Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Fake App Attack help, What's Next? [Solved]

System restore? My own reply

  • This topic is locked This topic is locked
36 replies to this topic

#1 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 03 January 2014 - 12:11 AM

Fake app attack: Misleading Application File Download 3

Windows 7, 64- bit,

Events in order-
- 12/30 first ever Blue Screen of Death, I let my laptop sit for about 20 min. and returned to find it restarted. (Since then I've let it sit for about 20 min. 3 times and the laptop freezes completley. I have to hold the power button and start it again. Why is this happening fellas?
- 12/31 opened updated Firefox, was browsing youtubez for about 6 min. when it first closed automatically. Norton pop-up said intrusion attempt BLOCKED. Tried re-opening Firefox about 6 more times, same thing happened.
- 1/1 disk cleanup, Norton Anti-Virus full system scan( nothing detected), Norton eraser tool(nothing was found). Tried using Firefox's own safe mode, crashed. Disk defrag (everything was fine).
- I am able to use everything just fine, only when I use Firefox, it crashes.
- 1/2 Did a NAV full system scan in safe mode (nothing detected), Installed Google Chrome, un-installed Firefox. Opened Up chrome, crashed with the sameNorton pop-up.

What should I do next? I've heard some fellas did a system restore? I'm not sure at all, hopefully we can solve this, I'm sure there are others trying to figure this one out! :)image.jpg image.jpg image.jpg image.jpg

Edited by uchiha808, 03 January 2014 - 12:55 AM.

    Advertisements

Register to Remove


#2 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 03 January 2014 - 12:45 AM

I ran Hijackthis..


Results
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:23 PM, on 1/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\HYUUGA\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\safesa~1\sprote~1.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9600 bytes

Edited by uchiha808, 03 January 2014 - 12:56 AM.


#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 06 January 2014 - 02:05 AM

:welcome:

Hello uchiha808,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.



***


Graduate of the WTT Classroom
Cheers,
Jo

#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 07 January 2014 - 02:10 PM

Hello uchiha808,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

3. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo

#5 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 January 2014 - 05:17 PM

Hey Jo! I am replying to let you know that I have read your posts and will begin the process ASAP. Time won't allow me to begin right away, but know that I will do as instructed. I will respond to update you on my status. Thanks :)

#6 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 08 January 2014 - 10:01 PM

Hi Jo, I've done the first step, here are the results!

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Norton AntiVirus Engine 21.1.0.18 NAV.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#7 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 09 January 2014 - 04:45 PM

I downloaded the Malwarebytes anti-root kit, and this popped up. I am unsure if I should click yes or no, which should I click Jo?

image.jpg

#8 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 09 January 2014 - 07:22 PM

OTL Results 

 

Extras Notepad :

 

OTL Extras logfile created on: 1/9/2014 6:03:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HYUUGA\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 73.83% Memory free
15.60 Gb Paging File | 13.49 Gb Available in Paging File | 86.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 312.18 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
 
Computer Name: HYUUGA-HP | User Name: HYUUGA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1FA84B-45AA-40E7-9F44-034A7481F99E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3C299480-E022-4537-A759-DFA3D94ABC61}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3E162BB3-8AD6-400E-8E13-888A4277C770}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{433BA2AD-161A-487F-BCFE-252B3E32BE56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{48F54861-846B-4CC1-8538-0C565A6AE785}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4CD770DA-2887-4959-8214-1EB50E3BAACF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4EF7B820-3F32-4BB3-9354-EE8EE1A8DE7F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{52AF3017-7E10-471E-99C6-3BFD85F57D92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D6EAD20-52D2-4ABE-8AD1-87E59D4057A7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{622627E9-C265-48C6-8ECB-D4114AB91F9A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6782D77A-092D-44C3-98F3-139F7DED3E98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8637B547-3FB1-4091-8638-93832CBB9506}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{94034794-6651-4544-BCB7-66C055ECF250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A956C5D8-9E8E-4BC0-9555-9810957147A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AFD205B6-AF65-4EE4-81D8-84C7A5E424A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC226932-0324-4B6D-8699-069053F56789}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE213B45-E2AF-4781-9DBA-ADF3D663C1D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA5CEA2-2221-49A8-BB8E-565CE78CD2EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EE1156D4-AC9E-47B6-BAA4-865E0EBDEF00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE626E12-DA03-4E3E-A209-EA56FFE65EAB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F7A4D38D-16C5-4322-B0C4-11E317CAAC29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA193B56-060F-4DB5-98BF-1C34B1FC38A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBB705B8-3ACB-425A-BA56-7A0898327706}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB8C7D-5B69-49FB-8267-E9937335F88A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0C5DA766-1FC9-4539-9793-AE125BE70D1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0ED2C8C9-5A0B-4DA9-92A4-3562E6000249}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{15F8FA6B-0620-41FB-A3BF-8E543E2C0F65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16A619E5-63F6-4232-AE0C-D3CDC9AE5885}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{190A6C55-D18C-483E-A9CF-83919C675E6D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{23CB32C7-5494-44DC-9D7C-A15704BA7609}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3108DC12-7C5D-4EC7-9741-045C6CBC4A0C}" = protocol=6 | dir=out | app=system | 
"{39842985-FF98-446B-82A5-ED5E50FB9FC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3BB8289D-5A4E-419B-93F0-9A06200674C5}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
"{4278DEDA-5483-4AB3-B75A-497D7E6736D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B03F79F-F6B3-4CDF-992C-2C37E1B5CFEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F8C8074-A764-4273-90AA-421FF9D299CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{551FBCCA-5CD9-4784-B67C-BF1B7636EEFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{56845C24-0224-48C6-9992-7A9E55FDE5F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{650DCD98-612F-4480-9FBE-F30AF27EB7ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{6D9168D3-19C4-4839-BCA1-EC3FC6C52497}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E4989FC-8DF2-4413-8FF7-73564462C7F0}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
"{73655DA1-77DF-43C4-B937-D2C906E00AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
"{770D9829-7E35-4B13-9C85-07962B70CFFE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8091681B-BFE7-4DDA-A96B-AF803343CBA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{8432A29D-7B39-4E32-9B9C-4E9B5C6F7B64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EFC17FA-88AC-4EBF-BC71-1E829AA14B12}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9D11C3D3-6107-4402-BA28-A61072B5FF7D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0780978-AF9D-465D-94C1-911EA120C302}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AB2AC2E4-0915-4AF9-8E7C-B03B9F20D9E9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC0A49F2-0783-4832-AF29-591358CA027E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BD5C6263-AF4F-4052-8188-5B10848AAEE2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BEFACB98-222B-4A60-9F11-3FD32979E882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C54F85B2-6BDF-4B3E-B990-D3EA3DBE23C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C768924A-9EBD-40E8-8576-2F8222B10E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
"{D2D4E4CD-0032-4D6F-B15B-2BD55F58A163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E62B1934-9417-4FCC-8900-94CF48987949}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E9DCC754-69F3-48A1-BF41-3362A5956F24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D160EEE0-5FB9-4C97-AE7C-179B0A83CC16}" = BrowseToSave
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OptimizerPro Upd" = OptimizerPro Upd
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4F74D585-BCDB-4316-80FC-264E5B8E883E}" = HP Software Framework
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = 
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Luxonix Purity VSTi_is1" = Luxonix Purity VSTi v1.1.2
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SP_f2a323db" = 
"SP_f5d3e0aa" = SafeSaver 1.74
"Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0
"Tone2 Gladiator full_is1" = Gladiator  full
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/30/2013 10:57:02 PM | Computer Name = HYUUGA-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 577188
 
Error - 12/30/2013 10:57:17 PM | Computer Name = HYUUGA-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/30/2013 10:57:17 PM | Computer Name = HYUUGA-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 592789
 
Error - 12/30/2013 10:57:17 PM | Computer Name = HYUUGA-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 592789
 
Error - 12/30/2013 11:12:54 PM | Computer Name = HYUUGA-HP | Source = CVHSVC | ID = 100
Description = Information only.  The action cannot be completed. Try the action again.
 If the problem continues, contact Microsoft Product Support.
 
Error - 12/30/2013 11:27:51 PM | Computer Name = HYUUGA-HP | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
Error - 12/30/2013 11:41:13 PM | Computer Name = HYUUGA-HP | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 12/31/2013 12:43:34 AM | Computer Name = HYUUGA-HP | Source = OptimizerPro UpdUpdater | ID = 0
Description = 
 
Error - 12/31/2013 12:43:41 AM | Computer Name = HYUUGA-HP | Source = OptimizerPro UpdUpdater | ID = 0
Description = 
 
Error - 12/31/2013 5:44:53 AM | Computer Name = HYUUGA-HP | Source = OptimizerPro UpdUpdater | ID = 0
Description = 
 
Error - 12/31/2013 5:45:33 AM | Computer Name = HYUUGA-HP | Source = OptimizerPro UpdUpdater | ID = 0
Description = 
 
[ HP Wireless Assistant Events ]
Error - 4/18/2013 1:47:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:48:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:49:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:50:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:51:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:52:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:53:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:54:37 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:57:03 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 4/18/2013 1:58:03 AM | Computer Name = HYUUGA-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
[ Media Center Events ]
Error - 7/26/2013 1:34:16 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 11:34:06 AM - Error connecting to the internet.  11:34:06 AM -     Unable
 to contact server..  
 
Error - 7/26/2013 2:34:21 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 12:34:21 PM - Error connecting to the internet.  12:34:21 PM -     Unable
 to contact server..  
 
Error - 7/26/2013 2:34:27 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 12:34:26 PM - Error connecting to the internet.  12:34:26 PM -     Unable
 to contact server..  
 
Error - 7/28/2013 2:06:52 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 12:06:52 PM - Error connecting to the internet.  12:06:52 PM -     Unable
 to contact server..  
 
Error - 7/28/2013 2:07:04 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 12:06:58 PM - Error connecting to the internet.  12:06:58 PM -     Unable
 to contact server..  
 
Error - 7/28/2013 3:09:43 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 1:09:43 PM - Error connecting to the internet.  1:09:43 PM -     Unable
 to contact server..  
 
Error - 7/28/2013 3:09:49 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 1:09:48 PM - Error connecting to the internet.  1:09:48 PM -     Unable
 to contact server..  
 
Error - 7/29/2013 12:10:33 AM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 10:10:33 PM - Error connecting to the internet.  10:10:33 PM -     Unable
 to contact server..  
 
Error - 7/29/2013 12:10:39 AM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 10:10:38 PM - Error connecting to the internet.  10:10:38 PM -     Unable
 to contact server..  
 
Error - 7/29/2013 2:00:13 PM | Computer Name = HYUUGA-HP | Source = MCUpdate | ID = 0
Description = 12:00:08 PM - Error connecting to the internet.  12:00:08 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 10/5/2013 1:06:47 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/9/2013 12:48:16 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/10/2013 2:32:48 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/11/2013 2:12:31 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/12/2013 12:28:04 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/15/2013 9:40:26 PM | Computer Name = HYUUGA-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:36:26 PM on ?10/?15/?2013 was unexpected.
 
Error - 10/15/2013 9:42:45 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/16/2013 4:39:12 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/16/2013 11:14:11 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
Error - 10/17/2013 4:25:25 PM | Computer Name = HYUUGA-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
 error:   %%2
 
 
< End of report >


#9 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 09 January 2014 - 07:32 PM

OTL RESULTS

 

OTL NOTEPAD: 

 

OTL logfile created on: 1/9/2014 6:03:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HYUUGA\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 73.83% Memory free
15.60 Gb Paging File | 13.49 Gb Available in Paging File | 86.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 312.18 Gb Free Space | 69.61% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
 
Computer Name: HYUUGA-HP | User Name: HYUUGA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HYUUGA\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\BetterSoft\OptimizerPro Upd\OptimizerPro Upd.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5de32c4f69c7141f68b383915ab87ff4\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (Symantec Corporation)
SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TASCAM_US144_MK2_WDM) -- C:\Windows\SysNative\drivers\tscusb2a.sys (TASCAM)
DRV:64bit: - (TASCAM_US144_MK2_MIDI) -- C:\Windows\SysNative\drivers\tscusb2m.sys (TASCAM)
DRV:64bit: - (TASCAM_US122144) -- C:\Windows\SysNative\drivers\tascusb2.sys (TASCAM)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {60A1766F-3A9C-45CD-9FEA-613B72250F26}
IE:64bit: - HKLM\..\SearchScopes\{0A62FCC2-BA0C-4682-B7C5-6555D084CAC9}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{60A1766F-3A9C-45CD-9FEA-613B72250F26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{B38F4317-9590-47E4-A9C0-547BB4AD08B5}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B55BFC23-F999-497A-B54E-5C73DBD84035}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
IE - HKLM\..\SearchScopes,DefaultScope = {41DBCF95-8464-4980-812A-A87513D0700D}
IE - HKLM\..\SearchScopes\{0A62FCC2-BA0C-4682-B7C5-6555D084CAC9}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{60A1766F-3A9C-45CD-9FEA-613B72250F26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{B38F4317-9590-47E4-A9C0-547BB4AD08B5}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{B55BFC23-F999-497A-B54E-5C73DBD84035}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
IE - HKCU\..\SearchScopes,DefaultScope = {53180B89-3BBE-4824-87C1-1CD2D36A8BF3}
IE - HKCU\..\SearchScopes\{0A62FCC2-BA0C-4682-B7C5-6555D084CAC9}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{41DBCF95-8464-4980-812A-A87513D0700D}: "URL" = http://search.condui...8661397914&UM=2
IE - HKCU\..\SearchScopes\{53180B89-3BBE-4824-87C1-1CD2D36A8BF3}: "URL" = http://searchou.com/...682be03ae&r=694
IE - HKCU\..\SearchScopes\{60A1766F-3A9C-45CD-9FEA-613B72250F26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B38F4317-9590-47E4-A9C0-547BB4AD08B5}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{B55BFC23-F999-497A-B54E-5C73DBD84035}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [2014/01/09 11:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013/12/22 11:44:36 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.15.0.62_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.2.3_0\
CHR - Extension: No name found = C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CC9F21-65DD-4389-8EC6-D1AC16234639}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\safesa~1\sprote~1.dll) - c:\Program Files (x86)\SafeSaver\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/09 16:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/09 16:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/09 16:23:12 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/09 16:07:17 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\mbar
[2014/01/09 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\photoshop
[2014/01/09 14:27:16 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\mine
[2014/01/08 21:06:43 | 000,419,160 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tascusb2.sys
[2014/01/08 21:06:43 | 000,205,656 | ---- | C] (TASCAM) -- C:\Windows\SysNative\US-122_MKII_US-144_MKII.CPL
[2014/01/08 21:06:43 | 000,053,080 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tscusb2a.sys
[2014/01/08 21:06:43 | 000,031,576 | ---- | C] (TASCAM) -- C:\Windows\SysNative\drivers\tscusb2m.sys
[2014/01/08 21:06:43 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deTascam
[2014/01/08 21:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TASCAM
[2014/01/08 21:03:09 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\TASCAM_USB2_X64_2.03
[2014/01/02 19:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/30 20:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/27 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\newmusic
[2013/12/23 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\Koolz
[2013/12/22 11:43:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2013/12/20 00:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/15 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\HYUUGA\Desktop\stuffs
[2013/12/11 01:33:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 01:33:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 01:33:45 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 01:33:44 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 01:05:43 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 01:05:43 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 01:05:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 01:05:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 01:05:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 01:05:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 01:05:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 01:05:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 01:05:32 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 01:05:32 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 01:05:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/09 17:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 16:23:12 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/09 16:07:17 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/09 11:49:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 11:49:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 11:47:05 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 11:47:05 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 11:47:05 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 11:40:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 11:39:45 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\schedule!1877806136.job
[2014/01/09 11:39:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 11:39:19 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/08 21:11:22 | 002,034,800 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\Cat.DB
[2014/01/08 20:49:24 | 000,987,410 | ---- | M] () -- C:\Users\HYUUGA\Desktop\SecurityCheck.exe
[2014/01/08 20:32:39 | 000,001,304 | ---- | M] () -- C:\Users\HYUUGA\Desktop\Notepad.lnk
[2014/01/02 19:40:20 | 000,002,243 | ---- | M] () -- C:\Users\HYUUGA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 19:34:16 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/02 17:19:36 | 000,000,132 | ---- | M] () -- C:\Users\HYUUGA\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/12/30 20:11:55 | 524,798,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/22 11:43:30 | 000,002,357 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013/12/22 11:42:07 | 000,023,702 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1501000.012\VT20131219.024
[2013/12/21 14:19:23 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/12/21 14:19:23 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/12/21 14:19:23 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/12/11 09:23:45 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 09:23:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/11 09:13:42 | 004,904,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/01/08 21:18:00 | 000,276,992 | ---- | C] () -- C:\Users\HYUUGA\Desktop\FWUpdater-US122MKII_US144MKII_203.exe
[2014/01/08 20:49:19 | 000,987,410 | ---- | C] () -- C:\Users\HYUUGA\Desktop\SecurityCheck.exe
[2014/01/08 20:32:39 | 000,001,304 | ---- | C] () -- C:\Users\HYUUGA\Desktop\Notepad.lnk
[2014/01/02 19:34:16 | 000,002,243 | ---- | C] () -- C:\Users\HYUUGA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 19:34:16 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/02 19:33:41 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 19:33:39 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 20:11:55 | 524,798,471 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/12 22:05:19 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll
[2013/05/02 00:49:09 | 000,000,132 | ---- | C] () -- C:\Users\HYUUGA\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/04/30 12:13:24 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/23 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\Image-Line
[2013/05/02 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\Smartelectronix
[2013/12/04 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\SoftGrid Client
[2013/05/02 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/30 12:33:14 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\Systweak
[2013/04/23 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\Tific
[2013/11/12 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\TP
[2013/05/19 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\HYUUGA\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >


#10 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 09 January 2014 - 07:33 PM

Malwarebytes Anti Rookit did not find anything, everything was good.


    Advertisements

Register to Remove


#11 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 10 January 2014 - 04:23 PM

Hi uchiha808,

Do not install / uninstall any applications, unless instructed here.
 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Graduate of the WTT Classroom
Cheers,
Jo

#12 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 10 January 2014 - 11:19 PM

Combofix results:

 

ComboFix 14-01-08.03 - HYUUGA 01/10/2014  21:55:13.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.5990 [GMT -7:00]
Running from: c:\users\HYUUGA\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SafeSaver
c:\program files (x86)\SafeSaver\sprotector.dll
c:\program files (x86)\SafeSaver\uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))
.
.
2014-01-09 23:23 . 2014-01-09 23:23 -------- d-----w- c:\programdata\Malwarebytes
2014-01-09 23:23 . 2014-01-10 01:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-09 23:23 . 2014-01-09 23:23 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-09 23:07 . 2014-01-09 23:07 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-09 04:06 . 2014-01-09 04:06 -------- d-----w- c:\windows\usb-audio.deTascam
2014-01-09 04:06 . 2011-04-29 04:18 53080 ----a-w- c:\windows\system32\drivers\tscusb2a.sys
2014-01-09 04:06 . 2011-04-29 04:18 31576 ----a-w- c:\windows\system32\drivers\tscusb2m.sys
2014-01-09 04:06 . 2011-04-29 04:18 419160 ----a-w- c:\windows\system32\drivers\tascusb2.sys
2014-01-09 04:06 . 2011-04-29 04:17 205656 ------w- c:\windows\system32\US-122_MKII_US-144_MKII.CPL
2013-12-21 21:19 . 2013-12-22 18:42 -------- d-----w- c:\windows\system32\drivers\NAVx64\1501000.012
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-21 21:19 . 2013-04-29 18:47 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-12-14 09:21 . 2013-04-19 19:59 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:23 . 2013-04-19 21:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 16:23 . 2013-04-19 21:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-05 04:46 . 2013-12-05 04:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-12 02:23 . 2013-12-11 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 08:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 08:05 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 08:05 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 08:05 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 08:05 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 08:05 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys;c:\windows\SYSNATIVE\drivers\tscusb2m.sys [x]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]
S1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140110.001\IDSvia64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140110.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1501000.012\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-03 02:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 02:33]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 02:33]
.
2014-01-10 c:\windows\Tasks\schedule!1877806136.job
- c:\programdata\BetterSoft\OptimizerPro Upd\OptimizerPro Upd.exe [2013-07-18 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.3.1.22
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.3.1.22
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HP Photo Creations - c:\program files (x86)\HP Photo Creations\uninst.exe
AddRemove-SP_f5d3e0aa - c:\program files (x86)\SafeSaver\uninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-WinLiveSuite_Wave3 - c:\program files (x86)\Windows Live\Installer\wlarp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18;c:\program files (x86)\Norton AntiVirus\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-10  22:13:32
ComboFix-quarantined-files.txt  2014-01-11 05:13
.
Pre-Run: 337,065,996,288 bytes free
Post-Run: 337,089,720,320 bytes free
.
- - End Of File - - D8B82D83CE7DE8A0A0D2321B76AB4318


#13 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 12 January 2014 - 01:43 PM

Hi uchiha808,

Please download AdwCleaner by Xplode and save to your Desktop.
Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo

#14 uchiha808

uchiha808

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 12 January 2014 - 06:50 PM

AdwCleaner results:

 

  # AdwCleaner v3.017 - Report created 12/01/2014 at 16:23:02

# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HYUUGA - HYUUGA-HP
# Running from : C:\Users\HYUUGA\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found C:\Program Files (x86)\BrowseToSave
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\BBrowse2SSavee
Folder Found C:\ProgramData\BetterSoft
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowse2SSavee
Folder Found C:\ProgramData\SoftSafe
Folder Found C:\Users\HYUUGA\AppData\Local\Conduit
Folder Found C:\Users\HYUUGA\AppData\LocalLow\Conduit
Folder Found C:\Users\HYUUGA\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\HYUUGA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3880 octets] - [12/01/2014 16:23:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3940 octets] ##########


#15 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 13 January 2014 - 03:09 PM

Hi uchiha808,


Right click on AdwCleaner.exe to run the tool again and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Right click JRT.exe to run the tool and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users