Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoWall 3.0 on Vista 32bit - machine will not boot


  • This topic is locked This topic is locked
48 replies to this topic

#1 mrogge

mrogge

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 March 2015 - 10:47 AM

I was asked by a friend to help with her laptop that would not boot properly.

Toshiba L305-S5968 running Vista Home Premium 32bit

 

After looking at the machine, Vista would not boot. Only a black screen. Not even Safe Mode.  I was only able to "boot" the computer using a UBUNTU CD. I did not install UBUNTU, but am using the "Try UBUNTU" feature of the CD.

After working a bit, (MBR & BCD rebuild/repair) I was able to get the machine to boot into "recovery/repair" long enough to discover the Cryptowall 3.0 infection. I was able to run a couple malware scans in Safe Mode (using the USB to transfer software to the machine) finding a couple minor malware infections, but once again the machine will not boot.

 

At this point, I do not want to proceed further (risking further "damage" to the computer) without "expert" help. Thus, my post here.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 29 March 2015 - 03:26 PM

Greetings mrogge and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. When you say it won't boot can you describe how far it gets and what you see?

Please run the following for me.

===================================================

Kaspersky Rescue Disk 10 CD

--------------

To complete this process you will need a USB device and a blank CD.
  • On a clean computer download Kaspersky Rescue Disk 10 and save it to your desktop
  • Now go to the ISO Recorder site and download the version for your operating system (do not download the command line version)
  • Save the file to your desktop
  • Double click the icon to start the program
  • Select Run, then continue to select Next until you receive a notification that the installation was complete
  • Close the installation window
  • Insert a blank CD into your CD ROM drive
  • Right click on the kav_rescue_10.iso file on your desktop and select Copy image to CD/DVD
  • Make sure Image File is selected and it shows the kavrescue_10.iso file
  • In the Recorder section make sure it shows your CD ROM drive
  • Select the lowest recording speed
  • Click Next
  • Click Finish on the Operation has been completed screen
  • Remove the CD and insert it, and your USB device into the infected computer
  • Reboot the infected computer
  • As the computer boots up gently tap F12 (you may need to tap a different key like Del, Esc, F2.....) and choose to boot from CD/DVD
  • When the Kaspersky Rescue Disk screen appears press any key within 10 seconds
  • Press Enter on English which should be highlighted by default
  • Press 1 to accept the agreement
  • Press Enter on Kaspersky Rescue Disk. Graphic Mode which should be highlighted by default
  • Allow the program to load and mount the disks
  • Select your operating system then click OK
  • Place a check mark in each box except for sda1
  • Click Start Objects Scan
  • Upon completion do not Quarantine any items yet, simply click Report, save it to your USB device, then from your clean computer copy and paste the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Description of boot up
  • Kaspersky report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 29 March 2015 - 08:00 PM

Hi Gary,

 

On behalf of myself (BTW, my name is Mark) and my friend with the "toasted" computer we are attempted to recover, thanks for you assistance.

 

REQUEST 1 -- Description of boot up--

As the computer has experienced problems booting Windows Vista correctly, the "boot error" screen first appears with the options of (these are paraphrased, but I'm sure you will understand):

     Safe Mode

     Safe Mode with network support

     Safe Mode command prompt

     Last known Good Configuration

     Start Windows normally

 

Regardless of which option I might choose at this point, the boot result is ultimately the same:

     The typical initial black screen with the "scrolling" load bar appears for a few seconds,

     then the actual Windows Vista load screen with the rotating "loading" ring appears for a few minutes (without change),

     then the computer reboots itself.

 

REQUEST 2 -- Kaspersky Report

The Kaspersky Rescue Disk loads, but when it attempts to mount, it gives the following warning (in a typical GUI OS pop up window):

 

Warning!

Your computer's operating system has been shut down incorrectly, File system is going to be mounted. The procedure may cause damage to it. To avoid file system corruption, you are advised to shut down the operating system correctly before using Kaspersky Rescue Disk.

 

Do you wish to continue?

    Continue     Skip    Restart computer

 

I understand the system is toasted (to some degree), but did not want to precede beyond this warning without instruction from you. As they say, I don't want to "add fuel to the fire." At this point, I have shut down the computer and am . . .

 

Awaiting further instructions.

 

Thanks,

Mark



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 29 March 2015 - 09:01 PM

Hi Mark and thanks for the detailed description. Do you have this option when it boots?

Disable Automatic Restart on System Failure
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 29 March 2015 - 09:54 PM

Hi Gary,

The option has been available in the past, but is not currently showing at this time. Even so . . . I have chosen that option, but after one "failure" it will go into the same reboot cycle.

I just attempted another boot and that option is NOT appearing at this time. I am attempting a Boot in Safe Mode right now to see if that will make a difference.

Mark


Edited by mrogge, 29 March 2015 - 09:55 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 29 March 2015 - 10:11 PM

No problem Mark. Let's do this.

===================================================

Ubuntu MRB and Driver Report Using an Existing Ubuntu CD

--------------
  • Download udriver.sh to a USB device
  • With the USB device inserted into the infected computer restart your computer using your Ubuntu CD
  • Please allow the program to automatically load to the Ubuntu desktop
  • Select English, then click Try Ubuntu
  • Click on the Dash Home icon located just underneath the Ubuntu Desktop title bar at the top
  • Type terminal in the search box then press Enter
  • A command prompt window will open
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

sudo dd if=/dev/sda of=mbr.txt bs=512 count=1

  • A mbr.txt file will be created in your Home folder
  • Type Exit then press Enter
  • Click on the Home Folder which is most likely the third icon down on the left
  • Under Devices please click the USB device (if that is not present remove the USB device and plug it back in)
  • Locate the udriver.sh icon listed in the USB contents window, right click, select Move to, then click Home
  • Close any open windows
  • Click the Dash Home icon (1st icon on left)
  • Select the Terminal icon
  • Type the following at the prompt and hit Enter

sudo bash udriver.sh

  • Wait until report.txt pops up or the command line indicates the search is finished. This can take a while, so please be patient!
  • The report.txt file will be located in the Home folder (same folder as mbr.txt)
  • Type the following at the prompt and hit Enter

sudo bash udriver.sh -af

  • You will be prompted to input a file name. Please type the following then press Enter:

Winlogon.exe

  • After the search is completed please type the following then press Enter:

volsnap.sys

  • After the search is completed please type the following then press Enter:

explorer.exe

  • After the search is completed please type the following then press Enter:

Userinit.exe

  • After the last search is complete please type Exit and press Enter
  • Click the Home Folder
  • Right click on filefind.txt, and select Send to...
  • Click the drop down list next to Send as:, select Removable disks and shares, click the USB device (may be there by default), then click Send
  • Repeat these steps for report.txt
  • Remove the USB device from your computer
  • In the upper right hand corner of your screen select the icon just to the right of the time
  • Click Shut down..., then Restart
  • Your computer should reboot into Windows
  • Insert the USB device back into your computer
  • Zip the report.txt file and attach it to your reply. Attach but do not zip the mbr.txt and filefind.txt files.
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • report.zip
  • mbr.txt
  • filefind.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 29 March 2015 - 10:33 PM

No problem Mark. Let's do this.

===================================================

Ubuntu MRB and Driver Report Using an Existing Ubuntu CD

--------------

  • Download udriver.sh to a USB device
  • With the USB device inserted into the infected computer restart your computer using your Ubuntu CD
  • Please allow the program to automatically load to the Ubuntu desktop
  • Select English, then click Try Ubuntu
  • Click on the Dash Home icon located just underneath the Ubuntu Desktop title bar at the top
  • Type terminal in the search box then press Enter
  • A command prompt window will open
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

sudo dd if=/dev/sda of=mbr.txt bs=512 count=1

  • A mbr.txt file will be created in your Home folder
  • Type Exit then press Enter
  • Click on the Home Folder which is most likely the third icon down on the left
  • Under Devices please click the USB device (if that is not present remove the USB device and plug it back in)
  • Locate the udriver.sh icon listed in the USB contents window, right click, select Move to, then click Home
  • Close any open windows
  • Click the Dash Home icon (1st icon on left)
  • Select the Terminal icon
  • Type the following at the prompt and hit Enter

sudo bash udriver.sh

 

 

This step is producing the following message in the terminal window:

 

Gatherig driver information .... please be patient

This will take several minutes to complete

rm: cannot remove 'files.txt': No such file or directory

Done

 

It returns to the prompt. I retyped the command, assuring it was entered correctly, but got the same "error" message.

 

I checked the Home folder, and there is a "report.txt" file, but contains only a date/time marker.

 

Mark


Edited by mrogge, 29 March 2015 - 10:34 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 29 March 2015 - 10:42 PM

I am going to need to look into this to figure out a workaround but I am ready to wrap up for the evening. You can assume I will be posting back in the morning.

Thanks for your patience and understanding.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 29 March 2015 - 10:45 PM

Appreciate it Gary. I'll check back in the morning. Thanks!



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 29 March 2015 - 10:48 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 30 March 2015 - 10:50 AM

Still working on an alternative. Are you able to connect that hard drive as an external drive on another computer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 March 2015 - 12:52 PM

Hey Gary,

Sorry . . . I had to do some searching.

I DO have a "Drive Wire" device which SHOULD make it possible to connect the harddrive to another computer. However, I have not used it for years, so will need to verify whether it is still functional or not, if that is the direction we will need to take.

 

I was able, this morning, to get to the boot option to disable automatic restart in the boot menu. It is running an automatic CHKDSK right now. I'll get back to you once that is complete. That might solve the problem with the Kaspersky warning, correct? If so, do you want me to attempt the Kaspersky Rescue Disk report again?

 

Mark



#13 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 March 2015 - 01:08 PM

UPDATE:

After the computer running the automatic CHKDSK, it continued on to a boot window. This failed, but . . . it gave me the Windows "failure" screen and I attempted a Safe Mode boot.

It now appears to have booted into Safe Mode. Now sure if it's stable, but I'm leaving it turned on and in Safe Mode for now. Hope I didn't screw up anything for your attempted repairs.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 AM

Posted 30 March 2015 - 02:11 PM

No, that is great. Please attempt to do this in Safe Mode.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 mrogge

mrogge
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 March 2015 - 03:59 PM

Here you go Gary! Have fun!  :bounce:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by KrisSitTina (administrator) on KRISSITTINA-PC on 30-03-2015 16:48:38
Running from C:\Users\KrisSitTina\Desktop
Loaded Profiles: KrisSitTina (Available profiles: KrisSitTina)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-15] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-04-07] (RealNetworks, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-29] (Google Inc.)
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\Run: [ChromeUpdate] => C:\Users\KrisSitTina\AppData\Roaming\FrameworkUpdate\ChromeUpdate.exe [270848 2015-01-30] (Company name goes here)
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\MountPoints2: {e268e58f-5eeb-11e4-af5e-001e33f21283} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\MountPoints2: {fb292bed-5eee-11e4-a8f1-001e33f21283} - E:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-08] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-748915929-3372388499-3927092240-1000 -> DefaultScope {ECDA51CE-8D3F-46BA-8169-19117F82A15A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en
SearchScopes: HKU\S-1-5-21-748915929-3372388499-3927092240-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=5DjbGl0SjM1F7UgYw-DnvtePBQw?q={searchTerms}
SearchScopes: HKU\S-1-5-21-748915929-3372388499-3927092240-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8BAFAwfT&i=26
SearchScopes: HKU\S-1-5-21-748915929-3372388499-3927092240-1000 -> {ECDA51CE-8D3F-46BA-8169-19117F82A15A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-20] (Google Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-748915929-3372388499-3927092240-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-07-20] (Google Inc.)
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2010-06-02] (Google, Inc.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-748915929-3372388499-3927092240-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KrisSitTina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-11]
CHR Extension: (Google Search) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-08-03]
CHR Extension: (Google Wallet) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (TheBflix) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\objdeodcfjkilkmakokankhakcocpjek [2014-08-03]
CHR Extension: (Gmail) - C:\Users\KrisSitTina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-04-07]
CHR HKLM\...\Chrome\Extension: [objdeodcfjkilkmakokankhakcocpjek] - C:\ProgramData\TheBflix\objdeodcfjkilkmakokankhakcocpjek.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [164600 2008-05-28] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-07] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-07] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-26] (QUALCOMM Incorporated)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RtlProt; \??\C:\Windows\System32\Drivers\RtlProt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-30 16:48 - 2015-03-30 16:49 - 00017079 _____ () C:\Users\KrisSitTina\Desktop\FRST.txt
2015-03-30 16:48 - 2015-03-30 16:48 - 00000000 ____D () C:\FRST
2015-03-30 15:39 - 2015-03-30 12:33 - 01135104 _____ (Farbar) C:\Users\KrisSitTina\Desktop\FRST.exe
2015-03-30 13:52 - 2015-03-30 13:52 - 00000000 __SHD () C:\found.002
2015-03-17 11:09 - 2015-03-17 11:09 - 00000000 ____D () C:\SUPERDelete
2015-03-17 11:05 - 2015-03-17 11:05 - 00000000 ____D () C:\Users\KrisSitTina\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 10:59 - 2015-03-17 11:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 10:59 - 2015-03-17 10:59 - 00001811 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-17 10:59 - 2015-03-17 10:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 10:59 - 2015-03-17 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 10:32 - 2015-03-17 10:32 - 00000186 _____ () C:\Users\KrisSitTina\Desktop\USB20FD (E) - Shortcut.lnk
2015-03-17 09:19 - 2015-03-17 09:19 - 00016776 _____ () C:\MAB201503170918.txt
2015-03-17 08:56 - 2015-03-17 08:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 08:56 - 2015-03-17 08:56 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 08:55 - 2015-03-17 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 08:55 - 2015-03-17 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 08:55 - 2015-03-17 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-17 08:55 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 08:55 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 08:55 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 14:34 - 2015-03-16 14:34 - 00028672 _____ () C:\BCD_Backup20150316
2015-03-16 14:34 - 2015-03-16 14:34 - 00025600 ____H () C:\BCD_Backup20150316.LOG
2015-03-16 07:59 - 2009-04-10 19:36 - 00333257 _____ () C:\bootmgr
2015-03-08 18:15 - 2015-03-08 18:15 - 00028672 _____ () C:\BCD_Backup
2015-03-08 18:15 - 2015-03-08 18:15 - 00025600 ____H () C:\BCD_Backup.LOG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-30 15:37 - 2006-11-02 06:33 - 00006800 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 14:04 - 2015-01-21 21:27 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2015-03-30 13:57 - 2010-02-09 16:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 13:57 - 2010-02-09 16:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 13:55 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 13:55 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 13:55 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 09:14 - 2009-08-29 04:17 - 01570675 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 08:48 - 2006-11-02 09:01 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-18 08:46 - 2009-10-07 22:36 - 00000000 ____D () C:\Users\KrisSitTina
2015-03-18 08:44 - 2008-01-20 22:47 - 00134348 _____ () C:\Windows\PFRO.log
2015-03-18 08:15 - 2012-08-09 16:57 - 00000000 ____D () C:\Program Files\Web Assistant
2015-03-17 09:19 - 2012-12-10 20:02 - 00000000 ____D () C:\Windows\system32\WNLT
2015-03-17 09:19 - 2012-12-10 20:02 - 00000000 ____D () C:\Windows\system32\ARFC
2015-03-17 08:35 - 2006-11-02 08:52 - 00061366 _____ () C:\Windows\setupact.log
 
==================== Files in the root of some directories =======
 
2014-10-29 17:25 - 2014-10-29 17:25 - 6000640 _____ () C:\Program Files\GUTC0D0.tmp
2015-01-30 20:35 - 2015-01-30 20:35 - 0008528 _____ () C:\Users\KrisSitTina\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 20:35 - 2015-01-30 20:35 - 0045525 _____ () C:\Users\KrisSitTina\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 20:35 - 2015-01-30 20:35 - 0004204 _____ () C:\Users\KrisSitTina\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 20:35 - 2015-01-30 20:35 - 0000272 _____ () C:\Users\KrisSitTina\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 20:26 - 2015-01-30 20:26 - 0000480 ____H () C:\Users\KrisSitTina\AppData\Roaming\麽鎒駓覜
2014-03-01 23:56 - 2015-02-06 16:06 - 0000680 _____ () C:\Users\KrisSitTina\AppData\Local\d3d9caps.dat
2009-10-07 22:45 - 2012-11-03 23:42 - 0033280 _____ () C:\Users\KrisSitTina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 20:32 - 2015-01-30 20:32 - 0008528 _____ () C:\Users\KrisSitTina\AppData\Local\HELP_DECRYPT.HTML
2015-01-30 20:32 - 2015-01-30 20:32 - 0045525 _____ () C:\Users\KrisSitTina\AppData\Local\HELP_DECRYPT.PNG
2015-01-30 20:32 - 2015-01-30 20:32 - 0004204 _____ () C:\Users\KrisSitTina\AppData\Local\HELP_DECRYPT.TXT
2015-01-30 20:32 - 2015-01-30 20:32 - 0000272 _____ () C:\Users\KrisSitTina\AppData\Local\HELP_DECRYPT.URL
2015-01-30 20:26 - 2015-01-30 20:26 - 0000664 _____ () C:\ProgramData\@system.temp
2015-01-30 20:27 - 2015-01-30 20:27 - 0000400 ____H () C:\ProgramData\@system3.att
2015-01-30 20:29 - 2015-01-30 20:29 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 20:29 - 2015-01-30 20:29 - 0045525 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-30 20:29 - 2015-01-30 20:29 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 20:29 - 2015-01-30 20:29 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2009-11-04 20:50 - 2009-11-04 21:12 - 0001208 _____ () C:\ProgramData\hpzinstall.log
2014-12-03 01:37 - 2014-12-03 01:37 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
 
Some content of TEMP:
====================
C:\Users\KrisSitTina\AppData\Local\Temp\VP6Install.exe
C:\Users\KrisSitTina\AppData\Local\Temp\VP6VFW.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-30 14:25
 
==================== End Of Log ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by KrisSitTina at 2015-03-30 16:49:45
Running from C:\Users\KrisSitTina\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
BCool Gadget (HKLM\...\{0E931A51-A183-4E66-8562-D82896E74C67}) (Version: 1.0 - BCool Gadget)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 Trial (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.6 - Google, Inc.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - REALTEK Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20130 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: 1.00.0026 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 10.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
StarCraft (HKLM\...\StarCraft) (Version:  - Blizzard Entertainment)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-748915929-3372388499-3927092240-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Web Assistant 2.0.0.485 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.485 - IncrediBar) <==== ATTENTION
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\KrisSitTina\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-748915929-3372388499-3927092240-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\msvcp60.dll (America Online)
 
==================== Restore Points  =========================
 
16-03-2015 12:28:30 Windows Update
17-03-2015 08:32:33 Windows Update
17-03-2015 08:48:45 Windows Update
18-03-2015 08:20:46 Windows Update
18-03-2015 09:00:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01781C49-81B9-44E8-A83D-4AA6FABB22FE} - System32\Tasks\{D3B49EF5-F8F6-4BE8-9B9D-A47D9A257455} => pcalua.exe -a "C:\Users\KrisSitTina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BXQ3O6T\BW-1161[1].exe" -d C:\Users\KrisSitTina
Task: {4832F840-155F-4D2E-BC6A-C75993ADFBE1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {65C7F9A2-F320-4F64-8780-D87D9ABAC992} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {7A5D82DB-CFF6-4D37-AA1E-D77B4CBC50F7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-748915929-3372388499-3927092240-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {D46599F7-F353-4F5D-95EB-835C3CB10B79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {F33BA796-55C6-458E-8AF5-5078EAB3E54E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-748915929-3372388499-3927092240-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {FFD42632-DA55-4D5D-981B-988A7E8D7F85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-748915929-3372388499-3927092240-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KrisSitTina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-748915929-3372388499-3927092240-500 - Administrator - Disabled)
Guest (S-1-5-21-748915929-3372388499-3927092240-501 - Limited - Disabled)
KrisSitTina (S-1-5-21-748915929-3372388499-3927092240-1000 - Administrator - Enabled) => C:\Users\KrisSitTina
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/30/2015 03:37:53 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
 
Error: (03/30/2015 03:37:53 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
 
Error: (03/30/2015 02:08:05 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
 
Error: (03/30/2015 02:08:05 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
 
Error: (03/30/2015 02:05:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2015 02:05:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (03/30/2015 01:56:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2015 01:55:42 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (03/30/2015 01:55:42 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
Error: (03/30/2015 01:55:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.   (0x80070490)
 
 
System errors:
=============
Error: (12/02/2010 03:42:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:39:13 AM on 12/2/2010 was unexpected.
 
Error: (09/28/2010 03:41:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (09/28/2010 03:39:40 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (09/24/2010 03:17:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (09/24/2010 03:16:04 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (09/19/2010 03:30:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
 
Error: (09/16/2010 06:21:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (09/16/2010 06:19:40 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (09/15/2010 11:52:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000WerSvc
 
Error: (09/13/2010 05:41:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-30 16:49:37.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:37.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:37.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:36.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:36.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:35.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:35.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-30 16:49:35.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-17 09:04:43.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-17 09:04:43.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 17%
Total physical RAM: 2939.25 MB
Available physical RAM: 2429.71 MB
Total Pagefile: 6082.8 MB
Available Pagefile: 5773.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.38 MB
 
==================== Drives ================================
 
Drive c: (SQ004980V02) (Fixed) (Total:289.38 GB) (Free:231.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: BE066925)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=289.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=17)
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users