help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014
Ran by Gusto at 2014-10-13 18:01:00 Run:1
Running from C:\Users\Gusto\Desktop
Loaded Profile: Gusto (Available profiles: Gusto)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Extension: (Ads Removal) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-15]
FF Extension: Ads Removal - C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net [2014-09-19]
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net
CHR Extension: (Premiumplay Codec-C) - C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2013-12-09]
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\Users\Gusto\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx [2012-01-15]
S4 !SASCORE; No ImagePath
S2 SupportSoft RemoteAssist; No ImagePath
U4 eabfiltr; No ImagePath
C:\Users\Gusto\AppData\Local\Google\Desktop\Install
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
"HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen directory not found.
C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => Key not found.
"HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => Key not found.
"C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen" => File/Directory not found.
"C:\Users\Gusto\AppData\Roaming\Mozilla\Firefox\Profiles\xnlriauj.default\Extensions\adremoveext@adremoveext.net" => File/Directory not found.
C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho directory not found.
"C:\Users\Gusto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho" => Key not found.
"C:\Users\Gusto\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx" => File/Directory not found.
!SASCORE => Service deleted successfully.
SupportSoft RemoteAssist => Service deleted successfully.
eabfiltr => Service deleted successfully.
C:\Users\Gusto\AppData\Local\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 13 October 2014 - 01:45 PM

Hi Voodoorae,
 
If you have paid for the program then you may reinstall it, it is just iobit has a bad reputation as they have programs such as registry cleaners which cause more harm than good, and they have also stolen another company's databases before.
 
If you re-run rkill, do you still see the ZeroAccess warning?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 13 October 2014 - 01:52 PM

 

Hi Toffee  I am almost at the end of my 1 year Iobit contract, is there an alternative suite available that keeps maintenance up to date?

No mention this time - txt file states:

Is there anything more I need to do?

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/13/2014 07:46:06 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:



#8 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 14 October 2014 - 05:33 AM

Hi again ToffeeI am experiencing increased continuous windows, IE & Outlook problems - they keep failing and shutting down.

So still not running smoothly.

Thanks.

 



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 14 October 2014 - 11:19 AM

Hi Voodoorae,

 

Any improvement after running the program below?:
 
Download Windows Repair (All in One) from this site
 
Install the program then run it.
 
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

 
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.
 
1406373241-3-o.png
 
 
Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.
 
1406373250-4-o.png
 
 
Go to Step 5 and under"System Restore" click on Create button.
 
1406373259-5-o.png
 
 
Go to Start Repairs tab and click the Start button.
 
1406373267-start1-o.png
 
 
Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
 
Click on Start Repairs button.
 
1406373275-start2-o.png
 
 
After the repair finished, you may be prompted to restart the computer. Please allow it to do so.
 
Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 15 October 2014 - 04:31 AM

Tweaking.com - Windows Repair v2.9.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GUSTO-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Gusto
Current Profile SID: S-1-5-21-3786802838-3704873833-897920317-1001
Current Profile Classes: S-1-5-21-3786802838-3704873833-897920317-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Gusto\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:46:04

Process Count: 59
Commit Total: 1.84 GB
Commit Limit: 7.81 GB
Commit Peak: 2.35 GB
Handle Count: 18029
Kernel Total: 454.69 MB
Kernel Paged: 378.98 MB
Kernel Non Paged: 75.70 MB
System Cache: 2.44 GB
Thread Count: 791
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.91 GB
Memory Used: 1.63 GB(41.6923%)
Memory Avail.: 2.28 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.91 GB
Memory Used: 1.27 GB(32.5037%)
Memory Avail.: 2.64 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (15/10/2014 09:38:37)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 168
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (15/10/2014 09:38:51)
   Running Repair Under Current User Account
   Done (15/10/2014 09:39:28)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (15/10/2014 09:39:28)
   Running Repair Under System Account
   Done (15/10/2014 09:52:07)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (15/10/2014 09:52:07)
   Running Repair Under System Account
   Done (15/10/2014 09:55:19)

03 - Reset Service Permissions
   Start (15/10/2014 09:55:19)
   Running Repair Under System Account
   Done (15/10/2014 09:56:15)

04 - Register System Files
   Start (15/10/2014 09:56:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 09:58:49)

05 - Repair WMI
   Start (15/10/2014 09:58:49)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.
   Bitdefender Antivirus Free Edition Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Microsoft Security Essentials Exported.
   Bitdefender Antivirus Free Edition Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (15/10/2014 10:05:13)

06 - Repair Windows Firewall
   Start (15/10/2014 10:05:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:06:03)

07 - Repair Internet Explorer
   Start (15/10/2014 10:06:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:08:11)

08 - Repair MDAC/MS Jet
   Start (15/10/2014 10:08:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:08:45)

09 - Repair Hosts File
   Start (15/10/2014 10:08:46)
   Running Repair Under System Account
   Done (15/10/2014 10:08:48)

10 - Remove Policies Set By Infections
   Start (15/10/2014 10:08:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:08:51)

11 - Repair Start Menu Icons Removed By Infections
   Start (15/10/2014 10:08:51)
   Running Repair Under System Account
   Done (15/10/2014 10:08:54)

12 - Repair Icons
   Start (15/10/2014 10:08:54)
   Running Repair Under Current User Account
   Done (15/10/2014 10:08:56)

13 - Repair Winsock & DNS Cache
   Start (15/10/2014 10:08:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:09:31)

15 - Repair Proxy Settings
   Start (15/10/2014 10:09:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:09:35)

17 - Repair Windows Updates
   Start (15/10/2014 10:09:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (15/10/2014 10:11:30)

18 - Repair CD/DVD Missing/Not Working
   Start (15/10/2014 10:11:30)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (15/10/2014 10:11:30)

19 - Repair Volume Shadow Copy Service
   Start (15/10/2014 10:11:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:10)

21 - Repair MSI (Windows Installer)
   Start (15/10/2014 10:12:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:27)

23.01 - Repair bat Association
   Start (15/10/2014 10:12:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:31)

23.02 - Repair cmd Association
   Start (15/10/2014 10:12:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:34)

23.03 - Repair com Association
   Start (15/10/2014 10:12:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:38)

23.04 - Repair Directory Association
   Start (15/10/2014 10:12:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:41)

23.05 - Repair Drive Association
   Start (15/10/2014 10:12:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:45)

23.06 - Repair exe Association
   Start (15/10/2014 10:12:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:48)

23.07 - Repair Folder Association
   Start (15/10/2014 10:12:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:52)

23.08 - Repair inf Association
   Start (15/10/2014 10:12:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:55)

23.09 - Repair lnk (Shortcuts) Association
   Start (15/10/2014 10:12:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:12:59)

23.10 - Repair msc Association
   Start (15/10/2014 10:12:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:13:01)

23.11 - Repair reg Association
   Start (15/10/2014 10:13:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:13:04)

23.12 - Repair scr Association
   Start (15/10/2014 10:13:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:13:08)

24 - Repair Windows Safe Mode
   Start (15/10/2014 10:13:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:13:11)

25 - Repair Print Spooler
   Start (15/10/2014 10:13:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:13:31)

26 - Restore Important Windows Services
   Start (15/10/2014 10:13:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:14:02)

27 - Set Windows Services To Default Startup
   Start (15/10/2014 10:14:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:14:25)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (15/10/2014 10:14:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (15/10/2014 10:14:28)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (15/10/2014 10:14:28)
   Total Repair Time: 00:35:54

...YOU MUST RESTART YOUR SYSTEM...

 

I will see how it behaves now, and report back to you.

Thanks.



#11 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 15 October 2014 - 04:37 AM

I have had to attach a repair log.

Please see attached.

Thanks

Attached Files



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 15 October 2014 - 01:16 PM

Hi Voodoorae,

 

No worries, let me know if you experience any other problems.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Voodoorae

Voodoorae
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 16 October 2014 - 01:16 PM

Hi Toffee

 

Did you have a chance to look at the logs I attached - see any obvious issues that require attention?

 

I am away working until Monday with very little computer access, so will not be able to report back or answer any comments you make, until Monday.

 

Please let me know what you intend to do with this thread and I can act upon it on my return.

 

In the meantime, thank-you for your expertise in helping my solve this issue - yes, so far so good!

 

Have a great weekend - you deserve it!

 

Rachael



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 16 October 2014 - 02:16 PM

Hi Voodoorae,
 
I do not see anything which requires attention in those logs, they look pretty good. I do have some scans I would like to run though
 
You are welcome. I am hoping the computer will run better, but if it does not then we can certainly try some more steps :)
 
Thank you, have a good weekend yourself.
 
--------------
 
Your version of Adobe Reader is out of date.
 
Please follow these steps to remove older version Adobe Reader components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Reader uninstaller.
  • Reboot your computer once Adobe Reader is removed.
  • Then from your desktop double-click on the Adobe Reader installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as the McAfee Security Plan Plus); just uncheck the box before continuing unless you want it.
  • Adobe Reader is updated frequently. If you want to be automatically notified of future updates, or automatically have them installed then make sure to check the option in the installer

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:48 AM

Posted 25 October 2014 - 02:21 PM

Hi Voodoorae,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users