Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer is running slow possible Trojan.Tracur infection [Solved]


  • This topic is locked This topic is locked
10 replies to this topic

#1 rntadkins

rntadkins

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 23 October 2014 - 06:02 PM

At first I found a pup.download file that Malwarebytes got rid of, but the computer kept running very slowly.  Norton quarantined uvpqtnlu.dll (Trojan.Tracur) four times today, then Norton crashed and had to be reloaded.  Not sure what else to look for, any help would be appreciated.

 

Here are the logs:

 

aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-23 18:11:17
-----------------------------
18:11:17.615    OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:17.615    Number of processors: 6 586 0xA00
18:11:17.615    ComputerName: BOB-HP  UserName: Bob
18:11:19.783    Initialize success
18:11:19.783    VM: initialized successfully
18:11:19.986    VM: Amd CPU BiosDisabled
18:11:21.875    VM: not used
18:11:21.985    supported disk I/O storport.sys
18:12:00.953    AVAST engine defs: 14102302
18:12:40.047    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
18:12:40.047    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
18:12:40.047    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000067
18:12:40.063    Disk 1 Vendor: Seagate_ HP35 Size: 476940MB BusType: 8
18:12:40.765    Disk 0 MBR read successfully I/O
18:12:40.780    Disk 0 MBR scan
18:12:40.780    Disk 0 unknown MBR code
18:12:40.827    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:12:40.874    Disk 0 default boot code
18:12:40.936    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       940130 MB offset 206848
18:12:41.030    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13442 MB offset 1925593088
18:12:41.794    Disk 0 scanning C:\Windows\system32\drivers
18:13:35.521    Service scanning
18:13:39.046    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20140801.001\BHDrvx64.sys **LOCKED** 5
18:13:41.371    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
18:13:41.808    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
18:13:44.943    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20140717.001\IDSVia64.sys **LOCKED** 5
18:13:48.032    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.002\ENG64.SYS **LOCKED** 5
18:13:48.188    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.002\EX64.SYS **LOCKED** 5
18:14:01.666    Modules scanning
18:14:01.682    Disk 0 trace - called modules:
18:14:01.776    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
18:14:01.807    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e7d060]
18:14:01.822    3 CLASSPNP.SYS[fffff880013b643f] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80079c89c0]
18:14:03.788    AVAST engine scan C:\Windows
18:16:17.543    AVAST engine scan C:\Windows\system32
18:20:48.844    AVAST engine scan C:\Windows\system32\drivers
18:21:11.370    AVAST engine scan C:\Users\Bob
19:37:03.653    AVAST engine scan C:\ProgramData
19:41:23.424    Disk 0 statistics 5592503/22/0 @ 0.55 MB/s
19:41:23.455    Scan finished successfully
19:41:35.951    Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
19:41:35.951    The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Bob (administrator) on BOB-HP on 23-10-2014 19:49:44
Running from C:\Users\Bob\Desktop
Loaded Profile: Bob (Available profiles: Bob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(SanDisk Corporation) C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [MoneyAgent] => "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [Google Update] => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [SansaDispatch] => C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-07-10] (SanDisk Corporation)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [NETGEARGenie] => å  °úB(#CD       C:\Users\Bob\AppData\Roaming\SanDisk\Sans
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {1df8bd3d-f25c-11e3-a19f-6431503b9e7f} - G:\win\setup.exe -phs
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {220bc39d-4f6e-11e0-9547-806e6f6e6963} - F:\MainMenu_PC.exe
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {a0482393-599b-11e0-b480-6431503b9e7f} - K:\SISetup.exe
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {c2c54bfc-b86a-11e3-b9b3-6431503b9e7f} - G:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpdsk/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\goqn2okb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\goqn2okb.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2014-10-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Bob\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-03-20]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-01] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141023.001\IDSvia64.sys [633560 2014-10-23] (Symantec Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.002\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141023.002\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-20] (CACE Technologies, Inc.)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 aswMBR; \??\C:\Users\Bob\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Bob\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:49 - 2014-10-23 19:50 - 00023585 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-10-23 19:49 - 2014-10-23 19:49 - 00000000 ____D () C:\FRST
2014-10-23 19:48 - 2014-10-23 19:48 - 02112000 _____ (Farbar) C:\Users\Bob\Desktop\frst64.exe
2014-10-23 19:41 - 2014-10-23 19:41 - 00003186 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-10-23 17:16 - 2014-10-23 17:17 - 05192704 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-10-23 16:42 - 2014-10-23 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-23 16:40 - 2014-10-23 16:40 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-23 16:40 - 2014-10-23 16:40 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-23 16:40 - 2014-10-23 16:40 - 00002575 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-23 16:39 - 2014-10-23 16:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-23 16:39 - 2014-10-23 16:39 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-10-23 16:30 - 2014-10-23 16:49 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-23 16:30 - 2014-10-23 16:30 - 01021936 _____ (Symantec Corporation) C:\Users\Bob\Desktop\NortonNISDownloader.exe
2014-10-23 16:30 - 2014-10-23 16:30 - 00001291 _____ () C:\Users\Bob\Desktop\Norton Installation Files.lnk
2014-10-23 16:19 - 2014-10-23 16:20 - 00896048 _____ () C:\Users\Bob\Downloads\Norton_Removal_Tool.exe
2014-10-22 22:33 - 2014-10-22 22:33 - 00000000 ____D () C:\NPE
2014-10-22 16:55 - 2014-10-22 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-22 16:55 - 2014-10-22 16:55 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-17 13:46 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 13:46 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 13:46 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 13:46 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 13:46 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 13:46 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 13:46 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 13:46 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 13:46 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 13:46 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 13:46 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 13:46 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 13:46 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 13:45 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 13:45 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 13:45 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 13:45 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 13:45 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 13:45 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 13:45 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 13:45 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 13:45 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 13:45 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 13:45 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 13:45 - 2014-09-19 22:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-17 13:45 - 2014-09-19 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-17 13:45 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 13:45 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 13:45 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 13:45 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 13:45 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 13:45 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 13:45 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 13:45 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:07 - 2014-10-15 16:07 - 00113342 _____ () C:\Users\Bob\Desktop\report_export_2014_10_15_16_06_50.csv
2014-10-06 15:32 - 2014-10-07 19:54 - 00009639 _____ () C:\Users\Bob\Desktop\Medical Bills.xlsx
2014-09-30 18:23 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 18:23 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:35 - 2014-09-29 20:35 - 00014336 _____ () C:\Users\Bob\Documents\Copy of Group probm 1 worksheet.xlsx
2014-09-24 15:21 - 2014-09-24 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 19:00 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 19:00 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:33 - 2011-03-03 19:23 - 01536261 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 19:33 - 2009-07-14 00:51 - 00346599 _____ () C:\Windows\setupact.log
2014-10-23 18:59 - 2011-12-20 22:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA.job
2014-10-23 18:57 - 2012-04-10 18:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 17:10 - 2014-07-31 15:52 - 00000000 ____D () C:\Users\Bob\AppData\Local\Garmin
2014-10-23 17:10 - 2014-07-25 11:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Mozilla
2014-10-23 17:10 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\Bob\AppData\Local\{50E946AF-A9DC-41BA-B4D9-BB27F0632731}
2014-10-23 17:10 - 2013-12-22 23:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\{ED1CBD25-7979-44A5-9F97-7D16D1D0E7B0}
2014-10-23 17:10 - 2013-12-22 23:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\{E40AE012-4D4B-4B92-B8D1-48A8C236331A}
2014-10-23 17:10 - 2013-08-20 19:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\NPE
2014-10-23 17:10 - 2013-06-20 19:25 - 00000000 ____D () C:\Users\Bob\AppData\Local\NETGEARGenie
2014-10-23 17:10 - 2013-05-10 08:25 - 00000000 ____D () C:\Users\Bob\AppData\Local\{B305365A-4EC6-4BA1-B621-252AED267F8C}
2014-10-23 17:10 - 2012-09-30 16:35 - 00000000 ____D () C:\Users\Bob\AppData\Local\{C3F2FC05-0609-4A06-A0B5-B5C227339146}
2014-10-23 17:10 - 2012-09-30 16:31 - 00000000 ____D () C:\Users\Bob\AppData\Local\HP MediaSmart Video
2014-10-23 17:10 - 2012-08-22 16:54 - 00000000 ____D () C:\Users\Bob\AppData\Local\{2DC6BD64-EC00-44F4-99E3-C23FFB1A726F}
2014-10-23 17:10 - 2012-07-24 15:22 - 00000000 ____D () C:\Users\Bob\AppData\Local\{BDD37329-1316-47E0-80A6-C6AC656650BE}
2014-10-23 17:10 - 2012-03-20 20:30 - 00000000 ____D () C:\Users\Bob\AppData\Local\{24961E4B-F4DB-4850-9205-D4F4F3491202}
2014-10-23 17:10 - 2012-03-20 20:16 - 00000000 ____D () C:\Users\Bob\AppData\Local\Windows Live
2014-10-23 17:10 - 2012-03-20 20:15 - 00000000 ____D () C:\Users\Bob\AppData\Local\{784A0C36-A01B-45B5-8F6D-B928D42D4520}
2014-10-23 17:10 - 2012-03-20 20:15 - 00000000 ____D () C:\Users\Bob\AppData\Local\{2B80E9B7-2382-4727-909B-55EC2FC2C403}
2014-10-23 17:10 - 2011-12-30 21:44 - 00000000 ____D () C:\Users\Bob\AppData\Local\IsolatedStorage
2014-10-23 17:10 - 2011-12-30 21:39 - 00000000 ____D () C:\Users\Bob\AppData\Local\PackageAware
2014-10-23 17:10 - 2011-12-20 22:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Google
2014-10-23 17:10 - 2011-04-03 00:55 - 00000000 ____D () C:\Users\Bob\AppData\Local\Sonic_Solutions
2014-10-23 17:10 - 2011-03-28 21:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\Kjs.AppLife.Update
2014-10-23 17:10 - 2011-03-16 00:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft Help
2014-10-23 17:10 - 2011-03-15 23:45 - 00000000 ____D () C:\Users\Bob\AppData\Local\PowerCinema
2014-10-23 17:10 - 2011-03-15 21:12 - 00000000 ___DC () C:\Users\Bob\AppData\Local\MigWiz
2014-10-23 17:10 - 2011-03-15 21:12 - 00000000 ____D () C:\Users\Bob\AppData\Local\PDFC
2014-10-23 17:10 - 2011-03-15 21:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\VirtualStore
2014-10-23 17:10 - 2011-03-15 21:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\RemEngine
2014-10-23 17:10 - 2011-03-15 21:07 - 00000000 ____D () C:\Users\Bob\AppData\Local\Hewlett-Packard_Company
2014-10-23 17:10 - 2011-03-15 21:07 - 00000000 ____D () C:\Users\Bob\AppData\Local\Hewlett-Packard
2014-10-23 17:09 - 2014-07-25 11:47 - 00000000 ____D () C:\Users\Bob\AppData\Local\Macromedia
2014-10-23 17:09 - 2014-06-12 20:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Adobe
2014-10-23 17:09 - 2014-03-16 19:53 - 00000000 ____D () C:\Users\Bob\AppData\Local\LogMeIn Rescue Applet
2014-10-23 17:09 - 2013-11-20 17:30 - 00000000 ____D () C:\Users\Bob\AppData\Local\Citrix
2014-10-23 17:09 - 2012-09-19 23:59 - 00000000 ____D () C:\Users\Bob\AppData\Local\CutePDF Writer
2014-10-23 17:09 - 2011-12-30 21:43 - 00000000 ____D () C:\Users\Bob\AppData\Local\Ancestry.com
2014-10-23 17:09 - 2011-12-20 22:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Deployment
2014-10-23 17:09 - 2011-04-03 00:57 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft Games
2014-10-23 17:09 - 2011-03-15 23:45 - 00000000 ____D () C:\Users\Bob\AppData\Local\CyberLink
2014-10-23 17:09 - 2011-03-15 21:13 - 00000000 ____D () C:\Users\Bob\AppData\Local\ATI
2014-10-23 17:06 - 2014-08-22 21:53 - 00000000 ____D () C:\Users\Bob\AppData\Local\{51FFA240-4813-4DDC-919A-BA31C03194CA}
2014-10-23 17:04 - 2011-03-28 17:33 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-10-23 17:03 - 2011-03-23 18:13 - 00000000 ____D () C:\Users\Bob\AppData\Local\TechSmith
2014-10-23 17:02 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 17:02 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 16:57 - 2014-07-25 19:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 16:54 - 2014-01-22 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 16:54 - 2011-08-25 19:09 - 00000000 ____D () C:\Users\Bob\AppData\Local\Symantec
2014-10-23 16:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 16:49 - 2011-03-03 19:45 - 00000000 ____D () C:\ProgramData\Norton
2014-10-23 16:40 - 2012-03-15 16:26 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-23 16:40 - 2011-03-15 21:12 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-23 16:30 - 2012-03-15 03:18 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-23 16:24 - 2011-03-15 21:38 - 00466508 _____ () C:\Windows\PFRO.log
2014-10-23 15:59 - 2011-12-20 22:40 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core.job
2014-10-23 15:54 - 2011-12-20 22:40 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA
2014-10-23 15:54 - 2011-12-20 22:40 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core
2014-10-22 23:16 - 2011-03-23 16:05 - 00000000 ____D () C:\Users\Bob\Documents\Outlook Files
2014-10-22 22:16 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-22 21:48 - 2014-01-22 16:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 21:48 - 2014-01-22 16:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 21:48 - 2014-01-22 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 16:55 - 2011-05-11 19:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-22 16:48 - 2014-06-11 14:37 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBob.job
2014-10-22 16:46 - 2011-03-23 15:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 15:03 - 2014-06-11 14:37 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBob
2014-10-21 19:17 - 2011-12-20 22:40 - 00002356 _____ () C:\Users\Bob\Desktop\Google Chrome.lnk
2014-10-20 21:15 - 2009-07-14 01:13 - 00801092 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 21:10 - 2011-03-23 18:11 - 00000000 ____D () C:\Users\Bob\Documents\Camtasia Studio
2014-10-20 21:09 - 2011-09-05 20:17 - 00016896 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 19:58 - 2011-03-03 19:42 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-20 13:46 - 2013-06-26 13:33 - 00000000 ____D () C:\Users\Bob\Documents\Band Boosters
2014-10-19 15:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 03:32 - 2009-07-14 00:45 - 00434480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 03:29 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 03:12 - 2011-03-16 00:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 03:07 - 2013-07-20 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 03:02 - 2011-03-28 20:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 23:37 - 2013-06-28 19:18 - 00000000 ____D () C:\Users\Bob\Documents\GreenonBand
2014-10-15 14:57 - 2011-11-02 19:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-14 18:13 - 2011-06-14 13:58 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBOB-HP$
2014-10-14 18:13 - 2011-06-14 13:58 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForBOB-HP$.job
2014-10-10 22:53 - 2011-12-30 21:44 - 00000000 ____D () C:\Users\Bob\Documents\Family Tree Maker
2014-10-05 14:13 - 2011-03-15 23:52 - 00000000 ____D () C:\Users\Bob\Documents\Danielle
2014-10-03 17:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 13:07 - 2011-12-31 01:06 - 00000000 ____D () C:\Users\Bob\Documents\Tammy
2014-09-27 09:48 - 2014-07-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 16:41 - 2012-01-23 21:26 - 00000000 ____D () C:\ProgramData\pdf995
2014-09-24 15:33 - 2011-04-17 11:10 - 00000000 ____D () C:\Users\Bob\Documents\HRBlock
2014-09-24 03:27 - 2011-03-03 19:45 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-23 18:46 - 2012-04-10 18:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 18:46 - 2012-04-10 18:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 18:46 - 2011-05-13 13:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\COMAP.EXE
C:\Users\Bob\AppData\Local\Temp\converter.exe
C:\Users\Bob\AppData\Local\Temp\cupd.exe
C:\Users\Bob\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Bob\AppData\Local\Temp\la-prxh1.dll
C:\Users\Bob\AppData\Local\Temp\Resource.exe
C:\Users\Bob\AppData\Local\Temp\siinst.exe
C:\Users\Bob\AppData\Local\Temp\sp53904.exe
C:\Users\Bob\AppData\Local\Temp\sp54931.exe
C:\Users\Bob\AppData\Local\Temp\sp58915.exe
C:\Users\Bob\AppData\Local\Temp\sp64126.exe
C:\Users\Bob\AppData\Local\Temp\strings.dll
C:\Users\Bob\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bob\AppData\Local\Temp\System.Data.SQLite42780.dll
C:\Users\Bob\AppData\Local\Temp\System.Data.SQLite61611.dll
C:\Users\Bob\AppData\Local\Temp\tmp692D.exe
C:\Users\Bob\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Bob\AppData\Local\Temp\UninstallHPTCA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.1 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.1 - Amazon Services LLC) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{8D3903E2-4B1B-4A69-B8F6-A3D1BE075BDB}) (Version: 2.2.6484 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}) (Version: 7.1.0 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.1123.1002.17926 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help English (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help French (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help German (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.1123.1001.17926 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
ccc-utility64 (Version: 2010.1123.1002.17926 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
CutePDF Writer 2.9 (HKLM\...\CutePDF Writer Installation) (Version:  2.9 - CutePDF.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
General Ledger Software for Luxurious Spa (HKLM-x32\...\{E83F359B-0F12-430A-B97D-FE409ED713AE}) (Version: 7.00.000 - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.8.0.1189 (HKCU\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
H&R Block Business 2013 (Remove Only) (HKLM-x32\...\H&R Block Business 2013) (Version:  - )
H&R Block Ohio 2010 (HKLM-x32\...\{C156F4AB-7756-45AB-8B82-C068A48A11BB}) (Version: 1.10.3901 - HRB Technology, LLC.)
H&R Block Ohio 2011 (HKLM-x32\...\{459D0CEE-BBAD-465D-A0BF-C7820085A050}) (Version: 1.11.4101 - HRB Technology, LLC.)
H&R Block Ohio 2012 (HKLM-x32\...\{E85D9824-9316-4124-9AC2-9F7E63B97295}) (Version: 1.12.4401 - HRB Technology, LLC.)
H&R Block Ohio 2013 (HKLM-x32\...\{7B655EBC-2183-4EE5-8320-2BE26482FD41}) (Version: 1.13.5201 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Inspector for Luxurious Spa (HKLM-x32\...\{0BD3C73C-443E-4670-8A14-27E92E815DAE}) (Version: 7.00.000 - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.5.2.36 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 2.5.2.36 - NTI Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

13-10-2014 23:32:13 Windows Backup
18-10-2014 07:00:44 Windows Update
20-10-2014 16:05:01 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00A160CE-4B69-4536-B5AA-24C351681E08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {19AB1192-FCD1-432A-9DB2-0C95FF42E217} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {25852E7F-85AA-4855-9B15-EB32ADCF3826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {37FCAB1C-3C48-4BED-9648-8D23A8A74DF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3B7DC65A-C7FB-4336-8187-94D811F06CB7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {4175BD32-F67C-4304-8AFE-7D3DF28E1602} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4739E5EF-38DA-4EAC-B909-302C5AB2D210} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4E2A3BF4-EB0D-4DA9-943E-F6E022C093D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {5613A5B7-749C-44E9-B99E-2FD139ACD4C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {59ED2113-3C32-45E2-880D-5C2A4EE2EE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {644A2C25-8EDE-41BE-80B7-EF63F80E2206} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6BC8BE8B-CE78-4D4F-81D5-14BC6763147F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8476601C-9F9A-447C-88B6-D47695648F76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AC566D58-BFCC-4B2A-A982-D712B811DF9A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B4EF5D70-CE64-4C74-896F-196AD0F12DF3} - System32\Tasks\HPCeeScheduleForBOB-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B7EF7A2C-5914-4E76-808F-F964893659E4} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {BC8AAD4F-627B-481B-99F1-469C9F03AFB9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E467E754-04A1-4A44-BC4A-419935404257} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {F2C1F705-5BD0-4FE4-88B3-5440C030E585} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core.job => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA.job => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBOB-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-09-19 23:57 - 2012-09-12 15:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL
2012-01-23 21:26 - 2006-10-19 22:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-03-28 20:37 - 2010-03-04 16:57 - 03031040 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2009-12-15 21:40 - 2009-12-15 21:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-09-15 14:31 - 2010-09-15 14:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-04-07 07:38 - 2013-04-07 07:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2013-04-07 07:42 - 2013-04-07 07:42 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2011-03-28 20:37 - 2010-03-04 16:57 - 00373248 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2010-04-12 20:59 - 2010-04-12 20:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-23 14:01 - 2010-11-23 14:01 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-15 21:40 - 2009-12-15 21:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-12-15 21:41 - 2009-12-15 21:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-12-16 03:44 - 2009-12-16 03:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2011-09-23 22:54 - 2011-09-23 22:54 - 00465344 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 21:22 - 2013-06-04 21:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 23:12 - 2013-05-09 23:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 04:43 - 2013-03-27 04:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 02:21 - 2013-05-28 02:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 04:52 - 2013-03-27 04:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 04:50 - 2013-03-27 04:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 22:56 - 2013-05-14 22:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 02:25 - 2013-04-28 02:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 01:18 - 2013-05-14 01:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 05:56 - 2012-11-29 05:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 22:58 - 2013-03-26 22:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-09-24 15:21 - 2014-09-24 15:21 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2826175404-1657968975-98520139-500 - Administrator - Disabled)
Bob (S-1-5-21-2826175404-1657968975-98520139-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-2826175404-1657968975-98520139-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2826175404-1657968975-98520139-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: M:\
Description: MS/MS-Pro      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: I:\
Description: SD/MMC         
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: L:\
Description: Stylus Storage 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: EPSON  
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: K:\
Description: SM/xD-Picture  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: J:\
Description: Compact Flash  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 04:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 510

Start Time: 01cfef0340722d12

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 8856c03e-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16fc

Start Time: 01cfef0300947a22

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 77a974d3-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01cfef02cdcbf751

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 2e6532b0-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 03:52:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 160c

Start Time: 01cfeefad4b88527

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/23/2014 03:52:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f4

Start Time: 01cfeefaa290319d

Termination Time: 13

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/22/2014 04:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Bgjdjbr.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: qbbllgw.dll, version: 7.0.4.258, time stamp: 0x5446c603
Exception code: 0xc0000005
Fault offset: 0x000152db
Faulting process id: 0x8a18
Faulting application start time: 0xBgjdjbr.exe0
Faulting application path: Bgjdjbr.exe1
Faulting module path: Bgjdjbr.exe2
Report Id: Bgjdjbr.exe3

Error: (10/21/2014 07:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17116, time stamp: 0x541ccf72
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x005eaff0
Faulting process id: 0x1758
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/20/2014 08:04:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x2358
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (10/15/2014 11:08:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.17088 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d0c

Start Time: 01cfe8dfbcd60b5e

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/15/2014 04:59:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17088 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f50

Start Time: 01cfe8bac93d91b0

Termination Time: 5

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (10/23/2014 04:54:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/23/2014 04:54:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/23/2014 04:25:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/23/2014 04:25:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/23/2014 04:23:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/23/2014 04:21:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/22/2014 11:25:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/22/2014 11:25:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/22/2014 10:55:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/22/2014 10:55:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Microsoft Office Sessions:
=========================
Error: (10/23/2014 04:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53251001cfef0340722d120C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe8856c03e-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53216fc01cfef0300947a220C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe77a974d3-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532157c01cfef02cdcbf7510C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe2e6532b0-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 03:52:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17116160c01cfeefad4b8852760C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/23/2014 03:52:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1711611f401cfeefaa290319d13C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/22/2014 04:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Bgjdjbr.exe36.0.1985.14353e2e515qbbllgw.dll7.0.4.2585446c603c0000005000152db8a1801cfee3869e81b32C:\Users\Bob\AppData\LocalLow\Temp\Qxwgrshd\uxsprbizctf\Bgjdjbr.exeC:\Users\Bob\AppData\LocalLow\qbbllgw.dllb8b78eb7-5a2b-11e4-b715-6431503b9e7f

Error: (10/21/2014 07:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17116541ccf72Flash32_15_0_0_167.ocx15.0.0.167541384c0c0000005005eaff0175801cfed84a0846a2bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocxd2220513-5979-11e4-b715-6431503b9e7f

Error: (10/20/2014 08:04:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e0235801cfecc1af81eb2aC:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllca12c046-58b5-11e4-b715-6431503b9e7f

Error: (10/15/2014 11:08:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.170881d0c01cfe8dfbcd60b5e10C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/15/2014 04:59:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17088f5001cfe8bac93d91b05C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1075T Processor
Percentage of memory in use: 32%
Total physical RAM: 8183.89 MB
Available physical RAM: 5553.91 MB
Total Pagefile: 16365.97 MB
Available Pagefile: 12628.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.1 GB) (Free:692.11 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.13 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATA_DRIVE_1) (Fixed) (Total:465.76 GB) (Free:110.3 GB) NTFS
Drive f: (Whittenburg_2013) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 25683A57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2D06B7AC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 October 2014 - 04:33 PM

:welcome:

 

This is what we need to do , it will require a few steps and running some other tools

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
C:\Program Files (x86)\AnyProtectEx
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Task: {4175BD32-F67C-4304-8AFE-7D3DF28E1602} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6BC8BE8B-CE78-4D4F-81D5-14BC6763147F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F2C1F705-5BD0-4FE4-88B3-5440C030E585} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Hosts:
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
 
==============================================================================================
 

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.
 
 
 
 
 
 
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
 
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
 
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
 
 
 
 
 
 
==========================================================================
 
 
 

Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAM203_zps0a230260.jpg
 
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Threat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 
 
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 rntadkins

rntadkins

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 26 October 2014 - 10:20 AM

Ken,

 

Thanks for helping me with this, sorry it took a bit of time but the FRST program didn't cooperate yesterday crashing 4 times.  Hopefully the results I got from that is what you need to see.  Here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-10-2014
Ran by Bob at 2014-10-25 22:51:27 Run:4
Running from C:\Users\Bob\Desktop
Loaded Profile: Bob (Available profiles: Bob)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
C:\Program Files (x86)\AnyProtectEx
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Task: {4175BD32-F67C-4304-8AFE-7D3DF28E1602} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6BC8BE8B-CE78-4D4F-81D5-14BC6763147F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F2C1F705-5BD0-4FE4-88B3-5440C030E585} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => Value not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Value not found.
"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4175BD32-F67C-4304-8AFE-7D3DF28E1602}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BC8BE8B-CE78-4D4F-81D5-14BC6763147F}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C1F705-5BD0-4FE4-88B3-5440C030E585}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2014
Scan Time: 12:05:29 PM
Logfile: Malware log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.26.04
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331406
Time Elapsed: 8 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2826175404-1657968975-98520139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [13391306c3b9d4621802870c2cd84bb5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.VOPackage.A, C:\Users\Bob\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [aca0bf5af9839d9927e53b184fb160a0],
PUP.Optional.OutBrowse, C:\Users\Bob\Desktop\Firefox.exe, Quarantined, [cf7d78a16319bf77304c705840c1619f],

Physical Sectors: 0
(No malicious items detected)

(end)



#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 October 2014 - 10:40 AM

Go ahead and run a new scan with FRST, be sure to checkmark Additions only and post both new logs please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 rntadkins

rntadkins

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 26 October 2014 - 10:54 AM

Both ran great this time around:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Bob (administrator) on BOB-HP on 26-10-2014 12:49:50
Running from C:\Users\Bob\Desktop
Loaded Profile: Bob (Available profiles: Bob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(SanDisk Corporation) C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [MoneyAgent] => "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [Google Update] => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [SansaDispatch] => C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-07-10] (SanDisk Corporation)
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [NETGEARGenie] => å  °úB(#CD       C:\Users\Bob\AppData\Roaming\SanDisk\Sans
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {1df8bd3d-f25c-11e3-a19f-6431503b9e7f} - G:\win\setup.exe -phs
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {220bc39d-4f6e-11e0-9547-806e6f6e6963} - F:\MainMenu_PC.exe
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {a0482393-599b-11e0-b480-6431503b9e7f} - K:\SISetup.exe
HKU\S-1-5-21-2826175404-1657968975-98520139-1000\...\MountPoints2: {c2c54bfc-b86a-11e3-b9b3-6431503b9e7f} - G:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpdsk/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\goqn2okb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\goqn2okb.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2014-10-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Bob\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-03-20]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-01] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-10-23] (Symantec Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141025.001\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141025.001\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-20] (CACE Technologies, Inc.)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 11:45 - 2014-10-26 11:46 - 00002956 _____ () C:\Users\Bob\Desktop\Rkill.txt
2014-10-26 11:45 - 2014-10-26 11:45 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Bob\Desktop\rkill.exe
2014-10-26 11:45 - 2014-10-26 11:45 - 00000000 ____D () C:\Users\Bob\Desktop\rkill
2014-10-25 15:35 - 2014-10-26 12:49 - 00000000 ____D () C:\Users\Bob\Desktop\FRST-OlderVersion
2014-10-25 15:34 - 2014-10-25 15:34 - 00001040 _____ () C:\Users\Bob\Desktop\fixlist.txt
2014-10-23 19:50 - 2014-10-23 19:51 - 00052843 _____ () C:\Users\Bob\Desktop\Addition.txt
2014-10-23 19:49 - 2014-10-26 12:50 - 00022875 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-10-23 19:49 - 2014-10-26 12:49 - 00000000 ____D () C:\FRST
2014-10-23 19:48 - 2014-10-26 12:49 - 02113024 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-10-23 19:41 - 2014-10-23 19:41 - 00003186 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-10-23 17:16 - 2014-10-23 17:17 - 05192704 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-10-23 16:42 - 2014-10-23 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-23 16:40 - 2014-10-23 16:40 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-23 16:40 - 2014-10-23 16:40 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-23 16:40 - 2014-10-23 16:40 - 00002575 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-23 16:39 - 2014-10-23 16:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-23 16:39 - 2014-10-23 16:39 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-10-23 16:30 - 2014-10-23 16:49 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-23 16:30 - 2014-10-23 16:30 - 01021936 _____ (Symantec Corporation) C:\Users\Bob\Desktop\NortonNISDownloader.exe
2014-10-23 16:19 - 2014-10-23 16:20 - 00896048 _____ () C:\Users\Bob\Downloads\Norton_Removal_Tool.exe
2014-10-22 22:33 - 2014-10-22 22:33 - 00000000 ____D () C:\NPE
2014-10-22 16:55 - 2014-10-22 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-22 16:55 - 2014-10-22 16:55 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-17 13:46 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 13:46 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 13:46 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 13:46 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 13:46 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 13:46 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 13:46 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 13:46 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 13:46 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 13:46 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 13:46 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 13:46 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 13:46 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 13:46 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 13:46 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 13:46 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 13:45 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 13:45 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 13:45 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 13:45 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 13:45 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 13:45 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 13:45 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 13:45 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 13:45 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 13:45 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 13:45 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 13:45 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 13:45 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 13:45 - 2014-09-19 22:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-17 13:45 - 2014-09-19 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-17 13:45 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 13:45 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 13:45 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 13:45 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 13:45 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 13:45 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 13:45 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 13:45 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 13:45 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 13:45 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:07 - 2014-10-15 16:07 - 00113342 _____ () C:\Users\Bob\Desktop\report_export_2014_10_15_16_06_50.csv
2014-10-06 15:32 - 2014-10-25 15:30 - 00009690 _____ () C:\Users\Bob\Desktop\Medical Bills.xlsx
2014-09-30 18:23 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 18:23 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:35 - 2014-09-29 20:35 - 00014336 _____ () C:\Users\Bob\Documents\Copy of Group probm 1 worksheet.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 12:48 - 2011-03-03 19:23 - 01597330 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 12:48 - 2009-07-14 00:51 - 00348447 _____ () C:\Windows\setupact.log
2014-10-26 12:32 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 12:32 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 12:25 - 2014-01-22 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 12:25 - 2011-03-15 21:38 - 00472810 _____ () C:\Windows\PFRO.log
2014-10-26 12:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 12:24 - 2011-03-28 20:39 - 00000000 __SHD () C:\Windows\ftpcache
2014-10-26 12:16 - 2014-07-25 11:40 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\VOPackage
2014-10-26 12:05 - 2014-07-25 19:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 11:59 - 2011-12-20 22:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA.job
2014-10-26 11:57 - 2012-04-10 18:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-26 11:52 - 2014-07-25 19:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 11:52 - 2014-07-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 11:52 - 2014-07-25 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-25 16:03 - 2011-03-23 16:05 - 00000000 ____D () C:\Users\Bob\Documents\Outlook Files
2014-10-25 15:59 - 2011-12-20 22:40 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core.job
2014-10-23 20:23 - 2011-03-15 23:52 - 00000000 ____D () C:\Users\Bob\Documents\Danielle
2014-10-23 20:23 - 2011-03-15 23:47 - 00000000 ____D () C:\Users\Bob\Documents\CSCC
2014-10-23 20:21 - 2011-03-15 23:53 - 00000000 ____D () C:\Users\Bob\Documents\Genealogy
2014-10-23 17:10 - 2014-07-31 15:52 - 00000000 ____D () C:\Users\Bob\AppData\Local\Garmin
2014-10-23 17:10 - 2014-07-25 11:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Mozilla
2014-10-23 17:10 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\Bob\AppData\Local\{50E946AF-A9DC-41BA-B4D9-BB27F0632731}
2014-10-23 17:10 - 2013-12-22 23:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\{ED1CBD25-7979-44A5-9F97-7D16D1D0E7B0}
2014-10-23 17:10 - 2013-12-22 23:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\{E40AE012-4D4B-4B92-B8D1-48A8C236331A}
2014-10-23 17:10 - 2013-08-20 19:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\NPE
2014-10-23 17:10 - 2013-06-20 19:25 - 00000000 ____D () C:\Users\Bob\AppData\Local\NETGEARGenie
2014-10-23 17:10 - 2013-05-10 08:25 - 00000000 ____D () C:\Users\Bob\AppData\Local\{B305365A-4EC6-4BA1-B621-252AED267F8C}
2014-10-23 17:10 - 2012-09-30 16:35 - 00000000 ____D () C:\Users\Bob\AppData\Local\{C3F2FC05-0609-4A06-A0B5-B5C227339146}
2014-10-23 17:10 - 2012-09-30 16:31 - 00000000 ____D () C:\Users\Bob\AppData\Local\HP MediaSmart Video
2014-10-23 17:10 - 2012-08-22 16:54 - 00000000 ____D () C:\Users\Bob\AppData\Local\{2DC6BD64-EC00-44F4-99E3-C23FFB1A726F}
2014-10-23 17:10 - 2012-07-24 15:22 - 00000000 ____D () C:\Users\Bob\AppData\Local\{BDD37329-1316-47E0-80A6-C6AC656650BE}
2014-10-23 17:10 - 2012-03-20 20:30 - 00000000 ____D () C:\Users\Bob\AppData\Local\{24961E4B-F4DB-4850-9205-D4F4F3491202}
2014-10-23 17:10 - 2012-03-20 20:16 - 00000000 ____D () C:\Users\Bob\AppData\Local\Windows Live
2014-10-23 17:10 - 2012-03-20 20:15 - 00000000 ____D () C:\Users\Bob\AppData\Local\{784A0C36-A01B-45B5-8F6D-B928D42D4520}
2014-10-23 17:10 - 2012-03-20 20:15 - 00000000 ____D () C:\Users\Bob\AppData\Local\{2B80E9B7-2382-4727-909B-55EC2FC2C403}
2014-10-23 17:10 - 2011-12-30 21:44 - 00000000 ____D () C:\Users\Bob\AppData\Local\IsolatedStorage
2014-10-23 17:10 - 2011-12-30 21:39 - 00000000 ____D () C:\Users\Bob\AppData\Local\PackageAware
2014-10-23 17:10 - 2011-12-20 22:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Google
2014-10-23 17:10 - 2011-04-03 00:55 - 00000000 ____D () C:\Users\Bob\AppData\Local\Sonic_Solutions
2014-10-23 17:10 - 2011-03-28 21:04 - 00000000 ____D () C:\Users\Bob\AppData\Local\Kjs.AppLife.Update
2014-10-23 17:10 - 2011-03-16 00:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft Help
2014-10-23 17:10 - 2011-03-15 23:45 - 00000000 ____D () C:\Users\Bob\AppData\Local\PowerCinema
2014-10-23 17:10 - 2011-03-15 21:12 - 00000000 ___DC () C:\Users\Bob\AppData\Local\MigWiz
2014-10-23 17:10 - 2011-03-15 21:12 - 00000000 ____D () C:\Users\Bob\AppData\Local\PDFC
2014-10-23 17:10 - 2011-03-15 21:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\VirtualStore
2014-10-23 17:10 - 2011-03-15 21:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\RemEngine
2014-10-23 17:10 - 2011-03-15 21:07 - 00000000 ____D () C:\Users\Bob\AppData\Local\Hewlett-Packard_Company
2014-10-23 17:10 - 2011-03-15 21:07 - 00000000 ____D () C:\Users\Bob\AppData\Local\Hewlett-Packard
2014-10-23 17:09 - 2014-07-25 11:47 - 00000000 ____D () C:\Users\Bob\AppData\Local\Macromedia
2014-10-23 17:09 - 2014-06-12 20:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Adobe
2014-10-23 17:09 - 2014-03-16 19:53 - 00000000 ____D () C:\Users\Bob\AppData\Local\LogMeIn Rescue Applet
2014-10-23 17:09 - 2013-11-20 17:30 - 00000000 ____D () C:\Users\Bob\AppData\Local\Citrix
2014-10-23 17:09 - 2012-09-19 23:59 - 00000000 ____D () C:\Users\Bob\AppData\Local\CutePDF Writer
2014-10-23 17:09 - 2011-12-30 21:43 - 00000000 ____D () C:\Users\Bob\AppData\Local\Ancestry.com
2014-10-23 17:09 - 2011-12-20 22:40 - 00000000 ____D () C:\Users\Bob\AppData\Local\Deployment
2014-10-23 17:09 - 2011-04-03 00:57 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft Games
2014-10-23 17:09 - 2011-03-15 23:45 - 00000000 ____D () C:\Users\Bob\AppData\Local\CyberLink
2014-10-23 17:09 - 2011-03-15 21:13 - 00000000 ____D () C:\Users\Bob\AppData\Local\ATI
2014-10-23 17:06 - 2014-08-22 21:53 - 00000000 ____D () C:\Users\Bob\AppData\Local\{51FFA240-4813-4DDC-919A-BA31C03194CA}
2014-10-23 17:04 - 2011-03-28 17:33 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-10-23 17:03 - 2011-03-23 18:13 - 00000000 ____D () C:\Users\Bob\AppData\Local\TechSmith
2014-10-23 16:54 - 2011-08-25 19:09 - 00000000 ____D () C:\Users\Bob\AppData\Local\Symantec
2014-10-23 16:49 - 2011-03-03 19:45 - 00000000 ____D () C:\ProgramData\Norton
2014-10-23 16:40 - 2012-03-15 16:26 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-23 16:40 - 2011-03-15 21:12 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-23 16:30 - 2012-03-15 03:18 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-23 15:54 - 2011-12-20 22:40 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA
2014-10-23 15:54 - 2011-12-20 22:40 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core
2014-10-22 22:16 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-22 21:48 - 2014-01-22 16:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 21:48 - 2014-01-22 16:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 21:48 - 2014-01-22 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 16:55 - 2011-05-11 19:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-22 16:48 - 2014-06-11 14:37 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBob.job
2014-10-22 16:46 - 2011-03-23 15:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 15:03 - 2014-06-11 14:37 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBob
2014-10-21 19:17 - 2011-12-20 22:40 - 00002356 _____ () C:\Users\Bob\Desktop\Google Chrome.lnk
2014-10-20 21:15 - 2009-07-14 01:13 - 00801092 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 21:10 - 2011-03-23 18:11 - 00000000 ____D () C:\Users\Bob\Documents\Camtasia Studio
2014-10-20 21:09 - 2011-09-05 20:17 - 00016896 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 19:58 - 2011-03-03 19:42 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-20 13:46 - 2013-06-26 13:33 - 00000000 ____D () C:\Users\Bob\Documents\Band Boosters
2014-10-19 15:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 03:32 - 2009-07-14 00:45 - 00434480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 03:29 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 03:12 - 2011-03-16 00:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 03:07 - 2013-07-20 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 03:02 - 2011-03-28 20:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 23:37 - 2013-06-28 19:18 - 00000000 ____D () C:\Users\Bob\Documents\GreenonBand
2014-10-15 14:57 - 2011-11-02 19:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-14 18:13 - 2011-06-14 13:58 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBOB-HP$
2014-10-14 18:13 - 2011-06-14 13:58 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForBOB-HP$.job
2014-10-10 22:53 - 2011-12-30 21:44 - 00000000 ____D () C:\Users\Bob\Documents\Family Tree Maker
2014-10-03 17:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 13:07 - 2011-12-31 01:06 - 00000000 ____D () C:\Users\Bob\Documents\Tammy
2014-10-01 11:11 - 2014-07-25 19:41 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-25 19:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-07-25 19:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 09:48 - 2014-07-25 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-19 15:30

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Bob at 2014-10-26 12:51:14
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.1 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.1 - Amazon Services LLC) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{8D3903E2-4B1B-4A69-B8F6-A3D1BE075BDB}) (Version: 2.2.6484 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}) (Version: 7.1.0 - TechSmith Corporation)
ccc-core-static (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
CutePDF Writer 2.9 (HKLM\...\CutePDF Writer Installation) (Version:  2.9 - CutePDF.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
General Ledger Software for Luxurious Spa (HKLM-x32\...\{E83F359B-0F12-430A-B97D-FE409ED713AE}) (Version: 7.00.000 - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.8.0.1189 (HKCU\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
H&R Block Business 2013 (Remove Only) (HKLM-x32\...\H&R Block Business 2013) (Version:  - )
H&R Block Ohio 2010 (HKLM-x32\...\{C156F4AB-7756-45AB-8B82-C068A48A11BB}) (Version: 1.10.3901 - HRB Technology, LLC.)
H&R Block Ohio 2011 (HKLM-x32\...\{459D0CEE-BBAD-465D-A0BF-C7820085A050}) (Version: 1.11.4101 - HRB Technology, LLC.)
H&R Block Ohio 2012 (HKLM-x32\...\{E85D9824-9316-4124-9AC2-9F7E63B97295}) (Version: 1.12.4401 - HRB Technology, LLC.)
H&R Block Ohio 2013 (HKLM-x32\...\{7B655EBC-2183-4EE5-8320-2BE26482FD41}) (Version: 1.13.5201 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Inspector for Luxurious Spa (HKLM-x32\...\{0BD3C73C-443E-4670-8A14-27E92E815DAE}) (Version: 7.00.000 - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.5.2.36 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 2.5.2.36 - NTI Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2826175404-1657968975-98520139-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bob\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

13-10-2014 23:32:13 Windows Backup
18-10-2014 07:00:44 Windows Update
20-10-2014 16:05:01 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-25 22:51 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00A160CE-4B69-4536-B5AA-24C351681E08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {19AB1192-FCD1-432A-9DB2-0C95FF42E217} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {25852E7F-85AA-4855-9B15-EB32ADCF3826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {37FCAB1C-3C48-4BED-9648-8D23A8A74DF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3B7DC65A-C7FB-4336-8187-94D811F06CB7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {4739E5EF-38DA-4EAC-B909-302C5AB2D210} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4E2A3BF4-EB0D-4DA9-943E-F6E022C093D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {5613A5B7-749C-44E9-B99E-2FD139ACD4C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {59ED2113-3C32-45E2-880D-5C2A4EE2EE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {644A2C25-8EDE-41BE-80B7-EF63F80E2206} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8476601C-9F9A-447C-88B6-D47695648F76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AC566D58-BFCC-4B2A-A982-D712B811DF9A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B4EF5D70-CE64-4C74-896F-196AD0F12DF3} - System32\Tasks\HPCeeScheduleForBOB-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B7EF7A2C-5914-4E76-808F-F964893659E4} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {BC8AAD4F-627B-481B-99F1-469C9F03AFB9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E467E754-04A1-4A44-BC4A-419935404257} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000Core.job => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2826175404-1657968975-98520139-1000UA.job => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBOB-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-09-19 23:57 - 2012-09-12 15:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL
2012-01-23 21:26 - 2006-10-19 22:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-03-28 20:37 - 2010-03-04 16:57 - 03031040 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2011-03-28 20:37 - 2010-03-04 16:56 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2009-12-15 21:40 - 2009-12-15 21:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-09-15 14:31 - 2010-09-15 14:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-04-07 07:38 - 2013-04-07 07:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2013-04-07 07:42 - 2013-04-07 07:42 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2011-03-28 20:37 - 2010-03-04 16:57 - 00373248 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2010-04-12 20:59 - 2010-04-12 20:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-23 14:01 - 2010-11-23 14:01 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-15 21:40 - 2009-12-15 21:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-12-15 21:41 - 2009-12-15 21:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-12-16 03:44 - 2009-12-16 03:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2011-09-23 22:54 - 2011-09-23 22:54 - 00465344 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 21:22 - 2013-06-04 21:22 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 23:12 - 2013-05-09 23:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 04:43 - 2013-03-27 04:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 02:21 - 2013-05-28 02:21 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 04:52 - 2013-03-27 04:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 04:50 - 2013-03-27 04:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 22:56 - 2013-05-14 22:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 02:25 - 2013-04-28 02:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 01:18 - 2013-05-14 01:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 02:46 - 2013-02-19 02:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 04:42 - 2013-03-27 04:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 05:56 - 2012-11-29 05:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 22:58 - 2013-03-26 22:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 04:51 - 2013-03-27 04:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 04:49 - 2013-03-27 04:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 22:58 - 2013-03-26 22:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2826175404-1657968975-98520139-500 - Administrator - Disabled)
Bob (S-1-5-21-2826175404-1657968975-98520139-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-2826175404-1657968975-98520139-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2826175404-1657968975-98520139-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: J:\
Description: Compact Flash  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: M:\
Description: MS/MS-Pro      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: I:\
Description: SD/MMC         
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: L:\
Description: Stylus Storage 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: EPSON  
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: K:\
Description: SM/xD-Picture  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2014 11:44:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 744

Start Time: 01cff0c7bc232411

Termination Time: 0

Application Path: C:\Users\Bob\Desktop\FRST64.exe

Report Id:

Error: (10/25/2014 10:51:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10dc

Start Time: 01cff0c7a7ad0897

Termination Time: 0

Application Path: C:\Users\Bob\Desktop\FRST64.exe

Report Id:

Error: (10/25/2014 10:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 32c0

Start Time: 01cff0ab70515977

Termination Time: 16

Application Path: C:\Users\Bob\Desktop\FRST64.exe

Report Id:

Error: (10/25/2014 07:28:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b40

Start Time: 01cff0a9c790d4ea

Termination Time: 16

Application Path: C:\Users\Bob\Desktop\FRST64.exe

Report Id:

Error: (10/25/2014 07:16:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34b0

Start Time: 01cff08ad2389ffe

Termination Time: 16

Application Path: C:\Users\Bob\Desktop\FRST64.exe

Report Id:

Error: (10/23/2014 04:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 510

Start Time: 01cfef0340722d12

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 8856c03e-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16fc

Start Time: 01cfef0300947a22

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 77a974d3-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01cfef02cdcbf751

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 2e6532b0-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 03:52:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 160c

Start Time: 01cfeefad4b88527

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/23/2014 03:52:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f4

Start Time: 01cfeefaa290319d

Termination Time: 13

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (10/26/2014 00:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/26/2014 00:25:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/25/2014 10:51:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (10/25/2014 10:51:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (10/25/2014 10:51:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/25/2014 10:51:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP SI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/25/2014 07:28:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (10/25/2014 07:28:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/25/2014 07:28:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

Error: (10/25/2014 07:28:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).

Microsoft Office Sessions:
=========================
Error: (10/26/2014 11:44:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.10.2014.074401cff0c7bc2324110C:\Users\Bob\Desktop\FRST64.exe

Error: (10/25/2014 10:51:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.10.2014.010dc01cff0c7a7ad08970C:\Users\Bob\Desktop\FRST64.exe

Error: (10/25/2014 10:49:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.10.2014.032c001cff0ab7051597716C:\Users\Bob\Desktop\FRST64.exe

Error: (10/25/2014 07:28:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.10.2014.02b4001cff0a9c790d4ea16C:\Users\Bob\Desktop\FRST64.exe

Error: (10/25/2014 07:16:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.10.2014.034b001cff08ad2389ffe16C:\Users\Bob\Desktop\FRST64.exe

Error: (10/23/2014 04:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53251001cfef0340722d120C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe8856c03e-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53216fc01cfef0300947a220C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe77a974d3-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 04:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532157c01cfef02cdcbf7510C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe2e6532b0-5af6-11e4-8e5f-6431503b9e7f

Error: (10/23/2014 03:52:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17116160c01cfeefad4b8852760C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/23/2014 03:52:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1711611f401cfeefaa290319d13C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1075T Processor
Percentage of memory in use: 18%
Total physical RAM: 8183.89 MB
Available physical RAM: 6689.13 MB
Total Pagefile: 16365.97 MB
Available Pagefile: 14145.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.1 GB) (Free:696.93 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.13 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATA_DRIVE_1) (Fixed) (Total:465.76 GB) (Free:110.3 GB) NTFS
Drive f: (Whittenburg_2013) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 25683A57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2D06B7AC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 October 2014 - 11:07 AM

Logs look fine, how is your system behaving now ??



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 rntadkins

rntadkins

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 26 October 2014 - 11:46 AM

Running much faster!  Not getting the High CPU usage messages any longer or the high traffic warnings either.  I am a little concerned that my current anti virus let those nasty bugs through so easily........

 

Thanks so much for the assistance!



#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 October 2014 - 01:33 PM

Viruses and Malware are different animals, your Norton Anti Virus blocks viruses but what you had was malware and not all AVs block them

 

One of the best Anti Malware programs to come along in quite some time is Malwarebytes, the Pro Version blocks threats and bad websites, the cost is minimal but this of course is up to you

 

 

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Place a checkmark next to the following items
  • Activate UAC
  • Remove Disinfection Tools
  • Create registry backup
  • Reset System Settings
  •  
    Click the Run button
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 rntadkins

    rntadkins

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 27 October 2014 - 01:08 PM

    Will Malwarebytes work with Norton or can I just use one at a time.

     

    Otherwise all cleaned up, thanks again!



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 October 2014 - 04:04 PM

    You can use them both, the secret is to have only one AV and one AM program, keep them updated and run regular scans

     

    Ken :)



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 30 October 2014 - 12:54 PM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users