Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost Issue


  • This topic is locked This topic is locked
25 replies to this topic

#1 smv

smv

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 10:51 AM

Seems like I'm the latest to get this thing.  I've pasted the DDS below and attached the attach.exe.  Thanks!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 1.6.0_20
Run by Mark at 10:40:43 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4092.683 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\Downloads\FRST64.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.yahoo.com/?fr=befhp&type=iehp-3.12-1405
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
uURLSearchHooks: {0696f815-a3a9-490a-bb14-9ec3350b1276} - <orphaned>
uURLSearchHooks: {06b5b051-1d05-443d-822f-39ab0d05f018} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [TelevisionFanatic EPM Support] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64medint.exe" T8EPMSUP.DLL,S
mRun: [TelevisionFanatic AppIntegrator 32-bit] C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator.exe
mRun: [TelevisionFanatic AppIntegrator 64-bit] C:\PROGRA~2\TELEVI~2\bar\1.bin\AppIntegrator64.exe
mRun: [BringMeSports EPM Support] "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
mRun: [BringMeSports AppIntegrator 32-bit] C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator.exe
mRun: [BringMeSports AppIntegrator 64-bit] C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\143747F6279616022343F216 : DHCPNameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\143747F6279616022343F226 : DHCPNameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\84576616E616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\D686576616E6162E08993702960586F6E656 : DHCPNameServer = 198.224.190.135 198.224.191.135
TCP: Interfaces\{991B068E-33FD-4027-BD3A-99A8323A2E23}\E45445745414254383 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\components\FFExternalAlert.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\Mark\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2009-12-19 14:38; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-2 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-2 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-2 162392]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSviA64.sys [2014-11-7 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-2 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-2 593112]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-10 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-28 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-28 36408]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-11-09 15:27:07 -------- d-----w- C:\FRST
2014-11-09 15:19:58 1180264 ----atw- C:\Windows\SysWow64\00018535.tmp
2014-10-30 12:55:50 -------- d-----w- C:\ProgramData\Sony Corporation
2014-10-30 12:55:39 -------- d-----w- C:\Program Files (x86)\Sony
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-10-26 17:24:31 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-10-26 17:20:55 -------- d-----w- C:\Program Files\iPod
2014-10-26 17:20:52 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 17:20:52 -------- d-----w- C:\Program Files\iTunes
2014-10-26 17:20:52 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 18:38:26 -------- d-----w- C:\Program Files\CCleaner
2014-10-19 18:34:29 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-19 18:34:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-19 18:34:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-19 18:34:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 18:31:23 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-19 18:31:18 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-19 18:31:18 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-19 18:31:18 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-19 18:31:18 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-19 18:31:17 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-19 18:31:17 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-19 18:31:08 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-19 18:31:07 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-19 18:31:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-19 18:24:52 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-19 18:23:07 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-19 18:23:07 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-11-09 15:19:58 1180264 ----atw- C:\Windows\SysWow64\00011179.tmp
2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 00:02:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 00:02:15 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 10:44:10.28 ===============
 


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 09 November 2014 - 05:31 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 07:49 PM

Thanks for the reply, pystryker. Appreciate the assist.

 

First up the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Mark (administrator) on MARK-LAPTOP on 09-11-2014 10:27:34
Running from C:\Users\Mark\Downloads
Loaded Profiles: Mark & Marc (Available profiles: Mark & Marc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Yahoo! Inc) C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\APPINTEGRATOR.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-06-22] ()
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [YSearchProtection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-03] (Google)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 32-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator.exe [225864 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 64-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe [258632 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [BringMeSports EPM Support] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmedint.exe [12872 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 32-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator.exe [225864 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 64-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe [258632 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Run: [Search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe /runonstartup"
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [Search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\MountPoints2: {b610cb59-ac07-11de-a881-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-03] (Google)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.12-1405
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - No File
URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {40E93E98-362C-4318-91F0-44ECC5734CAC} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.12-1405
SearchScopes: HKCU - {40E93E98-362C-4318-91F0-44ECC5734CAC} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.12-1405
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Pq3W9FfwPaJHzFj8AzOf7pmucuo?q={searchTerms}
SearchScopes: HKCU - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF SelectedSearchEngine: Google
FF Homepage: www.yahoo.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=ffds1&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Mark\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\safesearch.xml
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: BringMeSports - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\1cffxtbr@BringMeSports_1c.com [2014-09-21]
FF Extension: TelevisionFanatic - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\64ffxtbr@TelevisionFanatic.com [2014-08-31]
FF Extension: No Name - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\trash [2014-09-07]
FF Extension: We-Care App - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\wecarereminder@bryan [2014-09-07]
FF Extension: XUL Cache - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{2d83928e-02ac-4204-8e2d-3bd462248c2d} [2011-12-21]
FF Extension: Yahoo! Toolbar - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-09-07]
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: Adblock Plus - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27]
FF Extension: Free Ride Games Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16} [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-12-27]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 BringMeSports_1cService; C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe [90696 2014-09-21] (Mindspark)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-03] (Google)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-11-20] (Hewlett-Packard Company) [File not signed]
S2 MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2008-11-07] (Memeo)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [90696 2014-08-31] (Mindspark)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\ENG64.SYS [129752 2014-08-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\EX64.SYS [2137304 2014-08-22] (Symantec Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30208 2006-10-20] (Research in Motion Ltd)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U4 eabfiltr; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 10:27 - 2014-11-09 10:30 - 00039845 _____ () C:\Users\Mark\Downloads\FRST.txt
2014-11-09 10:27 - 2014-11-09 10:27 - 00000000 ____D () C:\FRST
2014-11-09 10:26 - 2014-11-09 10:26 - 02115584 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00032489.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00032237.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00032130.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00026969.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00026241.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00025973.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00025189.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00024968.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00024956.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00024862.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00024583.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00022795.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00022244.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00022053.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00021894.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00019215.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00018638.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00018242.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00017658.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00016642.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00016280.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00015687.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00015071.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00014487.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00013544.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00011343.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00011304.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00010002.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00009272.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00008916.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00008204.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00007001.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00005773.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00003127.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00002986.tmp
2014-11-09 10:20 - 2014-11-09 10:20 - 01180264 ____T () C:\Windows\SysWOW64\00002307.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 40034920 ____T () C:\Windows\SysWOW64\00027846.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 40034920 ____T () C:\Windows\SysWOW64\00018525.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 40034920 ____T () C:\Windows\SysWOW64\00003388.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00031044.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00030752.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00029876.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00029817.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00029636.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00029560.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00029201.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00025633.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00024541.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00023866.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00023245.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00022566.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00022423.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00021302.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00021064.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00020935.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00020149.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00020148.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00019491.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00019333.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00018663.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00018535.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00018521.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00017630.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00017522.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00017235.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00016969.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00016475.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00014690.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00013669.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00013407.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00012970.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00011179.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00011021.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00011008.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00010842.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00010253.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00010151.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00007910.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00005913.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00004956.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00002269.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00002133.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00001409.tmp
2014-11-09 10:19 - 2014-11-09 10:19 - 01180264 ____T () C:\Windows\SysWOW64\00000490.tmp
2014-10-30 07:56 - 2014-10-30 07:56 - 00002059 _____ () C:\Users\Public\Desktop\PlayMemories Home Help.lnk
2014-10-30 07:56 - 2014-10-30 07:56 - 00001257 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2014-10-30 07:56 - 2014-10-30 07:56 - 00001245 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-10-30 07:56 - 2014-10-30 07:56 - 00000000 ____D () C:\Users\Mark\Documents\Sony PMB
2014-10-30 07:56 - 2014-10-30 07:56 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Sony Corporation
2014-10-30 07:56 - 2014-10-30 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-10-30 07:55 - 2014-10-30 07:55 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-30 07:55 - 2014-10-30 07:55 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-10-26 12:24 - 2014-10-26 12:24 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-26 12:24 - 2014-10-26 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-26 12:24 - 2014-10-26 12:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-26 12:21 - 2014-10-26 12:21 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-26 12:21 - 2014-10-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 12:20 - 2014-10-26 12:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 12:20 - 2014-10-26 12:21 - 00000000 ____D () C:\Program Files\iTunes
2014-10-26 12:20 - 2014-10-26 12:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-26 12:20 - 2014-10-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-10-26 12:14 - 2014-10-26 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-22 18:49 - 2014-11-09 10:21 - 00007234 _____ () C:\Windows\setupact.log
2014-10-22 18:49 - 2014-10-22 18:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-22 18:47 - 2014-11-07 18:30 - 00009892 _____ () C:\Windows\PFRO.log
2014-10-19 16:00 - 2014-10-19 16:00 - 00410524 _____ () C:\Users\Mark\Documents\cc_20141019_170007.reg
2014-10-19 13:38 - 2014-10-19 13:38 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-19 13:38 - 2014-10-19 13:38 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-19 13:38 - 2014-10-19 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-19 13:38 - 2014-10-19 13:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-19 13:36 - 2014-10-19 13:36 - 04965896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup418.exe
2014-10-19 13:36 - 2014-10-19 13:36 - 04965896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup418 (1).exe
2014-10-19 13:34 - 2014-10-19 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 13:34 - 2014-10-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 13:34 - 2014-10-19 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 13:34 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 13:34 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 13:31 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 13:31 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 13:31 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 13:31 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 13:31 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 13:31 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 13:31 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 13:31 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 13:31 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 13:31 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 13:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 13:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 13:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 13:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 13:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 13:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 13:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 13:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 13:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 13:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 13:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 13:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 13:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 13:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 13:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 13:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 13:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 13:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 13:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 13:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 13:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 13:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 13:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 13:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 13:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 13:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 13:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 13:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 13:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 13:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 13:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 13:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 13:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 13:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 13:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 13:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 13:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 13:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 13:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 13:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 13:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 13:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 13:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 13:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 13:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 13:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 13:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 13:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 13:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 13:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 13:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 13:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 13:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 13:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 13:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 13:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 13:24 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 13:24 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 13:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 13:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 13:24 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 13:24 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 13:24 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 13:24 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 13:24 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 13:24 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-19 13:24 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-19 13:24 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 13:24 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 13:24 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 13:24 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 13:23 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 13:23 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\TelevisionFanatic
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\BringMeSports_1c
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 10:20 - 2010-01-26 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 10:14 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 10:14 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 10:11 - 2009-09-28 02:55 - 01996343 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 10:09 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 10:02 - 2013-12-05 15:54 - 00003142 _____ () C:\Windows\System32\Tasks\RPCReminder
2014-11-09 10:02 - 2013-12-05 15:54 - 00000444 _____ () C:\Windows\Tasks\RPCReminder.job
2014-11-09 10:02 - 2013-12-05 15:53 - 00000458 _____ () C:\Windows\Tasks\RegPowerClean.job
2014-11-09 10:02 - 2012-04-01 20:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 10:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 09:13 - 2010-12-21 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-11-07 21:30 - 2011-05-31 09:01 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark
2014-11-07 21:30 - 2011-05-31 09:01 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job
2014-11-07 19:50 - 2010-09-12 19:31 - 00000000 ____D () C:\Users\Mark\Documents\BOSE Manual
2014-11-01 14:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-30 07:43 - 2009-08-14 23:51 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-30 05:21 - 2012-11-08 17:55 - 00002062 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-30 05:17 - 2009-11-04 16:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-30 05:16 - 2011-11-22 18:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-30 05:15 - 2010-01-26 18:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-30 05:15 - 2010-01-26 18:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-30 05:15 - 2010-01-26 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 12:20 - 2014-07-16 19:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-26 12:20 - 2010-04-08 11:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-22 18:49 - 2009-07-13 23:45 - 00373496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 18:47 - 2014-05-05 21:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 16:06 - 2009-11-03 18:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 15:58 - 2009-11-06 16:23 - 00000000 ____D () C:\Windows\Minidump
2014-10-19 15:58 - 2009-07-25 01:11 - 00000000 ____D () C:\Windows\Panther
2014-10-19 13:53 - 2013-07-22 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 13:34 - 2013-08-20 17:37 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 13:34 - 2013-08-20 17:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 13:34 - 2013-08-20 17:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-19 13:16 - 2009-12-29 09:36 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 17:55 - 2011-01-25 11:19 - 00000000 ____D () C:\Users\Marc\AppData\Local\CrashDumps
 
Files to move or delete:
====================
C:\Users\Mark\AppData\Roaming\skype.ini
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-30 07:31
 
==================== End Of Log ============================


#4 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 07:50 PM

Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Mark at 2014-11-09 10:31:25
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bejeweled 3 (remove only) (HKLM-x32\...\Bejeweled 3) (Version:  - )
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{512FA709-D3E8-4094-A1B5-39A2A08A8400}) (Version: 8.1.348.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Spelvin (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Text Twist 2 (remove only) (HKLM-x32\...\Text Twist 2) (Version:  - )
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VIO Player version 2.0 (HKLM-x32\...\{BD85D232-E96C-4E66-AA73-37B85925CB23}_is1) (Version: 2.0 - VIO PLayer)
WD Anywhere Backup (HKLM\...\{7BB67E6C-4AA2-426b-8AC0-19460E94A4D7}) (Version:  - Memeo Inc.)
WD Drive Manager (x64) (HKLM\...\{4EF6A3C5-7B7A-453A-A887-7252A1A65596}) (Version: 2.107 - Western Digital)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Winferno Registry Power Cleaner (HKLM-x32\...\RegPowerClean_is1) (Version: 2012 - Winferno.com)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-695402029-1971163793-4133230438-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
30-10-2014 12:55:02 インストール PlayMemories Home
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {031DB7FC-62AD-4181-B907-0BC2C0A1F144} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {03FE1649-B7BD-499E-A1C7-7B3BE3D6AB13} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {0635077C-44D7-43AB-B528-208DFA8747AE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {14B0658B-0CAD-485A-B36E-AFE55E20BB06} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {173A573C-769A-457D-BD02-F994B5393BBA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1A2BB723-984D-43D3-A54B-2C873A3C3E90} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {20228C06-66A5-4781-9A17-0CA6AB187C28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E489A46-9899-47A9-AB21-470DD9EED5D5} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-02-08] (Capital Intellect Inc)
Task: {372936B2-C12C-4A7C-A484-CF4FBA96C6ED} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {3EBC833E-C265-4F55-9FB3-BAE496BC3202} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {43262F5F-78E0-45B1-B671-EDEB88FDA00E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4F55AA94-D44C-4E9D-8A6D-D2908D63290B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {512D7404-3071-4482-B341-8C8440A3FE84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {559E16EC-B934-48BD-B7D5-5ACDC8DBA25C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {5BC32DBB-5384-4B5B-AEAF-ACC1C6453A1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {5E7C342E-79D6-47DE-9CB1-3A3EF2E6B43F} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-02-08] (Winferno Software)
Task: {63524A1D-BDB6-4454-9006-414EE2037050} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {63B00992-B943-4F5D-864C-CD3EAC7B483C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6972343A-CBAD-45EB-885D-82FCDF7AEE8A} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {756870B5-CA47-4AF5-A60B-2BDDA8369FF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77AE760B-5649-4558-9C57-072D24252AC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {8462FD84-09F5-47F6-8CE4-307F36F2C912} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8A4C7A30-5FF1-4844-AA02-C81EAFD34B30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18N2415T05JW => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {945E9D48-8B1D-499C-B0E5-F4FA20309E6E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {9AEFC0CC-E4DF-4A2A-9965-6E5EFB4287CD} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A0B4456E-59AE-4844-AC53-A3A321A9C6B1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {ABB4A5D7-FA9E-412A-BD89-81F1C07DD860} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {D45794BF-7CFA-476E-8C42-8E5ABBE2EE8D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F5C1ED0A-5117-4EB5-9B7F-050E5C832388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-21 12:34 - 2009-07-21 12:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-22 14:37 - 2009-06-22 14:37 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-07-07 13:56 - 2009-07-07 13:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-28 03:00 - 2009-09-28 03:00 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-01-26 15:42 - 2010-08-03 19:46 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-11-03 18:46 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-695402029-1971163793-4133230438-500 - Administrator - Disabled)
Guest (S-1-5-21-695402029-1971163793-4133230438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-695402029-1971163793-4133230438-1002 - Limited - Enabled)
Marc (S-1-5-21-695402029-1971163793-4133230438-1003 - Limited - Enabled) => C:\Users\Marc
Mark (S-1-5-21-695402029-1971163793-4133230438-1001 - Administrator - Enabled) => C:\Users\Mark
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2014 10:02:01 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (11/09/2014 09:13:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064f806
Faulting process id: 0x4994
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/09/2014 09:06:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3557
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3557
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1544
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1544
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/08/2014 01:15:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (11/09/2014 10:07:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/09/2014 10:04:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/09/2014 10:01:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/09/2014 09:57:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (11/08/2014 03:38:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HUFANA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{991B068E-33FD-4027-BD3A-99A8323A2E23}.
The master browser is stopping or an election is being forced.
 
Error: (11/07/2014 06:31:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/07/2014 06:30:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/07/2014 06:30:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:27:21 PM on ‎11/‎7/‎2014 was unexpected.
 
Error: (11/07/2014 05:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/07/2014 05:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II Ultra Dual-Core Mobile M600
Percentage of memory in use: 62%
Total physical RAM: 4092.2 MB
Available physical RAM: 1514.41 MB
Total Pagefile: 8182.59 MB
Available Pagefile: 4735.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.13 GB) (Free:319.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Mark at 2014-11-09 10:31:25
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bejeweled 3 (remove only) (HKLM-x32\...\Bejeweled 3) (Version:  - )
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{512FA709-D3E8-4094-A1B5-39A2A08A8400}) (Version: 8.1.348.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Spelvin (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Text Twist 2 (remove only) (HKLM-x32\...\Text Twist 2) (Version:  - )
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VIO Player version 2.0 (HKLM-x32\...\{BD85D232-E96C-4E66-AA73-37B85925CB23}_is1) (Version: 2.0 - VIO PLayer)
WD Anywhere Backup (HKLM\...\{7BB67E6C-4AA2-426b-8AC0-19460E94A4D7}) (Version:  - Memeo Inc.)
WD Drive Manager (x64) (HKLM\...\{4EF6A3C5-7B7A-453A-A887-7252A1A65596}) (Version: 2.107 - Western Digital)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Winferno Registry Power Cleaner (HKLM-x32\...\RegPowerClean_is1) (Version: 2012 - Winferno.com)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-695402029-1971163793-4133230438-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
30-10-2014 12:55:02 インストール PlayMemories Home
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {031DB7FC-62AD-4181-B907-0BC2C0A1F144} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {03FE1649-B7BD-499E-A1C7-7B3BE3D6AB13} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {0635077C-44D7-43AB-B528-208DFA8747AE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {14B0658B-0CAD-485A-B36E-AFE55E20BB06} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {173A573C-769A-457D-BD02-F994B5393BBA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1A2BB723-984D-43D3-A54B-2C873A3C3E90} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {20228C06-66A5-4781-9A17-0CA6AB187C28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E489A46-9899-47A9-AB21-470DD9EED5D5} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-02-08] (Capital Intellect Inc)
Task: {372936B2-C12C-4A7C-A484-CF4FBA96C6ED} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {3EBC833E-C265-4F55-9FB3-BAE496BC3202} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {43262F5F-78E0-45B1-B671-EDEB88FDA00E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4F55AA94-D44C-4E9D-8A6D-D2908D63290B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {512D7404-3071-4482-B341-8C8440A3FE84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {559E16EC-B934-48BD-B7D5-5ACDC8DBA25C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {5BC32DBB-5384-4B5B-AEAF-ACC1C6453A1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {5E7C342E-79D6-47DE-9CB1-3A3EF2E6B43F} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-02-08] (Winferno Software)
Task: {63524A1D-BDB6-4454-9006-414EE2037050} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {63B00992-B943-4F5D-864C-CD3EAC7B483C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6972343A-CBAD-45EB-885D-82FCDF7AEE8A} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {756870B5-CA47-4AF5-A60B-2BDDA8369FF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77AE760B-5649-4558-9C57-072D24252AC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {8462FD84-09F5-47F6-8CE4-307F36F2C912} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8A4C7A30-5FF1-4844-AA02-C81EAFD34B30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18N2415T05JW => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {945E9D48-8B1D-499C-B0E5-F4FA20309E6E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {9AEFC0CC-E4DF-4A2A-9965-6E5EFB4287CD} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A0B4456E-59AE-4844-AC53-A3A321A9C6B1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {ABB4A5D7-FA9E-412A-BD89-81F1C07DD860} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {D45794BF-7CFA-476E-8C42-8E5ABBE2EE8D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F5C1ED0A-5117-4EB5-9B7F-050E5C832388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-21 12:34 - 2009-07-21 12:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-22 14:37 - 2009-06-22 14:37 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-07-07 13:56 - 2009-07-07 13:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-28 03:00 - 2009-09-28 03:00 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-01-26 15:42 - 2010-08-03 19:46 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-11-19 09:20 - 2009-11-19 09:20 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-11-03 18:46 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-695402029-1971163793-4133230438-500 - Administrator - Disabled)
Guest (S-1-5-21-695402029-1971163793-4133230438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-695402029-1971163793-4133230438-1002 - Limited - Enabled)
Marc (S-1-5-21-695402029-1971163793-4133230438-1003 - Limited - Enabled) => C:\Users\Marc
Mark (S-1-5-21-695402029-1971163793-4133230438-1001 - Administrator - Enabled) => C:\Users\Mark
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2014 10:02:01 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (11/09/2014 09:13:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x0064f806
Faulting process id: 0x4994
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/09/2014 09:06:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3557
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3557
 
Error: (11/09/2014 08:20:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1544
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1544
 
Error: (11/09/2014 08:20:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/08/2014 01:15:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (11/09/2014 10:07:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/09/2014 10:04:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/09/2014 10:01:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/09/2014 09:57:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (11/08/2014 03:38:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HUFANA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{991B068E-33FD-4027-BD3A-99A8323A2E23}.
The master browser is stopping or an election is being forced.
 
Error: (11/07/2014 06:31:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/07/2014 06:30:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/07/2014 06:30:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:27:21 PM on ‎11/‎7/‎2014 was unexpected.
 
Error: (11/07/2014 05:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/07/2014 05:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II Ultra Dual-Core Mobile M600
Percentage of memory in use: 62%
Total physical RAM: 4092.2 MB
Available physical RAM: 1514.41 MB
Total Pagefile: 8182.59 MB
Available Pagefile: 4735.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.13 GB) (Free:319.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 09 November 2014 - 08:56 PM

Thanks for the reply, pystryker. Appreciate the assist.


You're quite welcome, let's show your unwelcome guest to the door. :) Upon completion of these steps, please let me know how the machine is running and we'll proceed from there.

Step 1: Program Uninstall


Please uninstall the following program as it is a adware/malware related program: Yahoo Search Protection


Step 2: Fix with FRST

Note: Before running this step, please move FRST64.exe from C:\Users\Mark\Downloads to your Desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Closeprocesses:
Emptytemp:
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe
C:\Program Files (x86)\BringMeSports_1c
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
C:\Program Files (x86)\TelevisionFanatic
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 32-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator.exe [225864 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 64-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe [258632 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [BringMeSports EPM Support] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmedint.exe [12872 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 32-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator.exe [225864 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 64-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe [258632 2014-09-21] (Mindspark)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe /runonstartup"
C:\Program Files (x86)\Free Ride Games
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - No File
URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - No File
SearchScopes: HKLM - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm307^YYA^us&si=CJyY0bDAvsACFZSIfgodThYAPA&ptb=2157A60A-D566-4C92-9431-18A62FB3395A&psa=&ind=2014083118&st=sb&n=780c782e&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Pq3W9FfwPaJHzFj8AzOf7pmucuo?q={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm307^YYA^us&si=CJyY0bDAvsACFZSIfgodThYAPA&ptb=2157A60A-D566-4C92-9431-18A62FB3395A&psa=&ind=2014083118&st=sb&n=780c782e&searchfor={searchTerms}
SearchScopes: HKCU - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin-x32: @BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\safesearch.xml
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: BringMeSports - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\1cffxtbr@BringMeSports_1c.com [2014-09-21]
FF Extension: TelevisionFanatic - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\64ffxtbr@TelevisionFanatic.com [2014-08-31]
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: Free Ride Games Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16} [2014-07-12]
R2 BringMeSports_1cService; C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe [90696 2014-09-21] (Mindspark)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [90696 2014-08-31] (Mindspark)
C:\Windows\SysWOW64\*.tmp
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\TelevisionFanatic
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\BringMeSports_1c
C:\Users\Mark\AppData\Roaming\skype.ini
CustomCLSID: HKU\S-1-5-21-695402029-1971163793-4133230438-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

How is the machine running? This response doesn't have to be in a separate reply. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 10:28 PM

Fixlog.txt results (Currently running Junkware...will post after):

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Mark at 2014-11-09 22:06:23 Run:1
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & Marc)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Closeprocesses:
Emptytemp:
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe
C:\Program Files (x86)\BringMeSports_1c
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
C:\Program Files (x86)\TelevisionFanatic
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 32-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator.exe [225864 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [TelevisionFanatic AppIntegrator 64-bit] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe [258632 2014-08-31] (Mindspark)
HKLM-x32\...\Run: [BringMeSports EPM Support] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cmedint.exe [12872 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 32-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator.exe [225864 2014-09-21] (Mindspark)
HKLM-x32\...\Run: [BringMeSports AppIntegrator 64-bit] => C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe [258632 2014-09-21] (Mindspark)
HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe /runonstartup"
C:\Program Files (x86)\Free Ride Games
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - No File
URLSearchHook: HKCU - (No Name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - No File
SearchScopes: HKLM - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Pq3W9FfwPaJHzFj8AzOf7pmucuo?q={searchTerms}
SearchScopes: HKCU - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin-x32: @BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\safesearch.xml
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: BringMeSports - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\1cffxtbr@BringMeSports_1c.com [2014-09-21]
FF Extension: TelevisionFanatic - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\64ffxtbr@TelevisionFanatic.com [2014-08-31]
FF Extension: ArcadeParlor - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-12-05]
FF Extension: Free Ride Games Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16} [2014-07-12]
R2 BringMeSports_1cService; C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe [90696 2014-09-21] (Mindspark)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [90696 2014-08-31] (Mindspark)
C:\Windows\SysWOW64\*.tmp
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\TelevisionFanatic
2014-10-18 17:41 - 2014-10-18 17:41 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\BringMeSports_1c
C:\Users\Mark\AppData\Roaming\skype.ini
CustomCLSID: HKU\S-1-5-21-695402029-1971163793-4133230438-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbarsvc.exe => No running process found
C:\Program Files (x86)\BringMeSports_1c => Moved successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe => No running process found
C:\Program Files (x86)\TelevisionFanatic => Moved successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\APPINTEGRATOR.EXE => No running process found
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\AppIntegrator64.exe => No running process found
C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\APPINTEGRATOR.EXE => No running process found
C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\AppIntegrator64.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic EPM Support => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic AppIntegrator 32-bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic AppIntegrator 64-bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BringMeSports EPM Support => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BringMeSports AppIntegrator 32-bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BringMeSports AppIntegrator 64-bit => value deleted successfully.
"HKU\S-1-5-21-695402029-1971163793-4133230438-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-695402029-1971163793-4133230438-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-695402029-1971163793-4133230438-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
"C:\Program Files (x86)\Free Ride Games" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{06b5b051-1d05-443d-822f-39ab0d05f018} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key deleted successfully.
"HKCR\CLSID\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
"HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
"HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key deleted successfully.
"HKCR\CLSID\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@BringMeSports_1c.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@TelevisionFanatic.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => Key deleted successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\searchplugins\safesearch.xml => Moved successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} => Moved successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\1cffxtbr@BringMeSports_1c.com => Moved successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\64ffxtbr@TelevisionFanatic.com => Moved successfully.
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16} => Moved successfully.
BringMeSports_1cService => Service deleted successfully.
TelevisionFanaticService => Service deleted successfully.
C:\Windows\SysWOW64\*.tmp => Moved successfully.
C:\Users\Marc\AppData\Roaming\TelevisionFanatic => Moved successfully.
C:\Users\Marc\AppData\Roaming\BringMeSports_1c => Moved successfully.
C:\Users\Mark\AppData\Roaming\skype.ini => Moved successfully.
"HKU\S-1-5-21-695402029-1971163793-4133230438-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  netsh advfirewall reset =========
 
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#7 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 10:39 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mark on Sun 11/09/2014 at 22:30:10.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\BringMeSports_1c.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\free ride games"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Mark\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\bringmesports_1c"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\iac"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\televisionfanatic"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\bringmesports_1c"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\winferno\registrypowercleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\Users\Mark\AppData\Roaming\microsoft\windows\start menu\programs\arcadeparlor"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bfgsy5gd.default\user.js
Successfully deleted: [Folder] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bfgsy5gd.default\extensions\wecarereminder@bryan
Successfully deleted the following from C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bfgsy5gd.default\prefs.js
 
user_pref("CT1320680.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT1320680.CTID", "CT1320680");
user_pref("CT1320680.CommunitiesChangesLastCheckTime", "Fri Jan 08 2010 21:02:59 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.CommunityChanged", true);
user_pref("CT1320680.DialogsAlignMode", "LTR");
user_pref("CT1320680.DownloadDomainsCheckInterval", "168");
user_pref("CT1320680.DownloadDomainsListLastCheckTime", "Fri Jan 08 2010 21:02:59 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.DownloadDomainsListLastServerUpdateTime", "1201073583");
user_pref("CT1320680.EMailNotifierPollDate", "Fri Jan 08 2010 21:03:07 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.FeedLastCount128952336982775565", 20);
user_pref("CT1320680.FeedPollDate128952336984025604", "Fri Jan 08 2010 21:03:00 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.FeedPollDate7902519", "Fri Jan 08 2010 21:03:07 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.FeedPollDate7902549", "Fri Jan 08 2010 21:03:07 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.FeedPollDate7902562", "Fri Jan 08 2010 21:03:07 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.FeedTTL128952336984025604", 40);
user_pref("CT1320680.FirstTime", true);
user_pref("CT1320680.FirstTimeFF3", true);
user_pref("CT1320680.GroupingServerCheckInterval", 1440);
user_pref("CT1320680.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1320680.Initialize", true);
user_pref("CT1320680.InitializeCommonPrefs", true);
user_pref("CT1320680.InstalledDate", "Fri Jan 08 2010 21:03:01 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.InvalidateCache", false);
user_pref("CT1320680.IsGrouping", false);
user_pref("CT1320680.IsMulticommunity", true);
user_pref("CT1320680.IsOpenThankYouPage", true);
user_pref("CT1320680.IsOpenUninstallPage", true);
user_pref("CT1320680.LanguagePackLastCheckTime", "Fri Jan 08 2010 21:03:01 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1320680.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1320680.LastLogin_2.3.0.4", "Fri Jan 08 2010 21:03:07 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.LatestVersion", "2.1.0.18");
user_pref("CT1320680.Locale", "en-us");
user_pref("CT1320680.LoginCache", 4);
user_pref("CT1320680.MCDetectTooltipHeight", "83");
user_pref("CT1320680.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1320680.MCDetectTooltipWidth", "295");
user_pref("CT1320680.RadioIsPodcast", false);
user_pref("CT1320680.RadioLastCheckTime", "Fri Jan 08 2010 21:03:00 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.RadioLastUpdateIPServer", "4");
user_pref("CT1320680.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1320680.RadioMediaID", "7842858");
user_pref("CT1320680.RadioMediaType", "Media Player");
user_pref("CT1320680.RadioMenuSelectedID", "EBRadioMenu_CT13206807842858");
user_pref("CT1320680.RadioStationName", "Channel%202%20-%20Hip%20Hop%2C%20Rap%20Praise");
user_pref("CT1320680.RadioStationURL", "hxxp://70.250.196.50/yrbn2");
user_pref("CT1320680.SHRINK_TOOLBAR", 1);
user_pref("CT1320680.SearchFromAddressBarIsInit", true);
user_pref("CT1320680.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=");
user_pref("CT1320680.SettingsCheckIntervalMin", 120);
user_pref("CT1320680.SettingsLastCheckTime", "Fri Jan 08 2010 21:02:59 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.SettingsLastUpdate", "1262298042");
user_pref("CT1320680.ThirdPartyComponentsInterval", 72);
user_pref("CT1320680.ThirdPartyComponentsLastCheck", "Fri Jan 08 2010 21:02:59 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.ThirdPartyComponentsLastUpdate", "1262298042");
user_pref("CT1320680.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT1320680.UserID", "UN20716190480286345");
user_pref("CT1320680.WeatherNetwork", "");
user_pref("CT1320680.WeatherPollDate", "Fri Jan 08 2010 21:03:00 GMT-0500 (Eastern Standard Time)");
user_pref("CT1320680.WeatherUnit", "F");
user_pref("CT1320680.clientLogIsEnabled", true);
user_pref("CT1320680.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1320680.myStuffEnabled", true);
user_pref("CT1320680.myStuffPublihserMinWidth", 400);
user_pref("CT1320680.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
user_pref("CT1320680.myStuffServiceIntervalMM", 1440);
user_pref("CT1320680.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1320680.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT1320680");
user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");
user_pref("CommunityToolbar.twitter.user_33238896.LastCheckTime", "Fri Jan 08 2010 21:03:00 GMT-0500 (Eastern Standard Time)");
user_pref("browser.search.defaultthis.engineName", "Free Ride Games Customized Web Search");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
Emptied folder: C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\bfgsy5gd.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/09/2014 at 22:36:01.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 11:00 PM

AdwCleaner log:

 

# AdwCleaner v4.101 - Report created 09/11/2014 at 22:43:36
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark - MARK-LAPTOP
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Marc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marc\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Mark\AppData\Local\Surf_Canyon
Folder Deleted : C:\Users\Mark\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Mark\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Mark\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bfgsy5gd.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\07kx5uir.default\Extensions\1cffxtbr@BringMeSports_1c.com
Folder Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\07kx5uir.default\Extensions\64ffxtbr@TelevisionFanatic.com
Folder Deleted : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Mark\Documents\eBay.lnk
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\07kx5uir.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\07kx5uir.default\searchplugins\safesearch.xml
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39AE4193-9636-4786-A7E8-D0BED697CDF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5489857C-D16B-4F23-A322-9F3D3423DC6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5DC6445C-89CE-4895-9EEE-79449A453700}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74CEF9D2-506A-4BC6-B577-4F6505317FBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{779A6469-E20C-4517-9D59-394EE65E216C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E74A826-02AC-4EDF-8827-7CFDE086FB48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B299D84A-69A5-4433-9A79-51EF2BB7841F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0F2C9A6B-A0ED-4189-B086-C0E76D80EB91}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1265AE6E-5141-468B-AB11-67ECE832F5E8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{256B342B-85A7-4E4E-AA2E-101CDDEF5EFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A751D61-7A6B-4999-BFD0-ADF01A40F6F2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E326B6-2DC3-40B7-93D8-3CEDA9C83F53}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92364364-56B2-4C54-AAE3-A7D03A30C023}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A50C4254-A6A2-48CB-A2D0-C5E0A53FD965}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A66EEC44-AA6D-4AF2-BF75-490E2CA17AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BDFCF196-0622-41CF-BDA6-D1CDB44AB5E9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6285C254-4465-4F8B-A009-5F42AB02C291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}
Key Deleted : HKCU\Software\BringMeSports_1c
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\TelevisionFanatic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BringMeSports_1c
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\BringMeSports_1c
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.CTID", "CT1320680");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.CommunitiesChangesLastCheckTime", "Sun Nov 07 2010 10:36:03 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.CommunityChanged", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.DialogsAlignMode", "LTR");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.DownloadDomainsCheckInterval", "168");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.DownloadDomainsListLastCheckTime", "Sun Nov 07 2010 10:36:03 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.DownloadDomainsListLastServerUpdateTime", "1201073583");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.EMailNotifierPollDate", "Sun Nov 07 2010 10:36:05 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedLastCount128952336982775565", 23);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedPollDate128952336984025604", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedPollDate7902519", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedPollDate7902549", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedPollDate7902562", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FeedTTL128952336984025604", 40);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FirstTime", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.FirstTimeFF3", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.GroupingServerCheckInterval", 1440);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.Initialize", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.InitializeCommonPrefs", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.InstalledDate", "Fri Jan 08 2010 11:22:37 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.InvalidateCache", false);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.IsGrouping", false);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.IsMulticommunity", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.IsOpenThankYouPage", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.IsOpenUninstallPage", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LanguagePackLastCheckTime", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LanguagePackReloadIntervalMM", 1440);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LastLogin_2.3.0.4", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LatestVersion", "2.7.2.0");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.Locale", "en-us");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.LoginCache", 4);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.MCDetectTooltipHeight", "83");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.MCDetectTooltipWidth", "295");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioIsPodcast", false);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioLastCheckTime", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioLastUpdateIPServer", "4");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioLastUpdateServer", "128929877726170000");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioMediaID", "7842858");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioMediaType", "Media Player");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioMenuSelectedID", "EBRadioMenu_CT13206807842858");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioStationName", "Channel%202%20-%20Hip%20Hop%2C%20Rap%20Praise");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.RadioStationURL", "hxxp://70.250.196.50/yrbn2");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SHRINK_TOOLBAR", 1);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SearchFromAddressBarIsInit", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SettingsCheckIntervalMin", 120);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SettingsLastCheckTime", "Sun Nov 07 2010 10:36:03 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.SettingsLastUpdate", "1288466791");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.ThirdPartyComponentsInterval", 504);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastCheck", "Sun Nov 07 2010 10:36:03 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastUpdate", "1276004872");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.UserID", "UN83263266249756144");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.WeatherNetwork", "");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.WeatherPollDate", "Sun Nov 07 2010 10:36:05 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.WeatherUnit", "F");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.alertChannelId", "19248");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.clientLogIsEnabled", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.myStuffEnabled", true);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.myStuffPublihserMinWidth", 400);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.myStuffServiceIntervalMM", 1440);
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CT1320680.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1320680");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.twitter.user_33238896.LastCheckTime", "Sun Nov 07 2010 10:36:04 GMT-0500 (Eastern Standard Time)");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Free Ride Games Customized Web Search");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}");
[07kx5uir.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=");
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [18937 octets] - [09/11/2014 22:41:27]
AdwCleaner[S0].txt - [19486 octets] - [09/11/2014 22:43:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19547 octets] ##########


#9 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 November 2014 - 11:07 PM

FreshFRST log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Mark at 2014-11-09 23:03:37
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bejeweled 3 (remove only) (HKLM-x32\...\Bejeweled 3) (Version:  - )
Bejeweled Twist (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{512FA709-D3E8-4094-A1B5-39A2A08A8400}) (Version: 8.1.348.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Spelvin (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Text Twist 2 (remove only) (HKLM-x32\...\Text Twist 2) (Version:  - )
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VIO Player version 2.0 (HKLM-x32\...\{BD85D232-E96C-4E66-AA73-37B85925CB23}_is1) (Version: 2.0 - VIO PLayer)
WD Anywhere Backup (HKLM\...\{7BB67E6C-4AA2-426b-8AC0-19460E94A4D7}) (Version:  - Memeo Inc.)
WD Drive Manager (x64) (HKLM\...\{4EF6A3C5-7B7A-453A-A887-7252A1A65596}) (Version: 2.107 - Western Digital)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Winferno Registry Power Cleaner (HKLM-x32\...\RegPowerClean_is1) (Version: 2012 - Winferno.com)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-695402029-1971163793-4133230438-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-10-2014 12:55:02 インストール PlayMemories Home
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-09 22:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {031DB7FC-62AD-4181-B907-0BC2C0A1F144} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {03FE1649-B7BD-499E-A1C7-7B3BE3D6AB13} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {0635077C-44D7-43AB-B528-208DFA8747AE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {14B0658B-0CAD-485A-B36E-AFE55E20BB06} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {173A573C-769A-457D-BD02-F994B5393BBA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1A2BB723-984D-43D3-A54B-2C873A3C3E90} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {20228C06-66A5-4781-9A17-0CA6AB187C28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E489A46-9899-47A9-AB21-470DD9EED5D5} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: {372936B2-C12C-4A7C-A484-CF4FBA96C6ED} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {3EBC833E-C265-4F55-9FB3-BAE496BC3202} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {43262F5F-78E0-45B1-B671-EDEB88FDA00E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4F55AA94-D44C-4E9D-8A6D-D2908D63290B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {512D7404-3071-4482-B341-8C8440A3FE84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {559E16EC-B934-48BD-B7D5-5ACDC8DBA25C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {5BC32DBB-5384-4B5B-AEAF-ACC1C6453A1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {5E7C342E-79D6-47DE-9CB1-3A3EF2E6B43F} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: {63524A1D-BDB6-4454-9006-414EE2037050} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {63B00992-B943-4F5D-864C-CD3EAC7B483C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6972343A-CBAD-45EB-885D-82FCDF7AEE8A} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {756870B5-CA47-4AF5-A60B-2BDDA8369FF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77AE760B-5649-4558-9C57-072D24252AC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {8462FD84-09F5-47F6-8CE4-307F36F2C912} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8A4C7A30-5FF1-4844-AA02-C81EAFD34B30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18N2415T05JW => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {945E9D48-8B1D-499C-B0E5-F4FA20309E6E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {9AEFC0CC-E4DF-4A2A-9965-6E5EFB4287CD} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A0B4456E-59AE-4844-AC53-A3A321A9C6B1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {ABB4A5D7-FA9E-412A-BD89-81F1C07DD860} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {D45794BF-7CFA-476E-8C42-8E5ABBE2EE8D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F5C1ED0A-5117-4EB5-9B7F-050E5C832388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-21 12:34 - 2009-07-21 12:34 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-22 14:37 - 2009-06-22 14:37 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-07-07 13:56 - 2009-07-07 13:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-28 03:00 - 2009-09-28 03:00 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-10-25 22:27 - 2009-10-25 22:27 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 05:21 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-695402029-1971163793-4133230438-500 - Administrator - Disabled)
Guest (S-1-5-21-695402029-1971163793-4133230438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-695402029-1971163793-4133230438-1002 - Limited - Enabled)
Marc (S-1-5-21-695402029-1971163793-4133230438-1003 - Limited - Enabled) => C:\Users\Marc
Mark (S-1-5-21-695402029-1971163793-4133230438-1001 - Administrator - Enabled) => C:\Users\Mark
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/09/2014 10:44:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/09/2014 10:44:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (11/09/2014 10:44:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (11/09/2014 10:43:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Com4QLBEx service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/09/2014 10:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II Ultra Dual-Core Mobile M600
Percentage of memory in use: 39%
Total physical RAM: 4092.2 MB
Available physical RAM: 2487.18 MB
Total Pagefile: 8182.59 MB
Available Pagefile: 6187.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.13 GB) (Free:320.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
------------------------------------------------------------
Everything seems to be running a bit snappier, not displaying the same symptoms as to prior all these scans.  So we're making progress!  How's everything seem - based on the logs - to you?


#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 09 November 2014 - 11:10 PM

Everything seems to be running a bit snappier, not displaying the same symptoms as to prior all these scans. So we're making progress! How's everything seem - based on the logs - to you?


Good news, no sign of the Poweliks infection in the fresh FRST log. We're definitely making progress. :) Looks like we're on the road to a clean machine. Let's continue. :thumbup2:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 10 November 2014 - 03:46 PM

MBAM.txt log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/10/2014
Scan Time: 11:11:58 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.10.06
Rootkit Database: v2014.11.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397663
Time Elapsed: 3 hr, 8 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0228288D-975E-42F7-9993-E91A82E6BBD9}, No Action By User, [3b1924153a428caa3fbf7ec29d66718f], 
PUP.Optional.WeCare, HKU\S-1-5-21-695402029-1971163793-4133230438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, No Action By User, [6aeae05982fab680ca47a998679cb947], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-695402029-1971163793-4133230438-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BringMeSports_1c, No Action By User, [40146ccd661652e41c5a5204847f7a86], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-695402029-1971163793-4133230438-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, No Action By User, [db79f643403cc86eed2bf65a23e0f010], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-695402029-1971163793-4133230438-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, No Action By User, [a1b36ccd9be1290d739a98b8f1129967], 
 
Registry Values: 2
PUP.Optional.MindSpark.A, HKU\S-1-5-21-695402029-1971163793-4133230438-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{0696f815-a3a9-490a-bb14-9ec3350b1276}, No Action By User, [99bbe1582b5132041e307b3a99699e62], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-695402029-1971163793-4133230438-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{0696F815-A3A9-490A-BB14-9EC3350B1276}, No Action By User, [99bbe1582b5132041e307b3a99699e62], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 10 November 2014 - 04:17 PM

Hi :)

When the ESET scan is complete, please rerun Malwarebytes. When the Malwarebytes scan is complete, select Quarantine for the items it finds and post that log along with the ESET log. :thumbsup:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 11 November 2014 - 11:09 AM

Every time I run ESET, it will get to a point then just slow considerably.  My Norton360 could be causing it, as even though I disabled it, it's still prompting to restart the machine to apply changes.  Any other suggestions to run ESET without any hitches?



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 11 November 2014 - 01:22 PM

Hi :)


Is it slowing down during the scan, or during the installation of the files it needs to run the scan? If it's slowing down during the scan, that is normal. This is a very thorough scanner, and sometimes can take quite a while to run. Please let me know, and we will proceed from there.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 smv

smv
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 11 November 2014 - 01:37 PM

It slows down during the scan.  Seems like it will hit around 31% then slow down considerably.  I let it run overnight and only progressed to around 43%.  I mean, I'll let it run, but it's gonna take a while lol.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users