Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer, Need to Remove Webroot, Not Installing Updates


  • This topic is locked This topic is locked
12 replies to this topic

#1 Kameron Alex

Kameron Alex

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 02 January 2015 - 01:32 PM

Hello! I'm hoping to get my home computer all fixed up and running smoothly. It's not too outdated (Windows Vista) and has not been running as smoothly as it once did before! I unfortunately had Webroot SecureAnywhere installed and had the most difficult time getting rid of it completely. After I uninstalled it, after every boot up it would pop back up and re-install by itself! I manually went in and removed some files and ran the uninstall tool but I'm afraid there's still remnants and want to be sure it's gone before I install a different Anti-Virus protection program! I am also having issues installing Windows Updates. I've tried over and over to download the same update (Microsoft SQL Server update, Error Code 65B) and it won't budge. My computer also runs slow and is lagging. I've also run a few malware scans to remove anything and I would just appreciate some help and insight please! I've tried enabling Windows Defender and also get a weird error code. I also found it weird that I'm not able to boot up in Safe Mode and I swear I used to be able to on this Dell computer!

Attached Files


Edited by Kameron Alex, 02 January 2015 - 01:36 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 AM

Posted 07 January 2015 - 01:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561843 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kameron Alex

Kameron Alex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 08 January 2015 - 11:51 AM

I do not have the original Windows CD unfortunately. The steps I have taken so far is just really ran a Malwarebytes scan to remove adware and whatnot. I had Webroot SecureAnywhere previously installed and it was so difficult to remove and I would like to make sure it is completely removed from my system as it has caused it to lag and perform horribly. I just wanted to be safe and make sure my computer is clean so that it can operate to its full potential! I also needed to make sure it was completely removed so I can re-install an anti-virus (AVG Free). I've been having issued with updates as I have tried over and over to install and shut down while installing updates but to no luck! I have tried over and over to download the same update (Microsoft SQL Server update, Error Code 65B) and it won't budge! I've also tried enabling Windows Defender and also get a weird error code. I also found it weird that I'm not able to boot up in Safe Mode and I swear I used to be able to on this Dell computer! Some insight and help would be much appreciated and I anticipate a response! Thank you for your help in advance! I've attached the new scan logs below!

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 08 January 2015 - 01:27 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

p.s.
Windows Defender is disabled when Microsoft Security Essential is enable.
That is normall.

#5 Kameron Alex

Kameron Alex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 09 January 2015 - 12:02 PM

Thank you for your help!

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 11:33:57
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Darryl - DARRYL-PC
# Running from : C:\Users\Darryl\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [623 octets] - [09/01/2015 11:33:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [682 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Darryl (administrator) on DARRYL-PC on 09-01-2015 11:49:09
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl & UpdatusUser (Available profiles: Darryl & UpdatusUser & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [101136 2007-01-11] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [] => [X]
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1818984 2012-01-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\MountPoints2: {0b8600a2-4f61-11e3-9bd3-001aa01a37b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\MountPoints2: {0b8600a9-4f61-11e3-9bd3-001aa01a37b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\MountPoints2: {27796907-9d14-11e1-880a-001aa01a37b9} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\MountPoints2: {ca59f9aa-5fe1-11e1-8161-001aa01a37b9} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-659378098-4020864202-2134437187-1009\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-659378098-4020864202-2134437187-1003] => http://wpad.wildblue.com/wpad.dat.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1003 -> 629753AF2A534A8C9EFF8E164CA58B1A URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1009 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [remoteExt@emusic.com] - C:\Program Files\eMusic Remote\remoteExt
FF Extension: eMusic Remote Helper - C:\Program Files\eMusic Remote\remoteExt [2007-10-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-01-16]
FF HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Firefox\Extensions: [remoteExt@emusic.com] - C:\Program Files\eMusic Remote\remoteExt
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-06-14] (Creative Labs) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-02-20] (Logitech Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [79576 2014-12-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 11:49 - 2015-01-09 11:52 - 00027749 _____ () C:\Users\Darryl\Desktop\FRST.txt
2015-01-09 11:48 - 2015-01-09 11:49 - 00000000 ____D () C:\FRST
2015-01-09 11:47 - 2015-01-09 11:48 - 01115648 _____ (Farbar) C:\Users\Darryl\Desktop\FRST.exe
2015-01-09 11:46 - 2015-01-09 11:46 - 00000821 _____ () C:\Users\Darryl\Desktop\AdwCleaner[S0].txt
2015-01-09 11:43 - 2015-01-09 11:43 - 00000761 _____ () C:\Users\Darryl\Desktop\AdwCleaner[R0].txt
2015-01-09 11:25 - 2015-01-09 11:44 - 00000000 ____D () C:\AdwCleaner
2015-01-09 11:21 - 2015-01-09 11:21 - 02191360 _____ () C:\Users\Darryl\Desktop\adwcleaner_4.107.exe
2015-01-08 11:46 - 2015-01-08 11:46 - 00017504 _____ () C:\Users\Darryl\Desktop\dds.txt
2015-01-08 11:46 - 2015-01-08 11:46 - 00016138 _____ () C:\Users\Darryl\Desktop\attach.txt
2015-01-08 11:44 - 2015-01-08 11:44 - 00688992 ____R (Swearware) C:\Users\Darryl\Desktop\dds.com
2015-01-05 18:40 - 2015-01-05 20:49 - 00001795 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-01-04 13:41 - 2015-01-04 13:41 - 00000000 ____D () C:\Users\Darryl\Desktop\Kyle
2015-01-03 16:01 - 2015-01-03 16:01 - 00000000 _____ () C:\ProgramData\Basic Synth
2015-01-03 15:32 - 2015-01-03 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-03 15:31 - 2015-01-03 15:32 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-03 15:28 - 2015-01-03 15:28 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 15:28 - 2015-01-03 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 15:27 - 2015-01-03 15:28 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-03 15:27 - 2015-01-03 15:28 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 15:06 - 2015-01-03 15:06 - 00000000 ____D () C:\Users\Darryl\Documents\Darryl_2
2015-01-01 10:18 - 2015-01-01 10:18 - 191381976 _____ () C:\Windows\MEMORY.DMP
2015-01-01 10:18 - 2015-01-01 10:18 - 00139984 _____ () C:\Windows\Minidump\Mini010115-01.dmp
2014-12-30 14:33 - 2014-12-30 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 14:33 - 2014-12-30 14:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-30 14:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 14:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 14:14 - 2014-12-30 14:20 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-30 14:14 - 2014-12-30 14:16 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-12-30 14:13 - 2014-12-30 14:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-30 14:09 - 2014-12-31 12:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-30 14:08 - 2010-04-05 15:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-29 23:43 - 2014-12-29 23:43 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-12-29 23:43 - 2009-03-10 16:47 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 23:43 - 2009-03-10 16:47 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 23:43 - 2007-11-20 14:05 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Apple Computer
2014-12-29 23:43 - 2007-11-20 14:05 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Apple Computer
2014-12-29 23:43 - 2007-07-07 13:48 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-12-29 23:42 - 2013-01-31 04:00 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-29 23:42 - 2013-01-31 04:00 - 00634656 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-29 23:42 - 2013-01-31 04:00 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-29 23:41 - 2013-01-31 06:21 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-29 23:40 - 2014-12-29 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-29 23:38 - 2013-01-31 06:21 - 19915552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 10919200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 23:38 - 2013-01-31 06:21 - 07754560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 06162704 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 02577184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 02446416 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 01869088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 01010464 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-12-29 23:38 - 2013-01-31 06:21 - 00012724 _____ () C:\Windows\system32\nvinfo.pb
2014-12-29 23:36 - 2014-12-29 23:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-29 23:36 - 2014-12-29 23:36 - 00000000 ____D () C:\NVIDIA
2014-12-29 23:36 - 2014-12-29 23:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-29 23:36 - 2014-12-29 23:36 - 00000000 _____ () C:\Windows\setupact.log
2014-12-29 23:03 - 2014-12-31 12:07 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 23:03 - 2014-12-30 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-29 23:01 - 2014-12-31 12:06 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-29 22:55 - 2014-12-29 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-12-29 22:07 - 2015-01-09 11:45 - 00059428 _____ () C:\Windows\PFRO.log
2014-12-29 21:35 - 2014-12-29 22:05 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06Z..ZZZZZZ..ZZ..Z
2014-12-29 18:22 - 2014-12-31 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-29 18:13 - 2014-12-29 18:14 - 04637504 _____ (AVG Technologies) C:\Users\Darryl\Desktop\avg_free_stb_all_2015_5557_cnet.exe
2014-12-29 18:02 - 2012-05-04 18:29 - 00772504 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-12-29 18:02 - 2012-05-04 18:29 - 00687504 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-12-29 17:44 - 2014-12-29 17:40 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-29 17:44 - 2014-12-29 17:40 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-29 17:44 - 2014-12-29 17:40 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-29 17:44 - 2014-12-29 17:40 - 00146432 _____ (Oracle Corporation) C:\Windows\system32\javacpl.cpl
2014-12-29 17:42 - 2014-12-29 17:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-29 17:40 - 2014-12-29 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-29 17:17 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-29 16:39 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-29 16:38 - 2015-01-03 15:46 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-29 16:36 - 2014-12-29 16:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-29 16:08 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-26 13:47 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-26 13:47 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-26 13:47 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-26 13:47 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-26 13:47 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-26 13:47 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-26 13:47 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-26 13:47 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-26 13:47 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-26 13:47 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-26 13:47 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-26 13:47 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-26 13:47 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-26 13:47 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-26 13:47 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-26 13:47 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-26 13:47 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 11:51 - 2007-06-14 04:13 - 01632851 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 11:46 - 2012-03-30 14:59 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 11:45 - 2008-09-24 18:11 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-09 11:45 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 11:45 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 11:45 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 11:44 - 2007-06-18 19:33 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-09 11:44 - 2006-11-02 08:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 11:39 - 2012-03-30 14:59 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 11:16 - 2012-03-30 14:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 11:56 - 2007-06-14 04:53 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-08 11:55 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2015-01-07 15:18 - 2006-11-02 05:33 - 00828282 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 13:41 - 2007-06-18 19:39 - 00078848 _____ () C:\Users\Darryl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-05 18:37 - 2012-11-28 19:11 - 07169624 _____ () C:\Users\Darryl\Downloads\HPPSdr.exe
2015-01-05 18:00 - 2010-02-07 03:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\HpUpdate
2015-01-05 17:54 - 2010-01-16 16:56 - 00000000 ____D () C:\ProgramData\HP
2015-01-05 17:52 - 2010-01-16 17:00 - 00000000 ____D () C:\Program Files\HP
2015-01-03 16:37 - 2007-06-14 04:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-03 16:37 - 2007-06-14 04:26 - 00000000 ____D () C:\Program Files\Creative
2015-01-03 16:35 - 2007-06-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Corel
2015-01-03 16:35 - 2007-06-14 04:32 - 00000000 ____D () C:\Program Files\Corel
2015-01-03 16:01 - 2010-04-14 08:41 - 00000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2015-01-03 16:01 - 2010-04-14 08:41 - 00000000 _____ () C:\Users\Darryl\AppData\Roaming\Brother
2015-01-03 15:59 - 2010-04-14 08:36 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-01-03 15:55 - 2007-06-14 04:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-03 15:38 - 2008-05-20 16:22 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-03 15:27 - 2013-09-19 17:41 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-03 15:27 - 2007-07-05 17:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 15:27 - 2007-07-05 17:10 - 00000000 ____D () C:\Program Files\iPod
2015-01-03 15:18 - 2007-06-18 19:32 - 00000000 ____D () C:\Users\Darryl
2015-01-03 15:15 - 2007-07-05 17:41 - 00000000 ____D () C:\ProgramData\Apple
2015-01-03 15:11 - 2007-06-24 17:59 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe
2015-01-03 15:10 - 2012-10-04 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-03 15:07 - 2008-10-08 19:40 - 00000000 ____D () C:\Users\Darryl_2
2015-01-02 13:12 - 2008-10-01 19:18 - 00000000 ____D () C:\Users\Darryl\Documents\mirandas folder
2015-01-01 10:18 - 2007-11-19 21:06 - 00000000 ____D () C:\Windows\Minidump
2014-12-31 13:28 - 2007-06-14 04:51 - 00000000 ____D () C:\Program Files\Dell
2014-12-31 13:27 - 2007-10-01 11:37 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla
2014-12-31 13:17 - 2011-03-08 18:09 - 00000000 ____D () C:\Program Files\4U Computing
2014-12-31 06:13 - 2009-10-02 15:14 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 14:29 - 2006-11-02 07:47 - 00417184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 13:32 - 2011-11-29 10:28 - 00000000 ____D () C:\ProgramData\WRData
2014-12-29 23:49 - 2007-06-18 19:32 - 00117048 _____ () C:\Users\Darryl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-29 23:46 - 2008-07-09 02:01 - 00000000 ____D () C:\Windows\SQL9_KB948109_ENU
2014-12-29 23:43 - 2011-09-05 19:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-29 23:41 - 2007-07-05 17:32 - 00000000 ____D () C:\TEMP
2014-12-29 21:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-29 21:21 - 2007-06-14 04:47 - 00000000 ____D () C:\Program Files\Google
2014-12-29 18:27 - 2008-09-25 21:32 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\FrostWire
2014-12-29 18:27 - 2006-11-10 08:22 - 00000000 ____D () C:\Windows\Panther
2014-12-29 18:15 - 2007-06-14 04:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 18:07 - 2010-01-16 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-29 18:05 - 2007-06-18 19:33 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Google
2014-12-29 17:55 - 2011-11-10 00:40 - 00000000 ____D () C:\Program Files\Rhapsody
2014-12-29 17:54 - 2009-10-26 13:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Yahoo!
2014-12-29 17:54 - 2007-07-29 18:01 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-12-29 17:54 - 2007-06-14 04:48 - 00000000 ____D () C:\Program Files\Yahoo!
2014-12-29 17:53 - 2007-06-14 04:21 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-29 17:45 - 2014-01-31 17:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 17:44 - 2007-06-14 04:21 - 00000000 ____D () C:\Program Files\Java
2014-12-29 17:44 - 2007-06-14 04:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-29 17:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-12-29 16:59 - 2007-06-14 04:42 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-29 16:36 - 2007-06-14 04:49 - 00000000 ____D () C:\Program Files\Adobe
2014-12-29 16:35 - 2013-08-15 02:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-29 16:24 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-29 16:19 - 2007-07-29 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T Yahoo!
2014-12-29 16:19 - 2007-06-18 19:45 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Yahoo
2014-12-29 16:19 - 2007-06-14 04:48 - 00000000 ____D () C:\ProgramData\YAHOO
2014-12-29 16:19 - 2007-06-14 04:35 - 00000000 ____D () C:\Program Files\Common Files\SureThing Shared
2014-12-29 16:15 - 2007-07-29 15:38 - 00000150 _____ () C:\YServer.txt
2014-12-29 16:14 - 2007-06-18 19:32 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 16:14 - 2006-11-02 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 13:53 - 2012-09-11 13:48 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-26 12:53 - 2012-03-30 14:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-26 12:53 - 2012-02-25 13:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\Users\Darryl\Google_Earth_BZXV.exe
C:\Users\Darryl\KiweeToolbar_EMKIW15329_0.88.exe
 
 
Some content of TEMP:
====================
C:\Users\Darryl\AppData\Local\Temp\fwfo.dll
C:\Users\Darryl\AppData\Local\Temp\HPPSdr.exe
C:\Users\Darryl\AppData\Local\Temp\Quarantine.exe
C:\Users\Darryl\AppData\Local\Temp\sqlite3.dll
C:\Users\Darryl\AppData\Local\Temp\WRFirewallInstall.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-09 11:52
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Darryl at 2015-01-09 11:53:13
Running from C:\Users\Darryl\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.6.4030 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 0.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1015 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.2007.0318 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
ccc-core-static (Version: 0108.2146.2565.38893 - ATI) Hidden
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DJ_AIO_05_F4400_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
eMusic Remote 1.0 (HKLM\...\eMusic Remote) (Version: 1.0 - eMusic, Inc.)
F4400 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.3 - Nikon)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{C85664DC-8B80-45A1-9300-A96A9505F4D8}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{8D0B4A29-EA9B-43A6-8600-CEA88718C526}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iPod for Windows 2006-06-28 (HKLM\...\InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-06-28 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KhalSetup (Version: 3.21.29 - Logitech) Hidden
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.2 - Nikon)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS Master 2 (HKLM\...\{CB49B376-1136-44B4-83FA-036334B59937}) (Version: 1.0.2 - OLYMPUS IMAGING CORP.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.2.2 - Pando Networks Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rhapsody Player Engine (HKLM\...\{8A62A068-3FD6-495A-9F66-26FE94F32EC9}) (Version: 1.0.690 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (HKLM\...\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}) (Version: 4.47 - Samsung)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47 - Samsung) Hidden
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.2 - Logitech)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 0108.2146.2565.38893 - ATI) Hidden
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 3.0.2.0 - HTC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\Darryl\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.exe No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.e (the data entry has 10 more characters).
 
==================== Restore Points  =========================
 
31-12-2014 12:53:42 Windows Update
31-12-2014 13:16:37 Windows Update
31-12-2014 13:23:33 Removed Citrix XenApp Web Plugin
31-12-2014 13:26:08 Removed Citrix XenApp Web Plugin
31-12-2014 13:27:39 Removed Internet Service Offers Launcher.
31-12-2014 14:08:59 Removed Java 7 Update 51
31-12-2014 14:10:27 Windows Update
01-01-2015 03:00:13 Windows Update
01-01-2015 22:47:03 Windows Update
02-01-2015 12:50:05 Windows Update
02-01-2015 22:53:30 Windows Update
03-01-2015 14:45:31 Windows Update
03-01-2015 14:50:13 Windows Update
03-01-2015 15:16:13 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
03-01-2015 15:55:09 Removed Panorama Maker
03-01-2015 16:00:06 Removed ViewNX
03-01-2015 16:17:52 Removed Corel Paint Shop Pro Photo XI
03-01-2015 16:33:25 Removed Corel Snapfire Plus
03-01-2015 16:35:42 Removed Creative MediaSource 5
03-01-2015 16:39:57 Removed File Uploader
03-01-2015 16:50:16 Windows Update
04-01-2015 15:19:57 Scheduled Checkpoint
04-01-2015 17:45:31 Windows Update
04-01-2015 21:33:18 Windows Update
05-01-2015 10:06:22 Scheduled Checkpoint
05-01-2015 20:57:21 Windows Update
07-01-2015 11:50:52 Windows Update
07-01-2015 13:47:48 Windows Update
07-01-2015 15:36:40 Windows Update
08-01-2015 11:38:44 Scheduled Checkpoint
08-01-2015 11:53:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2011-11-04 09:21 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1D5027C8-C3B9-4F94-9FCA-E54A60F5777B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
Task: {4588B8B8-12BE-47E3-B9BF-DB3D65910B67} - System32\Tasks\{88A44AC2-D98A-459F-BF77-FAE2C3FD154A} => pcalua.exe -a C:\Users\Darryl\AppData\Local\Temp\Temp1_ATTYahoo!EmailSetup[1].zip\MailClientSetup.exe
Task: {85CEEE8D-D84A-43F2-9D62-4DA818E6EEB2} - System32\Tasks\{3AD4EAEB-F7AE-4D3C-91AF-75484DDF9BD5} => pcalua.exe -a E:\Setup.now.exe -d E:\
Task: {8E50A577-79B8-4EAC-B9DF-67115C783DE1} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {9A2ED77E-1479-4071-A7D7-AE7DB3DEF8C8} - System32\Tasks\{4A886396-6FDA-4FA7-83DD-D7D33E36301B} => pcalua.exe -a "C:\Program Files\eMusic Remote\uninst.exe"
Task: {A8B0853A-D071-4EB2-A0A2-A5A47AACD6B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
Task: {AE72C111-31A9-4F34-AC7B-5175C90A4EE1} - System32\Tasks\{3361E582-6B68-4EF5-81CD-BE01202CB81C} => pcalua.exe -a C:\Windows\system32\DModem.cpl -c Modem Diagnostic Tool
Task: {CDE534A1-7EF1-40BA-922E-0BF325D06D0C} - System32\Tasks\{897AFA68-5756-44A4-891D-ACCF123DB3C6} => pcalua.exe -a "C:\Program Files\Yahoo!\Common\uninstall.exe"
Task: {E12FA585-8608-4E8E-9741-1D02ED98A937} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {E9638AC0-D06D-4D29-8DC1-271A0CE617A2} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {F3421401-882C-401C-B69E-222C5C84B78D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA499470-6DCF-4F30-AEC3-470C67AC0735} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Miranda => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2007-07-09 16:39 - 2006-10-26 15:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2007-06-14 04:27 - 2006-11-13 10:07 - 00066560 ____N () C:\Windows\system32\CmdRtr.dll
2007-06-14 04:27 - 2006-11-20 13:29 - 00101376 ____N () C:\Windows\system32\APOMngr.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Nikon Transfer Monitor => "C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe"
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VMM Mode Selection => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-659378098-4020864202-2134437187-500 - Administrator - Disabled)
Darryl (S-1-5-21-659378098-4020864202-2134437187-1003 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-659378098-4020864202-2134437187-501 - Limited - Enabled) => C:\Users\Guest
UpdatusUser (S-1-5-21-659378098-4020864202-2134437187-1009 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2015 11:56:10 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/07/2015 03:38:51 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/07/2015 01:51:42 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/07/2015 11:56:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/05/2015 09:00:08 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/05/2015 06:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HPDiagnosticCoreUI.exe, version 4.6.0.26, time stamp 0x548ef0f2, faulting module sti.dll, version 6.0.6000.16386, time stamp 0x4549bdc8, exception code 0xc0000005, fault offset 0x00014cb2,
process id 0x508, application start time 0xHPDiagnosticCoreUI.exe0.
 
Error: (01/05/2015 06:09:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00027ffd,
process id 0x1cd0, application start time 0xiTunes.exe0.
 
Error: (01/04/2015 09:35:30 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database:  Table(s) Update failed
 
Error: (01/04/2015 06:42:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xd3b66976,
process id 0x11d4, application start time 0xiTunes.exe0.
 
Error: (01/04/2015 06:38:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DARRYL\MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (01/08/2015 11:56:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/07/2015 03:39:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/07/2015 01:52:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/07/2015 00:04:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/06/2015 02:32:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.191.1500.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (01/05/2015 09:00:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/04/2015 09:35:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/04/2015 05:47:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/03/2015 04:52:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332){48F7E3B7-2C8F-4900-AE32-F3D8F29C988D}102
 
Error: (01/03/2015 03:44:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (04/22/2012 08:02:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/14/2010 11:40:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (05/23/2010 08:14:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 413 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (03/12/2010 09:37:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 447 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (02/21/2010 00:06:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 439 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (10/30/2009 07:32:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 897 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (04/23/2009 11:27:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 57580 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (10/13/2008 11:35:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 349 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (02/22/2008 09:05:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/15/2008 04:55:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 92 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-09 11:52:54.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:53.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:52.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:52.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:50.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:49.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:49.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:48.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:08.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-09 11:52:08.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of memory in use: 55%
Total physical RAM: 1981.76 MB
Available physical RAM: 887.17 MB
Total Pagefile: 4210.04 MB
Available Pagefile: 2945.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:49.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 60000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 10 January 2015 - 08:15 AM

Please execute these instructions in the order listed.
Make sure you create a restore poiint as suggested in the Windows repair tool.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    24 - Repair Windows Safe Mode
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1003 -> 629753AF2A534A8C9EFF8E164CA58B1A URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1009 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}
CHR Extension: (Google Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Darryl\AppData\Local\Temp\fwfo.dll
C:\Users\Darryl\AppData\Local\Temp\HPPSdr.exe
C:\Users\Darryl\AppData\Local\Temp\WRFirewallInstall.dll
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\Darryl\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.exe No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.e (the data entry has 10 more characters).
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#7 Kameron Alex

Kameron Alex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 10 January 2015 - 02:36 PM

Thank you so much for your help! It seems to be running smoother for the most part! Boot time is faster that's for sure! I also am experiencing weird issues when trying to play video files and what not I receive this pop-up on Windows Help and Support about the following (at times when trying to do normal operations on the computer it will freeze up and this will come up on Windows Help and Support:
 

What is Data Execution Prevention?

Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

 

 

Also, Windows Update unfortunately is still not working for me to install that same update. Code 65B is the error code for the following update:

 

Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332)
 
Installation date: ‎1/‎10/‎2015 3:05 PM
 
Installation status: Failed
 
Error details: Code 65B
 
Update type: Important
 
This service pack upgrades all Microsoft SQL Server 2005 Express Edition instances and components to Service Pack 4 (SP4). If you need additional installation options, you should download this service pack at the Microsoft Download Center. For more information, see Microsoft Knowledge Base article 2463332.
 

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: DARRYL-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Darryl
Current Profile SID: S-1-5-21-659378098-4020864202-2134437187-1003
Current Profile Classes: S-1-5-21-659378098-4020864202-2134437187-1003_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Darryl\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:07:55
 
Process Count: 81
Commit Total: 1.08 GB
Commit Limit: 4.11 GB
Commit Peak: 1.21 GB
Handle Count: 18187
Kernel Total: 208.70 MB
Kernel Paged: 169.90 MB
Kernel Non Paged: 38.79 MB
System Cache: 1.15 GB
Thread Count: 823
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.94 GB
Memory Used: 915.46 MB(46.1944%)
Memory Avail.: 1.04 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.94 GB
Memory Used: 634.05 MB(31.9942%)
Memory Avail.: 1.32 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/10/2015 1:30:31 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 164
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/10/2015 1:30:32 PM)
   Running Repair Under Current User Account
   Done (1/10/2015 1:30:48 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/10/2015 1:30:48 PM)
   Running Repair Under System Account
   Done (1/10/2015 1:43:54 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/10/2015 1:43:54 PM)
   Running Repair Under System Account
   Done (1/10/2015 1:46:23 PM)
 
03 - Reset Service Permissions
   Start (1/10/2015 1:46:23 PM)
   Running Repair Under System Account
   Done (1/10/2015 1:46:34 PM)
 
04 - Register System Files
   Start (1/10/2015 1:46:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:46:59 PM)
 
05 - Repair WMI
   Start (1/10/2015 1:46:59 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.
 
   Exporting AntiSpyware Info...
   Microsoft Security Essentials Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (1/10/2015 1:51:24 PM)
 
06 - Repair Windows Firewall
   Start (1/10/2015 1:51:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:51:50 PM)
 
07 - Repair Internet Explorer
   Start (1/10/2015 1:51:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:52:14 PM)
 
08 - Repair MDAC/MS Jet
   Start (1/10/2015 1:52:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:52:40 PM)
 
10 - Remove Policies Set By Infections
   Start (1/10/2015 1:52:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:52:46 PM)
 
14 - Remove Temp Files
   Start (1/10/2015 1:52:46 PM)
   Running Repair Under System Account
   Done (1/10/2015 1:52:49 PM)
 
17 - Repair Windows Updates
   Start (1/10/2015 1:52:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/10/2015 1:53:43 PM)
 
21 - Repair MSI (Windows Installer)
   Start (1/10/2015 1:53:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:53:55 PM)
 
24 - Repair Windows Safe Mode
   Start (1/10/2015 1:53:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:53:58 PM)
 
26 - Restore Important Windows Services
   Start (1/10/2015 1:53:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:54:08 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/10/2015 1:54:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 1:54:12 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/10/2015 1:54:13 PM)
   Total Repair Time: 00:23:44
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Darryl at 2015-01-10 14:24:29 Run:1
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl & UpdatusUser (Available profiles: Darryl & UpdatusUser & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1003 -> 629753AF2A534A8C9EFF8E164CA58B1A URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-659378098-4020864202-2134437187-1009 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
CHR Extension: (Google Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Darryl\AppData\Local\Temp\fwfo.dll
C:\Users\Darryl\AppData\Local\Temp\HPPSdr.exe
C:\Users\Darryl\AppData\Local\Temp\WRFirewallInstall.dll
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Darryl\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\Darryl\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.exe No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File
CustomCLSID: HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.e (the data entry has 10 more characters).
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-659378098-4020864202-2134437187-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-659378098-4020864202-2134437187-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\629753AF2A534A8C9EFF8E164CA58B1A" => Key deleted successfully.
HKCR\CLSID\629753AF2A534A8C9EFF8E164CA58B1A => Key not found. 
HKU\S-1-5-21-659378098-4020864202-2134437187-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
"HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => Key not found. 
Chrome DefaultSearchURL deleted successfully.
C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
ACDaemon => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
blbdrive => Service deleted successfully.
EagleNT => Service deleted successfully.
IpInIp => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"C:\Users\Darryl\AppData\Local\Temp\fwfo.dll" => File/Directory not found.
"C:\Users\Darryl\AppData\Local\Temp\HPPSdr.exe" => File/Directory not found.
"C:\Users\Darryl\AppData\Local\Temp\WRFirewallInstall.dll" => File/Directory not found.
"HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}" => Key deleted successfully.
"HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}" => Key deleted successfully.
"HKU\S-1-5-21-659378098-4020864202-2134437187-1003_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9}" => Key deleted successfully.
HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3} => Key not found. 
HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3} => Key not found. 
HKU\S-1-5-21-659378098-4020864202-2134437187-1009_Classes\CLSID\{d0a0ed0a-55ac-4469-a197-1d08ce99cfb9} => Key not found. 
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found. 
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:25:06 ====

Edited by Kameron Alex, 10 January 2015 - 03:11 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 11 January 2015 - 08:59 AM



Download and install this Microsoft SQL Server 2005 Express Edition is a free, easy-to-use, lightweight version of SQL Server 2005.

http://www.microsoft.com/en-us/download/details.aspx?id=184

Follow the instructions on the page.
===

when trying to play video files and what not I receive this pop-up on Windows Help and Support

Are you using iTune to see these video?

I notice that this application is disabled.
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

Run msconfig and enable it.

If you still have problems with it Re-install the application.

Refer to this page.
http://support.apple.com/en-ca/HT1923

===

Any remaining issues?

#9 Kameron Alex

Kameron Alex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 11 January 2015 - 02:17 PM

Thank you again for all your help! Seems to be working great! I just hope that my windows update is working properly and can install future updates! Thank you again!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 12 January 2015 - 07:46 AM

One last check.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#11 Kameron Alex

Kameron Alex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 12 January 2015 - 09:12 AM

Thanks again for all your help! Things are running smoothly!

 

 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials     
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 CCleaner     
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome 37.0.2062.120 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 12 January 2015 - 02:18 PM

You have the latest Java version for you 64 bit operating system.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,265 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 18 January 2015 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users