Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 keeps showing up on scan, weird things happening.


  • This topic is locked This topic is locked
18 replies to this topic

#1 chrislbrown

chrislbrown

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 06 January 2015 - 10:55 AM

Hi and Happy New Year.

 

I have tried to avoid coming back here, tried to be careful with my laptop and scan/clean it regularly.  Yet, there is something that quite possibly was embedded before I got this machine that is recurring.

 

I have noticed that my antivirus software keeps notating that there is a .tmp file infected with Trojan.Gen.2.  The file name begins with DWH, and then has 3 or 4 random numbers behind it.  98% of the time the file is quarantined.  Sometimes the file is labeled "access denied."  Also, my boot time is elongated, and strange things happen from time to time with my browsing, like a known. trusted site will not accept my login or I won't be able to navigate to a site at all or there is a pregnant delay before taking me to a site.

 

So, I would like to check and see if there is a remnant of a hijack on this machine, and then get rid of it.

 

Here is the DDS file; the other file is attached.  Thanks in advance!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by owner at 10:36:00 on 2015-01-06
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2991.488 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDA.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\TSWbPrxy.exe
C:\Windows\system32\wksprt.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe,
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [CAHeadless] c:\program files\adobe\elements 10 organizer\caheadless\ElementsAutoAnalyzer.exe
uRun: [SkyDrive] "c:\users\owner\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX210 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifda.exe /fu "c:\windows\temp\E_S42CB.tmp" /EF "HKCU"
uRun: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Connection Manager.exe] <no file>
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
TCP: NameServer = 10.7.0.82
TCP: Interfaces\{2D516247-9836-4A2E-BE63-6C9BB93B258A} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{44500478-B938-4681-8BED-7C5759B31FA3} : DHCPNameServer = 205.152.37.23 205.152.32.23
TCP: Interfaces\{4CF6CF12-6F57-4C5B-9FA0-6316813A8B7D} : DHCPNameServer = 10.7.0.82
TCP: Interfaces\{4CF6CF12-6F57-4C5B-9FA0-6316813A8B7D}\14C4548575942554C4543535 : DHCPNameServer = 10.10.74.12 10.10.10.198
TCP: Interfaces\{4CF6CF12-6F57-4C5B-9FA0-6316813A8B7D}\25146554E435022697022303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4CF6CF12-6F57-4C5B-9FA0-6316813A8B7D}\359746E65697370274D616 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{4CF6CF12-6F57-4C5B-9FA0-6316813A8B7D}\36862796372627166756E6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{DCA46B3F-77FB-4EFF-A15D-DB665CA0CDCD} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E82ABDEA-B9E1-4D1F-A360-156F7518C261} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-11-11 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-11 13256]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-4 214024]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-11-11 40088]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-11-3 81920]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2011-8-17 133176]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2013-11-4 92160]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-11-19 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-11-11 277096]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-11-4 297984]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2012-4-25 26496]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-11-3 635416]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2014-7-18 113264]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2014-10-16 65657]
R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2009-12-3 82760]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-8-10 1839888]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-4 2320920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-3 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-11-3 228408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2014-7-18 266408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-29 111408]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2014-7-11 7517696]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-3 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-3 48640]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-3 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-3 38912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\40.0.2214.44\remoting_host.exe [2014-12-15 56648]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-9 362040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-10 102912]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-4 110296]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-11-4 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-11-4 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-11-4 34248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2013-3-26 26240]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\netw5s32.sys [2010-1-13 6755840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-5-6 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2015-01-06 14:44:18 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{69df150e-d0a4-44fc-9b42-1d5c6cb36f72}\offreg.dll
2015-01-06 13:12:08 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{69df150e-d0a4-44fc-9b42-1d5c6cb36f72}\mpengine.dll
2014-12-31 16:56:22 -------- d-----w- c:\programdata\Canon IJ Network Tool
2014-12-31 16:56:15 321536 ----a-w- c:\windows\system32\CNC_C2L.dll
2014-12-31 16:56:15 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-12-31 16:56:10 -------- d--h--w- c:\programdata\CanonIJFAX
2014-12-31 16:23:43 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2014-12-31 16:16:39 -------- d--h--w- c:\programdata\CanonIJQuickMenu
2014-12-31 16:08:33 -------- d-sh--w- C:\found.001
2014-12-31 04:14:11 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2014-12-31 04:14:11 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2014-12-31 04:14:11 -------- d-----w- c:\windows\system32\STRING
2014-12-31 04:12:25 -------- d-----w- c:\programdata\CanonIJWSpt
2014-12-31 04:06:52 87040 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPC2.DLL
2014-12-31 04:06:52 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDC2.DLL
2014-12-31 04:06:37 318464 ----a-w- c:\windows\system32\CNMLMC2.DLL
2014-12-31 04:06:31 258560 ----a-w- c:\windows\system32\CNCALC2.DLL
2014-12-31 03:51:56 -------- d-----w- c:\programdata\CanonIJPLM
2014-12-31 03:43:25 -------- d--h--w- c:\programdata\CanonIJETV
2014-12-31 03:42:48 -------- d-----w- c:\program files\Canon
2014-12-18 17:40:56 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-11 17:41:39 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 13:08:24 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 13:08:23 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 13:08:23 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-11 13:08:23 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 13:08:23 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 01:03:58 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-11 01:03:42 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-11 01:03:41 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 01:03:41 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-11 01:03:41 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 01:03:41 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-11 01:03:41 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
.
==================== Find3M  ====================
.
2014-12-15 10:50:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-15 10:50:09 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-04 04:38:59 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38:40 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38:37 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38:36 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:38:36 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:34:13 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28:26 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-24 19:04:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-10-31 18:40:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:36:56.73 ===============
 


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 07 January 2015 - 05:06 PM

Hey my friend, :)

Can you give me please the file path of the file it detects as Malware?

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 08 January 2015 - 12:41 AM

Mach Daddy.  Daddy Mach!

(google "Kriss Kross" for an explanation.")

 

Thanks for helping!  This is a great service and aid!

 

The repeated directory for these found files is:

 

C:\Users\owner\AppData\Local\Temp\

 

Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by owner (administrator) on OWNER-PC on 07-01-2015 22:55:53
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Smith Micro Software, Inc.) C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDA.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(InterVideo Inc.) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wksprt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2014-07-18] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Connection Manager.exe] =>  ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe unch Buttons\QlbCtrl.exe /Start                                                                                                                              (the data entry has 824 more characters).
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] ()
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115624 2011-08-10] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2014-07-18] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2944056 2011-08-17] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [SkyDrive] => C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-15] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [EPSON NX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\MountPoints2: {88ce6051-fbdf-11e3-9f19-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> {509DF653-7784-48BC-A777-64CB7F160FCF} URL = https://www.google.com/search?q={searchTerms}
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-07-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-30]
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-06]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Cast) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-06]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-15]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-09-15]
CHR Extension: (Google Calendar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-06]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-15]
CHR Extension: (Planner 5D) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-12-01]
CHR Extension: (Sniper Team) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-09-15]
CHR Extension: (Kickoff) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\heelhmibbjlnankkkmcdgbmcepajmddl [2014-09-15]
CHR Extension: (Marvel Comics) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-09-18]
CHR Extension: (Vimeo Couch Mode) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-27]
CHR Extension: (Google Keep - notes and lists) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-15]
CHR Extension: (Murder Files) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-09-27]
CHR Extension: (Motorola Connect) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-11-29]
CHR Extension: (Google Maps) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-09-06]
CHR Extension: (Google Play Books) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-09-15]
CHR Extension: (OneDrive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-15]
CHR Extension: (Edge: The Web Ruler) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njlkegdphefeellhaongiopcfgcinikh [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-11-29]
CHR Extension: (Tv Online) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2014-09-15]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [133176 2011-08-17] (Hewlett-Packard Company)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2009-11-19] (Hewlett-Packard)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-04] (Hewlett-Packard) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-03-16] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1893840 2011-08-10] (Symantec Corporation)
R2 SMManager; C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2009-12-03] (Smith Micro Software, Inc.)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357792 2011-08-10] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2014-07-18] (IDT, Inc.)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839888 2011-08-10] (Symantec Corporation)
S2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-18] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2014-07-11] (Intel Corporation)
S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110520 2009-11-11] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-08-10] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [287352 2011-08-10] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [321016 2011-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43768 2011-08-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2013-08-20] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [99744 2011-08-10] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67520 2011-08-10] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43936 2011-08-10] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 22:55 - 2015-01-07 22:57 - 00032094 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-07 22:55 - 2015-01-07 22:56 - 00000000 ____D () C:\FRST
2015-01-07 22:24 - 2015-01-07 22:24 - 01115648 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2015-01-06 10:37 - 2015-01-06 10:54 - 00015487 _____ () C:\Users\owner\Desktop\attach.txt
2015-01-06 10:37 - 2015-01-06 10:36 - 00026280 _____ () C:\Users\owner\Desktop\dds.txt
2015-01-06 10:33 - 2015-01-06 10:33 - 00002853 _____ () C:\Users\owner\Desktop\dds - Shortcut.pif
2015-01-06 10:30 - 2015-01-06 10:30 - 00688992 ____R (Swearware) C:\Users\owner\Downloads\dds.com
2015-01-04 00:20 - 2015-01-04 00:21 - 00021011 _____ () C:\Users\owner\Downloads\B6evEmmIUAAk7Ss.jpg-large
2015-01-03 19:14 - 2015-01-03 19:14 - 00000165 ____H () C:\Users\owner\Documents\~$likearavenCURR2b.pptx
2015-01-02 16:23 - 2015-01-02 16:23 - 00000000 _____ () C:\t1l0.2
2015-01-02 16:20 - 2015-01-02 17:06 - 00415744 _____ () C:\Users\owner\Documents\newyearscard.pub
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-12-31 11:56 - 2013-06-20 14:42 - 00321536 _____ (CANON INC.) C:\Windows\system32\CNC_C2L.dll
2014-12-31 11:56 - 2013-06-13 14:10 - 00093184 _____ () C:\Windows\system32\CNC1774D.TBL
2014-12-31 11:56 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-12-31 11:35 - 2014-12-31 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series User Registration
2014-12-31 11:23 - 2014-12-31 11:23 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-12-31 11:18 - 2015-01-06 08:09 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForowner.job
2014-12-31 11:17 - 2015-01-07 14:51 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Canon
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-12-31 11:08 - 2014-12-31 11:08 - 00000000 __SHD () C:\found.001
2014-12-30 23:14 - 2014-12-30 23:14 - 00000000 ____D () C:\Windows\system32\STRING
2014-12-30 23:14 - 2013-06-13 03:43 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-12-30 23:14 - 2013-06-13 03:43 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-12-30 23:12 - 2014-12-30 23:12 - 00001971 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-12-30 23:12 - 2014-12-30 23:12 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-12-30 23:07 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-30 23:07 - 2014-12-30 23:07 - 00002304 _____ () C:\Users\Public\Desktop\Canon MX470 series On-screen Manual.lnk
2014-12-30 23:07 - 2014-12-30 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series Manual
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-12-30 23:06 - 2013-09-25 05:00 - 00258560 _____ (CANON INC.) C:\Windows\system32\CNCALC2.DLL
2014-12-30 23:06 - 2013-09-12 05:00 - 00318464 _____ (CANON INC.) C:\Windows\system32\CNMLMC2.DLL
2014-12-30 22:51 - 2015-01-01 19:23 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-30 22:43 - 2014-12-30 22:43 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-12-30 22:42 - 2014-12-31 11:56 - 00000000 ____D () C:\Program Files\Canon
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.2
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.1
2014-12-24 20:30 - 2014-12-24 22:25 - 03030136 _____ () C:\Users\owner\Documents\SydneySTnick.pptx
2014-12-24 20:30 - 2014-12-24 20:30 - 00000165 ____H () C:\Users\owner\Documents\~$SydneySTnick.pptx
2014-12-23 10:32 - 2015-01-02 16:19 - 00283648 _____ () C:\Users\owner\Documents\12days.pub
2014-12-22 15:43 - 2014-12-22 15:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-12-18 12:40 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 10:27 - 2014-12-17 10:27 - 09328128 _____ () C:\Users\owner\Documents\tonyaback.pub
2014-12-12 13:19 - 2014-12-12 13:19 - 04002483 _____ () C:\Users\owner\Documents\likearavenCURR2b.pptx
2014-12-11 12:41 - 2014-12-11 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 08:08 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 08:08 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 08:08 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 08:08 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 08:08 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 20:04 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 20:04 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 20:04 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 20:04 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 20:04 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 20:04 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 20:04 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 20:04 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 20:04 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 20:04 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 20:04 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 20:04 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 20:04 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 20:04 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 20:04 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 20:04 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 20:04 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 20:04 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 20:04 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 20:04 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 20:04 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 20:04 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 20:04 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 20:04 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 20:04 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 20:04 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 20:04 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 20:04 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 20:04 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 20:04 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 20:04 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 20:04 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 20:04 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 20:03 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 20:03 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 20:03 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 20:03 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-08 14:14 - 2014-12-08 14:14 - 03584512 _____ () C:\Users\owner\Documents\RavensPtSheetblank.pub
2014-12-08 14:13 - 2014-12-08 14:13 - 05013504 _____ () C:\Users\owner\Documents\RavensPtSheet.pub
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 22:56 - 2010-11-03 17:00 - 01411778 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 22:55 - 2014-07-30 09:26 - 00321024 ___SH () C:\Users\owner\Desktop\Thumbs.db
2015-01-07 22:43 - 2014-07-02 07:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 22:32 - 2014-07-29 00:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 22:30 - 2014-09-15 19:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002UA.job
2015-01-07 14:43 - 2014-09-15 19:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002Core.job
2015-01-07 14:43 - 2014-07-02 07:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 13:04 - 2014-11-08 21:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2015-01-06 09:32 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-06 08:13 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 08:13 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 08:08 - 2010-11-03 17:16 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 08:06 - 2014-07-09 04:14 - 00000000 ___RD () C:\Users\owner\OneDrive
2015-01-06 08:02 - 2014-10-16 11:28 - 00000000 ____D () C:\Temp
2015-01-06 08:02 - 2010-11-03 19:09 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-01-06 08:01 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 08:01 - 2009-07-13 23:39 - 00043834 _____ () C:\Windows\setupact.log
2015-01-03 16:53 - 2014-11-05 07:41 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2015-01-03 14:00 - 2014-07-24 19:23 - 00000000 ____D () C:\Users\owner\Documents\My PSP8 Files
2015-01-01 19:28 - 2014-07-09 14:52 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-01-01 19:27 - 2014-07-11 00:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-01 18:19 - 2014-11-08 21:29 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 18:18 - 2014-11-08 21:30 - 00000000 ___RD () C:\Program Files\Skype
2014-12-31 11:56 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-12-31 11:56 - 2009-07-13 21:37 - 00000000 __RSD () C:\Windows\Media
2014-12-31 11:26 - 2013-07-01 12:07 - 00000000 ____D () C:\Users\owner
2014-12-31 11:10 - 2013-08-20 08:48 - 00033312 _____ () C:\Windows\PFRO.log
2014-12-30 17:39 - 2014-07-24 19:30 - 00267776 ___SH () C:\Users\owner\Documents\Thumbs.db
2014-12-22 20:07 - 2014-07-02 07:07 - 00000000 ____D () C:\Program Files\Google
2014-12-20 11:38 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-15 05:50 - 2014-08-15 07:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-12-15 05:50 - 2014-07-29 00:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-15 05:50 - 2014-07-29 00:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 13:49 - 2014-07-02 07:08 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 12:13 - 2014-07-19 05:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 04:05 - 2014-12-05 09:49 - 00000000 ____D () C:\Users\owner\.instagiffer
2014-12-11 12:41 - 2014-07-03 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 12:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 08:12 - 2013-08-20 07:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 08:03 - 2014-07-03 00:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 06:13 - 2014-07-03 00:47 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:06 - 2013-07-01 12:08 - 00000000 ____D () C:\Users\owner\Documents\Bluetooth Exchange Folder
2014-12-08 15:12 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\owner\AppData\Local\Temp\Extract.exe
C:\Users\owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\owner\AppData\Local\Temp\ose00000.exe
C:\Users\owner\AppData\Local\Temp\Quarantine.exe
C:\Users\owner\AppData\Local\Temp\readSTILog.dll
C:\Users\owner\AppData\Local\Temp\SP46775.exe
C:\Users\owner\AppData\Local\Temp\SP47594.exe
C:\Users\owner\AppData\Local\Temp\SP49415.exe
C:\Users\owner\AppData\Local\Temp\SP50589.exe
C:\Users\owner\AppData\Local\Temp\SP52264.exe
C:\Users\owner\AppData\Local\Temp\SP52308.exe
C:\Users\owner\AppData\Local\Temp\SP53795.exe
C:\Users\owner\AppData\Local\Temp\SP53806.exe
C:\Users\owner\AppData\Local\Temp\SP54342.exe
C:\Users\owner\AppData\Local\Temp\SP54841.exe
C:\Users\owner\AppData\Local\Temp\SP56391.exe
C:\Users\owner\AppData\Local\Temp\SP57275.exe
C:\Users\owner\AppData\Local\Temp\SP58782.exe
C:\Users\owner\AppData\Local\Temp\sp58915.exe
C:\Users\owner\AppData\Local\Temp\SP60799.exe
C:\Users\owner\AppData\Local\Temp\sp64126.exe
C:\Users\owner\AppData\Local\Temp\SP67212.exe
C:\Users\owner\AppData\Local\Temp\uninstall.exe
C:\Users\owner\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\owner\AppData\Local\Temp\UninstallHPTCA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 21:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by owner at 2015-01-07 22:57:46
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX470 series User Registration (HKLM\...\Canon MX470 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
Chrome Remote Desktop Host (HKLM\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.4 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 5.0.2.10 - Hewlett-Packard)
Elements 10 Organizer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX210 Series Printer Uninstall (HKLM\...\EPSON NX210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Business Card Reader (HKLM\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard)
HP Client Automation Agent Preload  (HKLM\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM\...\{E40415F9-FF9F-4EDA-993D-C137D1C8D90E}) (Version: 3.1.1 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{871732B3-1EE5-4C54-8462-8BFF516880B7}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{A5B6BF56-E9FF-4216-BCDC-4B49F58A5782}) (Version: 2.0.5.1 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{DC80F597-39DD-4C32-923E-EDF332E02820}) (Version: 1.0.5.74 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.13.766 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (HKLM\...\{518C838E-A21C-40BE-B844-648040C2491D}) (Version: 4.0.2.4 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Instagiffer version 1.56 (HKLM\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.56 - Justin Todd)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}) (Version: 13.01.1000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo WinDVD 7 (HKLM\...\{90885A82-9673-49EA-AB39-AF776639C67C}) (Version: 7.0-B27.130 - InterVideo Inc.)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.101 - Symantec Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{98BCAD50-58AE-4EDD-9BBA-388B221E750B}) (Version: 5.01.728 - Hewlett-Packard)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SDK (Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sports Dood (HKLM\...\com.sportsdood.desktop) (Version: 1.6 - UNKNOWN)
Sports Dood (Version: 1.6 - UNKNOWN) Hidden
Symantec Endpoint Protection (HKLM\...\{AAE221D5-C3DD-4FE2-A063-C1368FE730A5}) (Version: 11.0.6300.803 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.18 - Hewlett-Packard) Hidden
Validity Fingerprint Driver (HKLM\...\{78365FC6-09CA-4AC3-BC01-70FB46596047}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-12-2014 06:17:15 Windows Update
27-12-2014 22:28:58 Windows Update
02-01-2015 15:04:30 Windows Update
06-01-2015 08:11:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E78D56D-687F-4719-AD6C-84477667E722} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {10EBD136-D80C-4B31-B3D8-6657F4C77CBE} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1A54F39B-075B-416D-ABB0-0D369688C401} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {24D6BE11-BB62-43D4-A0C8-5F50339B78B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {2F55F0DB-CCCC-45EE-95CD-45F4F70716F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {41392328-2C8D-4BB1-B240-4599EAF8AB91} - System32\Tasks\HPCeeScheduleForowner => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {48B0ED48-D291-49B0-81C2-10A52091753F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)
Task: {57B84609-A74D-452B-9696-EE8189E176FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {918FACE2-3DC4-41D3-95CE-57A23723743A} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A410C841-A8DA-43E4-900E-D9114ECA0067} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BB6080DE-D3B5-499F-8AAD-48DB73ECC9A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)
Task: {C1829F8E-37EF-4C0C-AA0D-BE9A3E164154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D1E5F57C-6E2A-49EF-8B04-083CA036E845} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D3E5B848-B943-4D48-8052-0A6F90120D0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {E8C8F160-50E7-4E0A-9557-C14E83EFAACA} - System32\Tasks\AdobeAAMUpdater-1.0-owner-PC-owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {FFD32A19-E356-4B23-BD7B-61B3B834849D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002Core.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002UA.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForowner.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-04-20 07:10 - 2010-04-20 07:10 - 00079360 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-12-31 11:04 - 2013-06-28 01:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2009-12-03 03:01 - 2009-12-03 03:01 - 00168280 _____ () C:\Program Files\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2009-11-09 13:52 - 2009-11-09 13:52 - 00329272 _____ () C:\Windows\system32\flcdlmsg.dll
2009-11-19 17:11 - 2009-11-19 17:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-11-19 17:11 - 2009-11-19 17:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-21 09:12 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-11-21 09:12 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-04 14:43 - 2009-09-04 14:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-25 11:11 - 2014-09-25 11:11 - 00081056 _____ () C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-07-18 01:03 - 2011-08-01 10:02 - 00886272 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-12 13:49 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 13:49 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 13:49 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 13:49 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 13:49 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\owner\Desktop\ChildrenOfTheDay_Session2.avi:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1970657634-2418185239-2281329684-500 - Administrator - Disabled)
Guest (S-1-5-21-1970657634-2418185239-2281329684-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1970657634-2418185239-2281329684-1008 - Limited - Enabled)
owner (S-1-5-21-1970657634-2418185239-2281329684-1002 - Administrator - Enabled) => C:\Users\owner
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 09:04:52 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
 
Error: (01/07/2015 11:48:42 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHF9C5.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:45:50 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHED46.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:42:33 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHCDC4.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:39:09 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHA375.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:36:45 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH7D0E.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:36:22 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH6604.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:35:57 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH55FD.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:32:58 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH352B.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:32:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH2533.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
 
System errors:
=============
Error: (01/07/2015 10:34:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HP-6930P
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CF6CF12-6F57-4C5B-9FA0-6316813A8.
The master browser is stopping or an election is being forced.
 
Error: (01/07/2015 10:22:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HP-6930P
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CF6CF12-6F57-4C5B-9FA0-6316813A8.
The master browser is stopping or an election is being forced.
 
Error: (01/07/2015 10:10:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HP-6930P
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CF6CF12-6F57-4C5B-9FA0-6316813A8.
The master browser is stopping or an election is being forced.
 
Error: (01/07/2015 09:58:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HP-6930P
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CF6CF12-6F57-4C5B-9FA0-6316813A8.
The master browser is stopping or an election is being forced.
 
Error: (01/07/2015 09:09:57 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (01/07/2015 09:09:55 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (01/07/2015 09:08:20 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (01/07/2015 09:08:20 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (01/07/2015 09:08:19 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (01/07/2015 09:08:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2015 09:04:52 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
 
Error: (01/07/2015 11:48:42 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHF9C5.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:45:50 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHED46.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:42:33 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHCDC4.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:39:09 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWHA375.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:36:45 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH7D0E.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:36:22 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH6604.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:35:57 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH55FD.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:32:58 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH352B.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/07/2015 11:32:17 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\owner\AppData\Local\Temp\DWH2533.tmp by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 2991.38 MB
Available physical RAM: 619.65 MB
Total Pagefile: 6472.45 MB
Available Pagefile: 2139.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:228.59 GB) (Free:105.19 GB) NTFS
Drive d: (CANON_IJ) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.39 GB) (Free:0.65 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4816BA3C)
Partition 1: (Active) - (Size=284 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=228.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 08 January 2015 - 10:57 AM

Hey my friend, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 09 January 2015 - 10:03 AM

Hey 007,

 

OK. Got all of the work done except MalwareBytes.  I already had a version of that downloaded which was expired.  I could not run this new one.  Suggestions?

 

Logs are posted in order.  Thank you.

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 09:06:10
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
File Deleted : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2626 octets] - [04/07/2014 08:45:50]
AdwCleaner[R1].txt - [1405 octets] - [09/01/2015 09:00:35]
AdwCleaner[S0].txt - [2727 octets] - [04/07/2014 08:49:14]
AdwCleaner[S1].txt - [1336 octets] - [09/01/2015 09:06:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1396 octets] ##########
 
# AdwCleaner v4.107 - Report created 09/01/2015 at 09:00:35
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2626 octets] - [04/07/2014 08:45:50]
AdwCleaner[R1].txt - [1205 octets] - [09/01/2015 09:00:35]
AdwCleaner[S0].txt - [2727 octets] - [04/07/2014 08:49:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1325 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by owner on Fri 01/09/2015 at  9:37:09.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/09/2015 at  9:39:14.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by owner (administrator) on OWNER-PC on 09-01-2015 09:42:02
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Smith Micro Software, Inc.) C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2014-07-18] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Connection Manager.exe] =>  ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe unch Buttons\QlbCtrl.exe /Start                                                                                                                              (the data entry has 824 more characters).
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] ()
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115624 2011-08-10] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2014-07-18] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2944056 2011-08-17] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [SkyDrive] => C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-15] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [EPSON NX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\MountPoints2: {88ce6051-fbdf-11e3-9f19-806e6f6e6963} - D:\Msetup4.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> {509DF653-7784-48BC-A777-64CB7F160FCF} URL = https://www.google.com/search?q={searchTerms}
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 10.7.0.82
 
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-07-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-30]
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-06]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Cast) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-06]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-15]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-01-09]
CHR Extension: (Google Calendar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-06]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-15]
CHR Extension: (Planner 5D) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-12-01]
CHR Extension: (Sniper Team) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-09-15]
CHR Extension: (Kickoff) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\heelhmibbjlnankkkmcdgbmcepajmddl [2014-09-15]
CHR Extension: (Marvel Comics) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-09-18]
CHR Extension: (Vimeo Couch Mode) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-27]
CHR Extension: (Google Keep - notes and lists) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-15]
CHR Extension: (Murder Files) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-09-27]
CHR Extension: (Motorola Connect) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-11-29]
CHR Extension: (Google Maps) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-09-06]
CHR Extension: (Google Play Books) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-09-15]
CHR Extension: (OneDrive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-15]
CHR Extension: (Edge: The Web Ruler) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njlkegdphefeellhaongiopcfgcinikh [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-11-29]
CHR Extension: (Tv Online) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2014-09-15]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [133176 2011-08-17] (Hewlett-Packard Company)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2009-11-19] (Hewlett-Packard)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-04] (Hewlett-Packard) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-03-16] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1893840 2011-08-10] (Symantec Corporation)
R2 SMManager; C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2009-12-03] (Smith Micro Software, Inc.)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357792 2011-08-10] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2014-07-18] (IDT, Inc.)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839888 2011-08-10] (Symantec Corporation)
S2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-09] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2014-07-11] (Intel Corporation)
S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110520 2009-11-11] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-08-10] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [287352 2011-08-10] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [321016 2011-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43768 2011-08-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2013-08-20] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [99744 2011-08-10] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67520 2011-08-10] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43936 2011-08-10] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 09:39 - 2015-01-09 09:39 - 00000931 _____ () C:\Users\owner\Desktop\JRT.txt
2015-01-09 09:37 - 2015-01-09 09:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 09:35 - 2015-01-09 09:35 - 01707939 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe
2015-01-09 09:27 - 2015-01-09 09:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-09 08:51 - 2015-01-09 08:51 - 02191360 _____ () C:\Users\owner\Desktop\AdwCleaner.exe
2015-01-07 22:57 - 2015-01-07 22:59 - 00040304 _____ () C:\Users\owner\Desktop\Addition.txt
2015-01-07 22:55 - 2015-01-09 09:42 - 00031396 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-07 22:55 - 2015-01-09 09:42 - 00000000 ____D () C:\FRST
2015-01-07 22:24 - 2015-01-07 22:24 - 01115648 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2015-01-06 10:37 - 2015-01-06 10:54 - 00015487 _____ () C:\Users\owner\Desktop\attach.txt
2015-01-06 10:37 - 2015-01-06 10:36 - 00026280 _____ () C:\Users\owner\Desktop\dds.txt
2015-01-06 10:33 - 2015-01-06 10:33 - 00002853 _____ () C:\Users\owner\Desktop\dds - Shortcut.pif
2015-01-06 10:30 - 2015-01-06 10:30 - 00688992 ____R (Swearware) C:\Users\owner\Downloads\dds.com
2015-01-04 00:20 - 2015-01-04 00:21 - 00021011 _____ () C:\Users\owner\Downloads\B6evEmmIUAAk7Ss.jpg-large
2015-01-03 19:14 - 2015-01-03 19:14 - 00000165 ____H () C:\Users\owner\Documents\~$likearavenCURR2b.pptx
2015-01-02 16:23 - 2015-01-02 16:23 - 00000000 _____ () C:\t1l0.2
2015-01-02 16:20 - 2015-01-02 17:06 - 00415744 _____ () C:\Users\owner\Documents\newyearscard.pub
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-12-31 11:56 - 2013-06-20 14:42 - 00321536 _____ (CANON INC.) C:\Windows\system32\CNC_C2L.dll
2014-12-31 11:56 - 2013-06-13 14:10 - 00093184 _____ () C:\Windows\system32\CNC1774D.TBL
2014-12-31 11:56 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-12-31 11:35 - 2014-12-31 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series User Registration
2014-12-31 11:23 - 2014-12-31 11:23 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-12-31 11:18 - 2015-01-09 09:16 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForowner.job
2014-12-31 11:17 - 2015-01-07 14:51 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Canon
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-12-31 11:08 - 2014-12-31 11:08 - 00000000 __SHD () C:\found.001
2014-12-30 23:14 - 2014-12-30 23:14 - 00000000 ____D () C:\Windows\system32\STRING
2014-12-30 23:14 - 2013-06-13 03:43 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-12-30 23:14 - 2013-06-13 03:43 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-12-30 23:12 - 2014-12-30 23:12 - 00001971 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-12-30 23:12 - 2014-12-30 23:12 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-12-30 23:07 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-30 23:07 - 2014-12-30 23:07 - 00002304 _____ () C:\Users\Public\Desktop\Canon MX470 series On-screen Manual.lnk
2014-12-30 23:07 - 2014-12-30 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series Manual
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-12-30 23:06 - 2013-09-25 05:00 - 00258560 _____ (CANON INC.) C:\Windows\system32\CNCALC2.DLL
2014-12-30 23:06 - 2013-09-12 05:00 - 00318464 _____ (CANON INC.) C:\Windows\system32\CNMLMC2.DLL
2014-12-30 22:51 - 2015-01-01 19:23 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-30 22:43 - 2014-12-30 22:43 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-12-30 22:42 - 2014-12-31 11:56 - 00000000 ____D () C:\Program Files\Canon
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.2
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.1
2014-12-24 20:30 - 2014-12-24 22:25 - 03030136 _____ () C:\Users\owner\Documents\SydneySTnick.pptx
2014-12-24 20:30 - 2014-12-24 20:30 - 00000165 ____H () C:\Users\owner\Documents\~$SydneySTnick.pptx
2014-12-23 10:32 - 2015-01-02 16:19 - 00283648 _____ () C:\Users\owner\Documents\12days.pub
2014-12-22 15:43 - 2014-12-22 15:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-12-18 12:40 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 10:27 - 2014-12-17 10:27 - 09328128 _____ () C:\Users\owner\Documents\tonyaback.pub
2014-12-12 13:19 - 2014-12-12 13:19 - 04002483 _____ () C:\Users\owner\Documents\likearavenCURR2b.pptx
2014-12-11 12:41 - 2014-12-11 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 08:08 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 08:08 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 08:08 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 08:08 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 08:08 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 20:04 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 20:04 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 20:04 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 20:04 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 20:04 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 20:04 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 20:04 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 20:04 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 20:04 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 20:04 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 20:04 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 20:04 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 20:04 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 20:04 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 20:04 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 20:04 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 20:04 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 20:04 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 20:04 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 20:04 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 20:04 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 20:04 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 20:04 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 20:04 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 20:04 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 20:04 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 20:04 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 20:04 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 20:04 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 20:04 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 20:04 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 20:04 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 20:04 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 20:04 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 20:03 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 20:03 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 20:03 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 20:03 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 20:03 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 09:43 - 2014-07-02 07:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 09:38 - 2014-07-30 09:26 - 00321024 ___SH () C:\Users\owner\Desktop\Thumbs.db
2015-01-09 09:32 - 2014-07-29 00:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 09:32 - 2014-07-04 11:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 09:31 - 2014-07-04 11:23 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-09 09:31 - 2014-07-04 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 09:31 - 2014-07-04 11:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-09 09:30 - 2014-09-15 19:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002UA.job
2015-01-09 09:24 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:24 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:23 - 2014-07-09 04:14 - 00000000 ___RD () C:\Users\owner\OneDrive
2015-01-09 09:23 - 2010-11-03 17:16 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 09:20 - 2014-10-16 11:28 - 00000000 ____D () C:\Temp
2015-01-09 09:20 - 2014-07-02 07:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 09:20 - 2010-11-03 17:00 - 01445164 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 09:16 - 2010-11-03 19:09 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-01-09 09:16 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 09:16 - 2009-07-13 23:39 - 00043890 _____ () C:\Windows\setupact.log
2015-01-09 09:15 - 2013-08-20 08:48 - 00033618 _____ () C:\Windows\PFRO.log
2015-01-09 09:06 - 2014-07-04 08:45 - 00000000 ____D () C:\AdwCleaner
2015-01-08 23:29 - 2014-07-09 14:52 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-01-08 14:30 - 2014-09-15 19:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002Core.job
2015-01-08 14:20 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-07 13:04 - 2014-11-08 21:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2015-01-03 16:53 - 2014-11-05 07:41 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2015-01-03 14:00 - 2014-07-24 19:23 - 00000000 ____D () C:\Users\owner\Documents\My PSP8 Files
2015-01-01 19:27 - 2014-07-11 00:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-01 18:19 - 2014-11-08 21:29 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 18:18 - 2014-11-08 21:30 - 00000000 ___RD () C:\Program Files\Skype
2014-12-31 11:56 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-12-31 11:56 - 2009-07-13 21:37 - 00000000 __RSD () C:\Windows\Media
2014-12-31 11:26 - 2013-07-01 12:07 - 00000000 ____D () C:\Users\owner
2014-12-30 17:39 - 2014-07-24 19:30 - 00267776 ___SH () C:\Users\owner\Documents\Thumbs.db
2014-12-22 20:07 - 2014-07-02 07:07 - 00000000 ____D () C:\Program Files\Google
2014-12-20 11:38 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-15 05:50 - 2014-08-15 07:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-12-15 05:50 - 2014-07-29 00:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-15 05:50 - 2014-07-29 00:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 13:49 - 2014-07-02 07:08 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 12:13 - 2014-07-19 05:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 04:05 - 2014-12-05 09:49 - 00000000 ____D () C:\Users\owner\.instagiffer
2014-12-11 12:41 - 2014-07-03 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 12:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 08:12 - 2013-08-20 07:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 08:03 - 2014-07-03 00:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 06:13 - 2014-07-03 00:47 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:06 - 2013-07-01 12:08 - 00000000 ____D () C:\Users\owner\Documents\Bluetooth Exchange Folder
 
Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\owner\AppData\Local\Temp\Extract.exe
C:\Users\owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\owner\AppData\Local\Temp\ose00000.exe
C:\Users\owner\AppData\Local\Temp\Quarantine.exe
C:\Users\owner\AppData\Local\Temp\readSTILog.dll
C:\Users\owner\AppData\Local\Temp\SP46775.exe
C:\Users\owner\AppData\Local\Temp\SP47594.exe
C:\Users\owner\AppData\Local\Temp\SP49415.exe
C:\Users\owner\AppData\Local\Temp\SP50589.exe
C:\Users\owner\AppData\Local\Temp\SP52264.exe
C:\Users\owner\AppData\Local\Temp\SP52308.exe
C:\Users\owner\AppData\Local\Temp\SP53795.exe
C:\Users\owner\AppData\Local\Temp\SP53806.exe
C:\Users\owner\AppData\Local\Temp\SP54342.exe
C:\Users\owner\AppData\Local\Temp\SP54841.exe
C:\Users\owner\AppData\Local\Temp\SP56391.exe
C:\Users\owner\AppData\Local\Temp\SP57275.exe
C:\Users\owner\AppData\Local\Temp\SP58782.exe
C:\Users\owner\AppData\Local\Temp\sp58915.exe
C:\Users\owner\AppData\Local\Temp\SP60799.exe
C:\Users\owner\AppData\Local\Temp\sp64126.exe
C:\Users\owner\AppData\Local\Temp\SP67212.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll
C:\Users\owner\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\owner\AppData\Local\Temp\UninstallHPTCA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 21:35
 
==================== End Of Log ============================
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 09 January 2015 - 10:06 AM

Hey, :)

I could not run this new one

Were there any error messages?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 09 January 2015 - 10:22 AM

Hi--

No, it was simply that the trial has expired and MalwareBytes will not allow me to download the program again.

 

CB



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 09 January 2015 - 10:23 AM

Can you open MBAM?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 09 January 2015 - 10:29 AM

Yes!  I just closely read the screen and it will allow for me to use the program even though the free trial of protection has ended.  I will post the log shortly.

 

Thanks, CB



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 09 January 2015 - 10:49 AM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 09 January 2015 - 11:27 AM

OK--
I just ran it twice; the first time I failed to tick "Rootkit scan."  This is the 2nd result.  Let me know if you want the first result, which came up with two non-malware items that were quarantined.
 
Thank you.
CB
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/9/2015
Scan Time: 10:50:19 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.09.10
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316679
Time Elapsed: 12 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 09 January 2015 - 12:12 PM

Hey,
well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\MountPoints2: {88ce6051-fbdf-11e3-9f19-806e6f6e6963} - D:\Msetup4.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
    
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 10 January 2015 - 04:57 PM

Good Day to you.

 

My computer is still slow to start up--not crazily slow, there just seems to be a delay. But I did run the Symantec scan, which originally was detecting the Trojan.Gen.2 presence, and it did not find it!  Yes!

 

Oh, and ESET did not find any threats.  I did not see an option for a log, therefore.   

Thanks for your great work so far!

 

P.S.: I am afraid to open MS Word. It always asks me if I want to replace the normal template, at startup. Isn't this a virus?

 

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by owner (administrator) on OWNER-PC on 10-01-2015 05:21:31
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Smith Micro Software, Inc.) C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(InterVideo Inc.) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Portrait Displays, Inc) C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Adobe Systems Incorporated ) C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\dynamiclinkmanager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2014-07-18] (Synaptics Incorporated)
HKLM\...\Run: [HP Connection Manager.exe] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe unch Buttons\QlbCtrl.exe [1791272 2014-07-18] (Synaptics Incorporated)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-03] ()
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115624 2011-08-10] (Symantec Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2014-07-18] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2944056 2011-08-17] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [SkyDrive] => C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-15] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [EPSON NX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1970657634-2418185239-2281329684-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> {509DF653-7784-48BC-A777-64CB7F160FCF} URL = https://www.google.com/search?q={searchTerms}
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1970657634-2418185239-2281329684-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1970657634-2418185239-2281329684-1002: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-07-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-30]
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-06]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Cast) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-06]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-15]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-01-09]
CHR Extension: (Google Calendar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-06]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-15]
CHR Extension: (Planner 5D) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2014-12-01]
CHR Extension: (Sniper Team) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-09-15]
CHR Extension: (Kickoff) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\heelhmibbjlnankkkmcdgbmcepajmddl [2014-09-15]
CHR Extension: (Marvel Comics) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-09-18]
CHR Extension: (Vimeo Couch Mode) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-27]
CHR Extension: (Google Keep - notes and lists) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-15]
CHR Extension: (Murder Files) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-09-27]
CHR Extension: (Motorola Connect) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-11-29]
CHR Extension: (Google Maps) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-09-06]
CHR Extension: (Google Play Books) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-09-15]
CHR Extension: (OneDrive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-15]
CHR Extension: (Edge: The Web Ruler) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njlkegdphefeellhaongiopcfgcinikh [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-11-29]
CHR Extension: (Tv Online) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2014-09-15]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-08-10] (Symantec Corporation)
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-11-09] (Hewlett-Packard Ltd)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [133176 2011-08-17] (Hewlett-Packard Company)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2009-11-19] (Hewlett-Packard)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-04] (Hewlett-Packard) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-03-16] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1893840 2011-08-10] (Symantec Corporation)
R2 SMManager; C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2009-12-03] (Smith Micro Software, Inc.)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357792 2011-08-10] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2014-07-18] (IDT, Inc.)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839888 2011-08-10] (Symantec Corporation)
S2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-09] (Malwarebytes Corporation)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2014-07-11] (Intel Corporation)
S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110520 2009-11-11] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-08-10] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [287352 2011-08-10] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [321016 2011-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43768 2011-08-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [125488 2013-08-20] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [99744 2011-08-10] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67520 2011-08-10] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43936 2011-08-10] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 11:25 - 2015-01-09 11:25 - 00001056 _____ () C:\Users\owner\Desktop\MBam.txt
2015-01-09 10:49 - 2015-01-09 10:49 - 00001434 _____ () C:\MalRe.txt
2015-01-09 09:39 - 2015-01-09 09:39 - 00000931 _____ () C:\Users\owner\Desktop\JRT.txt
2015-01-09 09:37 - 2015-01-09 09:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 09:35 - 2015-01-09 09:35 - 01707939 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe
2015-01-09 09:27 - 2015-01-09 09:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-09 08:51 - 2015-01-09 08:51 - 02191360 _____ () C:\Users\owner\Desktop\AdwCleaner.exe
2015-01-07 22:57 - 2015-01-07 22:59 - 00040304 _____ () C:\Users\owner\Desktop\Addition.txt
2015-01-07 22:55 - 2015-01-10 05:21 - 00029775 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-07 22:55 - 2015-01-10 05:21 - 00000000 ____D () C:\FRST
2015-01-07 22:24 - 2015-01-07 22:24 - 01115648 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2015-01-06 10:37 - 2015-01-06 10:54 - 00015487 _____ () C:\Users\owner\Desktop\attach.txt
2015-01-06 10:37 - 2015-01-06 10:36 - 00026280 _____ () C:\Users\owner\Desktop\dds.txt
2015-01-06 10:33 - 2015-01-06 10:33 - 00002853 _____ () C:\Users\owner\Desktop\dds - Shortcut.pif
2015-01-06 10:30 - 2015-01-06 10:30 - 00688992 ____R (Swearware) C:\Users\owner\Downloads\dds.com
2015-01-04 00:20 - 2015-01-04 00:21 - 00021011 _____ () C:\Users\owner\Downloads\B6evEmmIUAAk7Ss.jpg-large
2015-01-03 19:14 - 2015-01-03 19:14 - 00000165 ____H () C:\Users\owner\Documents\~$likearavenCURR2b.pptx
2015-01-02 16:23 - 2015-01-02 16:23 - 00000000 _____ () C:\t1l0.2
2015-01-02 16:20 - 2015-01-02 17:06 - 00415744 _____ () C:\Users\owner\Documents\newyearscard.pub
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-12-31 11:56 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-12-31 11:56 - 2013-06-20 14:42 - 00321536 _____ (CANON INC.) C:\Windows\system32\CNC_C2L.dll
2014-12-31 11:56 - 2013-06-13 14:10 - 00093184 _____ () C:\Windows\system32\CNC1774D.TBL
2014-12-31 11:56 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-12-31 11:35 - 2014-12-31 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series User Registration
2014-12-31 11:23 - 2014-12-31 11:23 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-12-31 11:17 - 2015-01-07 14:51 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Canon
2014-12-31 11:16 - 2014-12-31 11:16 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-12-31 11:08 - 2014-12-31 11:08 - 00000000 __SHD () C:\found.001
2014-12-30 23:14 - 2014-12-30 23:14 - 00000000 ____D () C:\Windows\system32\STRING
2014-12-30 23:14 - 2013-06-13 03:43 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-12-30 23:14 - 2013-06-13 03:43 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-12-30 23:12 - 2014-12-30 23:12 - 00001971 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-12-30 23:12 - 2014-12-30 23:12 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-12-30 23:07 - 2014-12-31 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-30 23:07 - 2014-12-30 23:07 - 00002304 _____ () C:\Users\Public\Desktop\Canon MX470 series On-screen Manual.lnk
2014-12-30 23:07 - 2014-12-30 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series Manual
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-12-30 23:06 - 2013-09-25 05:00 - 00258560 _____ (CANON INC.) C:\Windows\system32\CNCALC2.DLL
2014-12-30 23:06 - 2013-09-12 05:00 - 00318464 _____ (CANON INC.) C:\Windows\system32\CNMLMC2.DLL
2014-12-30 22:51 - 2015-01-10 05:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-30 22:43 - 2014-12-30 22:43 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-12-30 22:42 - 2014-12-31 11:56 - 00000000 ____D () C:\Program Files\Canon
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.2
2014-12-30 21:07 - 2014-12-30 21:07 - 00000000 _____ () C:\t1ig.1
2014-12-24 20:30 - 2014-12-24 22:25 - 03030136 _____ () C:\Users\owner\Documents\SydneySTnick.pptx
2014-12-24 20:30 - 2014-12-24 20:30 - 00000165 ____H () C:\Users\owner\Documents\~$SydneySTnick.pptx
2014-12-23 10:32 - 2015-01-02 16:19 - 00283648 _____ () C:\Users\owner\Documents\12days.pub
2014-12-22 15:43 - 2014-12-22 15:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-12-18 12:40 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 10:27 - 2014-12-17 10:27 - 09328128 _____ () C:\Users\owner\Documents\tonyaback.pub
2014-12-12 13:19 - 2014-12-12 13:19 - 04002483 _____ () C:\Users\owner\Documents\likearavenCURR2b.pptx
2014-12-11 12:41 - 2014-12-11 12:41 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 08:08 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 08:08 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 08:08 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 08:08 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 08:08 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 05:21 - 2010-11-03 17:16 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 05:19 - 2014-07-30 09:26 - 00360960 ___SH () C:\Users\owner\Desktop\Thumbs.db
2015-01-10 05:19 - 2014-07-09 04:14 - 00000000 ___RD () C:\Users\owner\OneDrive
2015-01-10 05:15 - 2014-10-16 11:28 - 00000000 ____D () C:\Temp
2015-01-10 05:15 - 2014-07-02 07:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 05:15 - 2010-11-03 19:09 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-01-10 05:14 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 05:14 - 2009-07-13 23:39 - 00043946 _____ () C:\Windows\setupact.log
2015-01-10 05:13 - 2010-11-03 17:00 - 01486456 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 04:48 - 2014-09-15 19:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002UA.job
2015-01-10 04:48 - 2014-07-02 07:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 04:47 - 2014-07-29 00:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 14:30 - 2014-09-15 19:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970657634-2418185239-2281329684-1002Core.job
2015-01-09 10:50 - 2014-07-04 11:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 09:31 - 2014-07-04 11:23 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-09 09:31 - 2014-07-04 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 09:31 - 2014-07-04 11:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-09 09:24 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:24 - 2009-07-13 23:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:15 - 2013-08-20 08:48 - 00033618 _____ () C:\Windows\PFRO.log
2015-01-09 09:06 - 2014-07-04 08:45 - 00000000 ____D () C:\AdwCleaner
2015-01-08 23:29 - 2014-07-09 14:52 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-01-08 14:20 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-07 13:04 - 2014-11-08 21:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2015-01-06 04:36 - 2014-05-06 16:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 16:53 - 2014-11-05 07:41 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2015-01-03 14:00 - 2014-07-24 19:23 - 00000000 ____D () C:\Users\owner\Documents\My PSP8 Files
2015-01-01 19:27 - 2014-07-11 00:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-01 18:19 - 2014-11-08 21:29 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 18:18 - 2014-11-08 21:30 - 00000000 ___RD () C:\Program Files\Skype
2014-12-31 11:56 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-12-31 11:56 - 2009-07-13 21:37 - 00000000 __RSD () C:\Windows\Media
2014-12-31 11:26 - 2013-07-01 12:07 - 00000000 ____D () C:\Users\owner
2014-12-30 17:39 - 2014-07-24 19:30 - 00267776 ___SH () C:\Users\owner\Documents\Thumbs.db
2014-12-22 20:07 - 2014-07-02 07:07 - 00000000 ____D () C:\Program Files\Google
2014-12-20 11:38 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-15 05:50 - 2014-08-15 07:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-12-15 05:50 - 2014-07-29 00:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-15 05:50 - 2014-07-29 00:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 13:49 - 2014-07-02 07:08 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 12:13 - 2014-07-19 05:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 04:05 - 2014-12-05 09:49 - 00000000 ____D () C:\Users\owner\.instagiffer
2014-12-11 12:41 - 2014-07-03 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 12:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 08:12 - 2013-08-20 07:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 08:03 - 2014-07-03 00:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 06:13 - 2014-07-03 00:47 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 21:35
 
==================== End Of Log ============================


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:54 PM

Posted 10 January 2015 - 05:12 PM

Hey,

Isn't this a virus?

I don't think so. :)
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Is the system faster now?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:54 PM

Posted 11 January 2015 - 04:32 PM

Hi--

I wanted to post the log first, and then I will reboot again and compare speeds.

Thanks

CB

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 32-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: OWNER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\owner
Current Profile SID: S-1-5-21-1970657634-2418185239-2281329684-1002
Current Profile Classes: S-1-5-21-1970657634-2418185239-2281329684-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\owner\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:42:54
 
Process Count: 136
Commit Total: 2.74 GB
Commit Limit: 5.84 GB
Commit Peak: 3.03 GB
Handle Count: 39891
Kernel Total: 344.12 MB
Kernel Paged: 249.78 MB
Kernel Non Paged: 94.34 MB
System Cache: 816.42 MB
Thread Count: 1826
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.92 GB
Memory Used: 2.11 GB(72.3709%)
Memory Avail.: 826.49 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.92 GB
Memory Used: 1.73 GB(59.3129%)
Memory Avail.: 1.19 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/11/2015 10:15:30 AM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 135
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/11/2015 10:15:32 AM)
   Running Repair Under Current User Account
   Done (1/11/2015 10:15:44 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/11/2015 10:15:44 AM)
   Running Repair Under System Account
   Done (1/11/2015 10:21:15 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/11/2015 10:21:16 AM)
   Running Repair Under System Account
   Done (1/11/2015 10:22:44 AM)
 
03 - Reset Service Permissions
   Start (1/11/2015 10:22:44 AM)
   Running Repair Under System Account
   Done (1/11/2015 10:22:53 AM)
 
04 - Register System Files
   Start (1/11/2015 10:22:53 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:23:11 AM)
 
05 - Repair WMI
   Start (1/11/2015 10:23:11 AM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Symantec Endpoint Protection Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Symantec Endpoint Protection Exported.
 
   Exporting 3rd Party Firewall Info...
   Symantec Endpoint Protection Exported.
 
   Running Repair Under Current User Account
   Done (1/11/2015 10:26:27 AM)
 
06 - Repair Windows Firewall
   Start (1/11/2015 10:26:27 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:05 AM)
 
07 - Repair Internet Explorer
   Start (1/11/2015 10:27:05 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:21 AM)
 
08 - Repair MDAC/MS Jet
   Start (1/11/2015 10:27:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:26 AM)
 
09 - Repair Hosts File
   Start (1/11/2015 10:27:26 AM)
   Running Repair Under System Account
   Done (1/11/2015 10:27:27 AM)
 
10 - Remove Policies Set By Infections
   Start (1/11/2015 10:27:27 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:29 AM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (1/11/2015 10:27:30 AM)
   Running Repair Under System Account
   Done (1/11/2015 10:27:31 AM)
 
12 - Repair Icons
   Start (1/11/2015 10:27:31 AM)
   Running Repair Under Current User Account
   Done (1/11/2015 10:27:32 AM)
 
13 - Repair Winsock & DNS Cache
   Start (1/11/2015 10:27:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:49 AM)
 
15 - Repair Proxy Settings
   Start (1/11/2015 10:27:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:27:51 AM)
 
17 - Repair Windows Updates
   Start (1/11/2015 10:27:51 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/11/2015 10:28:18 AM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (1/11/2015 10:28:18 AM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (1/11/2015 10:28:18 AM)
 
19 - Repair Volume Shadow Copy Service
   Start (1/11/2015 10:28:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:28:40 AM)
 
21 - Repair MSI (Windows Installer)
   Start (1/11/2015 10:28:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:28:53 AM)
 
23.01 - Repair bat Association
   Start (1/11/2015 10:28:53 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:28:56 AM)
 
23.02 - Repair cmd Association
   Start (1/11/2015 10:28:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:28:58 AM)
 
23.03 - Repair com Association
   Start (1/11/2015 10:28:58 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:00 AM)
 
23.04 - Repair Directory Association
   Start (1/11/2015 10:29:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:02 AM)
 
23.05 - Repair Drive Association
   Start (1/11/2015 10:29:02 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:04 AM)
 
23.06 - Repair exe Association
   Start (1/11/2015 10:29:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:07 AM)
 
23.07 - Repair Folder Association
   Start (1/11/2015 10:29:07 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:09 AM)
 
23.08 - Repair inf Association
   Start (1/11/2015 10:29:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:11 AM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (1/11/2015 10:29:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:13 AM)
 
23.10 - Repair msc Association
   Start (1/11/2015 10:29:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:15 AM)
 
23.11 - Repair reg Association
   Start (1/11/2015 10:29:15 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:18 AM)
 
23.12 - Repair scr Association
   Start (1/11/2015 10:29:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:20 AM)
 
24 - Repair Windows Safe Mode
   Start (1/11/2015 10:29:20 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:22 AM)
 
25 - Repair Print Spooler
   Start (1/11/2015 10:29:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:37 AM)
 
26 - Restore Important Windows Services
   Start (1/11/2015 10:29:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:46 AM)
 
27 - Set Windows Services To Default Startup
   Start (1/11/2015 10:29:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:52 AM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (1/11/2015 10:29:52 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/11/2015 10:29:54 AM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/11/2015 10:29:54 AM)
   Total Repair Time: 00:14:25
 
 
...YOU MUST RESTART YOUR SYSTEM...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users