Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kryptic Trojan & Norton won't let me download FRST


  • This topic is locked This topic is locked
8 replies to this topic

#1 Straynge74

Straynge74

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 01 November 2015 - 09:28 AM

Hello, recently I noticed that most of my google searches wouldn't work in IE so I've run quite a few scans.  ESET online scanner found Kryptic Trojan that I think was in windows/system32 or something like that.  The only symptoms were not being able to search online with IE and my PC got really slow. I've run Norton AV, ESET, Malwarebytes and numerous other reputable scanners to get rid of it and my computer will work good for a day then I can't search anymore.  I also ran many of those scans in safe mode. 

They got rid of the Trojan plus some sort of dll wrapper or something like that.  Sorry, it's been about a week and I can't remember exactly.
So I though I'd come here for help but Norton will NOT let me download the FRST.  It keeps saying it's unsafe and removes it so I don't know what to do.  Is that a false positive?  Is there someway I can make Norton stop deleting it every time I try to download it.  I just don't want to try anything else until I hear from an expert. 


 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 03 November 2015 - 03:50 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

So I though I'd come here for help but Norton will NOT let me download the FRST. It keeps saying it's unsafe and removes it so I don't know what to do. Is that a false positive? Is there someway I can make Norton stop deleting it every time I try to download it. I just don't want to try anything else until I hear from an expert.

Download the FRSt tool and when Norton advises you that the file is not safe, click the Details button.
You will then have an option to Accept the file. Follow the instructions. The file is safe it downloaded from here. Select your version of the operating system.

Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)

Place it on your Desktop and run it.

Post the FRST.txt and the Addition.txt file for my review.

#3 Straynge74

Straynge74
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 04 November 2015 - 07:19 PM

Hello and thank you so much.  Sorry, I got off late tonight and just saw this.  Here are those logs:

FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Jamie (administrator) on JAMIE-HP (04-11-2015 18:11:20)
Running from C:\Users\Jamie\Desktop
Loaded Profiles: Jamie (Available Profiles: Jamie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_226_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Jamie\Desktop\frst64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\Run: [igndlm.exe] => C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)
HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\Run: [Google Update] => C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2382275307-117169710-2446462624-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-12-12]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{4A9A3272-5194-4F13-894E-FDB072E600BD}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2382275307-117169710-2446462624-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {649D5261-57A4-40EB-B39B-942724A604DD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {649D5261-57A4-40EB-B39B-942724A604DD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {649D5261-57A4-40EB-B39B-942724A604DD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-30] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

FireFox:
========
FF ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] ()
FF Plugin-x32: @fileplanet.com/fpdlm -> C:\Program Files (x86)\Download Manager\npfpdlm.dll [2009-10-27] (IGN Entertainment)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-30] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @talk.google.com/O1DPlugin -> C:\Users\Jamie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2382275307-117169710-2446462624-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jamie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Jamie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jamie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\searchplugins\safesearch.xml [2014-03-18]
FF Extension: Ghostery - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\Extensions\firefox@ghostery.com.xpi [2015-08-22]
FF Extension: Adblock Plus - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-22]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GIF ME) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblbmdigihnlnnmoejhagmpihfjdaab [2015-07-15]
CHR Extension: (Google Docs) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09]
CHR Extension: (YouTube) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-09-09]
CHR Extension: (Google Search) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Norton Identity Safe) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Hangouts) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Stylebot) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2013-12-21]
CHR Extension: (Gmail) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-05]
CHR Extension: (RSS Feed Reader) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-05-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-12-12] (Adobe Systems) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-30] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-22] (BitRaider, LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3548672 2014-12-14] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-22] (Symantec Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-25] (BitRaider)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20151103.002\IDSvia64.sys [767224 2015-10-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151104.001\ENG64.SYS [138488 2015-10-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151104.001\EX64.SYS [2148080 2015-10-28] (Symantec Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\Jamie\AppData\Local\Temp\ALSysIO64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 atksgt; system32\DRIVERS\atksgt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 18:11 - 2015-11-04 18:11 - 00025083 _____ C:\Users\Jamie\Desktop\FRST.txt
2015-11-04 18:10 - 2015-11-04 18:11 - 00000000 ____D C:\FRST
2015-11-04 18:08 - 2015-11-04 18:08 - 02198016 _____ (Farbar) C:\Users\Jamie\Desktop\frst64(1).exe
2015-11-04 17:59 - 2015-11-04 17:59 - 00757024 _____ C:\Users\Jamie\Downloads\Dreams_of_Gods_and_Monsters_-_Laini_Taylor.mobi
2015-11-04 09:09 - 2015-11-04 09:09 - 00000209 _____ C:\Users\Jamie\Desktop\Bills And Funds.txt
2015-11-01 07:55 - 2015-11-01 08:14 - 00000000 ____D C:\Users\Jamie\Downloads\Virus Removal
2015-11-01 07:55 - 2015-11-01 07:56 - 05637361 _____ (Swearware) C:\Users\Jamie\Downloads\ComboFix.exe
2015-10-31 11:35 - 2015-10-31 11:38 - 53770968 _____ (Microsoft Corporation) C:\Users\Jamie\Downloads\Windows-KB890830-x64-V5.29.exe
2015-10-31 07:38 - 2015-10-31 07:38 - 00000000 ____D C:\Users\Jamie\AppData\Local\{BB12294C-6085-42D9-816C-399A31C5ECF2}
2015-10-28 19:37 - 2015-10-28 19:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-28 19:36 - 2015-10-28 19:36 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-28 19:36 - 2015-10-28 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-28 19:36 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-28 19:36 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-28 19:33 - 2015-10-28 19:34 - 22908888 _____ (Malwarebytes ) C:\Users\Jamie\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-28 13:38 - 2015-10-28 13:38 - 04383777 _____ C:\Users\Jamie\Downloads\tdsskiller.zip
2015-10-28 13:16 - 2015-10-28 19:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-28 13:16 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-28 11:57 - 2015-10-28 11:58 - 00000000 ____D C:\Users\Jamie\AppData\Roaming\QuickScan
2015-10-28 10:00 - 2015-10-28 10:00 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-18 08:36 - 2015-10-18 08:36 - 00003951 _____ C:\Users\Jamie\AppData\Local\recently-used.xbel
2015-10-06 18:16 - 2015-10-07 19:32 - 00000504 _____ C:\Users\Jamie\Desktop\Hulu.website

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:43 - 2014-01-06 15:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000UA.job
2015-11-04 17:24 - 2013-11-01 16:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 17:24 - 2013-11-01 16:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 14:18 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-04 14:18 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-04 07:46 - 2011-04-21 14:19 - 00000000 ____D C:\ProgramData\PDFC
2015-11-04 07:43 - 2014-01-06 15:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000Core.job
2015-11-04 06:56 - 2011-10-15 10:33 - 01146337 _____ C:\Windows\WindowsUpdate.log
2015-11-04 06:50 - 2009-07-13 23:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 06:45 - 2010-11-20 21:47 - 01493192 _____ C:\Windows\PFRO.log
2015-11-04 06:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 06:45 - 2009-07-13 22:51 - 00263098 _____ C:\Windows\setupact.log
2015-11-01 10:47 - 2014-08-19 23:19 - 00000000 ____D C:\Users\Jamie\AppData\Local\Adobe
2015-11-01 10:46 - 2012-04-02 10:27 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-01 10:46 - 2011-10-15 19:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 06:26 - 2015-09-09 17:26 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForJamie.job
2015-10-31 19:05 - 2015-09-09 17:26 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJamie
2015-10-31 19:05 - 2011-10-14 20:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-10-31 19:03 - 2011-10-14 20:31 - 00000000 ____D C:\Users\Jamie\AppData\Roaming\HpUpdate
2015-10-31 19:03 - 2011-10-14 20:31 - 00000000 ____D C:\Users\Jamie\AppData\Roaming\HP Support Assistant
2015-10-29 06:27 - 2013-11-01 16:56 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-28 20:01 - 2011-04-21 14:18 - 00000000 ____D C:\Windows\PRIndex
2015-10-28 19:18 - 2011-10-14 19:59 - 00000000 ____D C:\Users\Jamie
2015-10-28 19:16 - 2015-07-22 11:02 - 00000000 ____D C:\ProgramData\BitRaider
2015-10-28 19:16 - 2015-04-04 09:21 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-28 19:16 - 2013-11-13 17:00 - 00000000 ____D C:\Users\UpdatusUser.Jamie-HP
2015-10-28 19:16 - 2013-11-01 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-28 19:16 - 2011-04-21 14:25 - 00000000 ____D C:\ProgramData\Norton
2015-10-28 19:16 - 2011-04-21 14:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-28 19:16 - 2011-04-21 14:07 - 00000000 ____D C:\ProgramData\RoxioNow
2015-10-28 19:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-10-28 13:55 - 2012-08-18 09:23 - 00000000 ____D C:\Users\Jamie\AppData\Local\NPE
2015-10-28 13:46 - 2015-01-28 14:51 - 00000000 ____D C:\NPE
2015-10-28 12:57 - 2011-11-11 21:01 - 00000000 ____D C:\ProgramData\Recovery
2015-10-18 08:36 - 2013-12-09 17:28 - 00000000 ____D C:\Users\Jamie\AppData\Local\gtk-2.0
2015-10-18 08:36 - 2013-12-09 17:26 - 00000000 ____D C:\Users\Jamie\.gimp-2.8
2015-10-18 08:29 - 2013-03-13 15:50 - 00000000 ____D C:\Users\Jamie\AppData\Local\Deployment
2015-10-13 13:42 - 2012-08-29 14:12 - 00002733 _____ C:\Users\Jamie\Documents\DoctorAppts.txt
2015-10-09 12:37 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-10-05 10:19 - 2015-05-05 12:55 - 00000000 ____D C:\Users\Jamie\Documents\Bills

==================== Files in the root of some directories =======

2012-06-21 12:36 - 2012-06-21 12:36 - 0001111 _____ () C:\Program Files (x86)\InstLog.txt
2015-10-18 08:36 - 2015-10-18 08:36 - 0003951 _____ () C:\Users\Jamie\AppData\Local\recently-used.xbel
2012-10-23 11:32 - 2015-01-25 00:58 - 0007652 _____ () C:\Users\Jamie\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-31 11:54

==================== End of FRST.txt ============================


And here's the Addition.txt
 


 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Jamie (2015-11-04 18:12:05)
Running from C:\Users\Jamie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-15 01:59:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2382275307-117169710-2446462624-500 - Administrator - Disabled)
Guest (S-1-5-21-2382275307-117169710-2446462624-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2382275307-117169710-2446462624-1002 - Limited - Enabled)
Jamie (S-1-5-21-2382275307-117169710-2446462624-1000 - Administrator - Enabled) => C:\Users\Jamie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.237 - Amazon)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009218302.48.56.38152898 - Audible, Inc.)
Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.6.2 - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beamdog Launcher 1.9.5.0 (HKLM-x32\...\Beamdog Launcher) (Version: 1.9.5.0 - Beamdog)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.18 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Manager 2.3.10 (HKLM-x32\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.7.3 (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
gamelauncher-ps2-live (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2) (Version:  - Sony Online Entertainment)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
JPEGmini (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\5d2010e174743543) (Version: 1.9.1.2 - ICVT Ltd)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.4.24 - Symantec Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PlanetSide 2 (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\soe-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scrivener (HKLM-x32\...\Scrivener 1720) (Version: 1720 - Literature and Latte)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Secret World (HKLM\...\The Secret World_is1) (Version:  - Funcom)
The Witcher (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 1.0.69.23 - )
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

21-10-2015 14:17:02 Scheduled Checkpoint
28-10-2015 18:06:18 Scheduled Checkpoint
28-10-2015 19:11:50 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09A38A75-A8AF-4D21-9B21-C07CF46B24DF} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {0DB24F50-C7B8-4449-A7B7-FEC4311D41CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {107C63B8-EB8E-4822-A1AA-66A5E0649BD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1F16B30D-7374-4805-890F-AB6F8B24110A} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {20919E64-5E0A-4914-B3F3-DD4F6BD31BDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {28662218-DC34-49BF-90F9-DBE0CCC8F679} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000UA => C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2D152506-2FDC-4567-8D02-D45C85E823E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4FA0E706-C0F8-487F-B3EB-1B4BECB66EB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5E45D222-C237-451E-858B-C2AD6E976F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {96629F69-7166-4E75-AA9F-22CC7B09012D} - System32\Tasks\HPCeeScheduleForJamie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DB5945D2-23E8-4BEF-8AC1-1A61615C11D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000Core => C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F4EAFEFF-8AE2-4547-8DA3-C129EDB586F6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000Core.job => C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382275307-117169710-2446462624-1000UA.job => C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJamie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-12 15:39 - 2015-08-17 18:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-10-17 15:43 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Jamie:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Jamie\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Jamie\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Jamie\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2382275307-117169710-2446462624-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2382275307-117169710-2446462624-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.94.156.1 - 68.94.157.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Stereo Service => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B93D5EE6-74B4-4DB0-BDEA-1447E0CC43FC}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{68EF43ED-8136-42B8-9518-017490B2E7FA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{76ECD6C2-CFD5-4DB9-A019-EA832ED4F1A6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{1725BDA7-4806-47BE-8AB0-9960C4EA61C1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{ECD4FFD1-D6C4-4A14-A6A4-79E26F298162}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{F30FA778-7AA1-43D4-8651-E8E9D58C52A8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{D3BCE33F-F955-46C4-A340-7FABA69E0BD8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{3653E0B0-F563-4BD3-8748-A91928233BAA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{C5A0DCD8-C803-4021-B3AF-7DE37C1D166B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37CBFA3A-DEC5-419F-AC78-1440F6A2C9E6}] => (Allow) LPort=2869
FirewallRules: [{D992450A-9766-423E-A443-463B5FA322E1}] => (Allow) LPort=1900
FirewallRules: [{2D64EE3F-6829-4AF7-ABBF-468EF35B3720}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{148A459F-AD72-4C03-B4FA-8777755F5502}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{8B2C7553-4734-40E0-AEFA-6DEB7D957BE2}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{5DE83D75-0511-4643-A995-FBABB269D004}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{1C0333EA-9934-485D-9987-C1F6EAB4B7F5}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{5E4F8813-9B20-489B-88DF-2AE249D7B066}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{D5BCA275-40FD-4553-8A63-090270EF95FD}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{44BA4606-04DC-4548-9DB5-01FA1DE5B0A2}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{944D3584-16AF-4841-9321-614A4B15EB0C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7FEE0E5F-D02A-45F7-A94E-B27C2AAB1459}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{21CA9084-F633-405C-B738-CD161D32F4D3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6A68583C-02BC-410C-BE37-C6492012F551}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8444FE84-638A-4D3A-B058-560012589690}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\tl2.runic.launcher.exe
FirewallRules: [{51458E63-4F11-467F-85E8-95C37D7841A6}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\tl2.runic.launcher.exe
FirewallRules: [{DD9A3FEC-7903-4159-A932-3DB2DCE510A1}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\Torchlight2.exe
FirewallRules: [{D6A349D4-452B-4291-B669-EA01E2AB5A87}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\Torchlight2.exe
FirewallRules: [{41CFB696-7C18-4F7B-BEAE-215F8B1F2F57}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D71FCCAE-48D2-4135-87C6-565DCB6FF253}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{83BE6E31-D81E-4820-A9AA-98236D06D379}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{0E434D4F-E49E-4E24-8BB2-DA905A0E1821}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{665CBC77-639C-4F78-8905-821BF11420DE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{BF7EBC30-F951-40A3-B71B-E09D3958FFCB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{66881050-04A1-49BE-9171-AEB34B5163D0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{69EC95A5-69B8-48C1-9752-16E3DAD9E0CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBA922B1-896F-4114-B89D-BEECE9A9AD37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A2EA09D-E2CD-4F80-B7E5-7CE946C75BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D7D30602-0951-4B58-8D72-8C336783673F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BE6D95C5-5D24-423D-AF45-E97A4D13185C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{52FAEBDE-CBA1-45D8-A745-47DC149C110D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{06CCF9AA-5457-486F-AFDB-EEF06E612CAD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{EB6A649B-A2D7-4DB3-BF12-905113A8F21B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: lirsgt
Description: lirsgt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lirsgt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 06:47:17 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/03/2015 08:04:29 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/02/2015 01:56:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1510

Start Time: 01d115a856d9ce82

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/02/2015 01:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18015, time stamp: 0x55cec14a
Faulting module name: MSHTML.dll, version: 11.0.9600.18015, time stamp: 0x55ced693
Exception code: 0xc0000005
Fault offset: 0x004fd89d
Faulting process id: 0x1570
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/02/2015 06:07:41 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2015 06:27:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2015 10:33:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18015, time stamp: 0x55cec14a
Faulting module name: MSHTML.dll, version: 11.0.9600.18015, time stamp: 0x55ced693
Exception code: 0xc0000005
Fault offset: 0x004fd89d
Faulting process id: 0x1428
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/31/2015 08:32:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/31/2015 08:32:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/31/2015 06:23:32 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (11/04/2015 06:07:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 06:07:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:59:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:59:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:52:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:52:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:52:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:50:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:50:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (11/04/2015 05:50:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

CodeIntegrity:
===================================
  Date: 2011-10-15 22:23:38.775
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:38.760
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:37.231
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:37.215
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:36.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:36.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:35.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:23:35.109
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:14:29.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 22:14:29.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 61%
Total physical RAM: 4095.29 MB
Available physical RAM: 1589.56 MB
Total Virtual: 8188.77 MB
Available Virtual: 5114.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:687.35 GB) (Free:333.39 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.18 GB) (Free:0.91 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 57060EC7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 05 November 2015 - 09:59 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\searchplugins\safesearch.xml [2014-03-18]
S3 ALSysIO; \??\C:\Users\Jamie\AppData\Local\Temp\ALSysIO64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 atksgt; system32\DRIVERS\atksgt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Jamie:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Jamie\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Jamie\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Jamie\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset only the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#5 Straynge74

Straynge74
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 05 November 2015 - 11:19 AM

Here's the fixlog and everything seems to be running much better.  Searches seem to be working and my computer is a lot faster now. I didn't even realize it was slow until just now.  I thought after ESET found that Trojan that my browsing speed was back to normal but apparently it wasn't.  Searches are lightning fast now and so far they're all working.  Before that fix about 75% of the time I'd try to search Google the page would just go blank and the search bar was the only thing on the screen and I'd have to refresh the page over and over for it to finally work.  Everything appears to be doing very well.  Thank you so much. I really appreciate you taking the time to help me and also really appreciate everyone on Bleepingcomputer who dedicates their time and energy to helping others.  I'm hoping that fix got everything or fixed everything but so far so good.  Thank you. :)
 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Jamie (2015-11-05 09:12:11) Run:1
Running from C:\Users\Jamie\Desktop
Loaded Profiles: Jamie (Available Profiles: Jamie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2382275307-117169710-2446462624-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\searchplugins\safesearch.xml [2014-03-18]
S3 ALSysIO; \??\C:\Users\Jamie\AppData\Local\Temp\ALSysIO64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 atksgt; system32\DRIVERS\atksgt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Jamie:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Jamie\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Jamie\Templates:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Jamie\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Jamie\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\pj8hy867.default\searchplugins\safesearch.xml => moved successfully
ALSysIO => service removed successfully
AODDriver4.0 => service removed successfully
atksgt => service removed successfully
EagleX64 => service removed successfully
lirsgt => service removed successfully
nvvad_WaveExtensible => service removed successfully
usbbus => service removed successfully
UsbDiag => service removed successfully
USBModem => service removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2382275307-117169710-2446462624-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Jamie => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
"C:\Users\Jamie\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Jamie\Cookies" => ":gs5sys" ADS not found.
"C:\Users\Jamie\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Jamie\Templates" => ":gs5sys" ADS not found.
C:\Users\Jamie\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Jamie\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Jamie\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Jamie\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Jamie\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
EmptyTemp: => 143.6 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:13:22 ====

 


 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 06 November 2015 - 09:33 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 Straynge74

Straynge74
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 06 November 2015 - 10:16 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===


Will do. I'm reading it right now.  Thank you so much for all of your help.  Was there left over stuff from that Trojan or just random malware in my computer?  I just know it's running much better now. A lot faster and searches actually work every time.  I really appreciate the help.  Thank you. :bowdown:   and :thumbsup: 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 06 November 2015 - 11:04 AM

These ADS were probably the culprit.
Let over from a previous infection.

":gs5sys" ADS removed successfully.

Glad to see that all is well.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 12 November 2015 - 09:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users