Romeo1

Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Derryck on Sat 05/23/2015 at 20:31:05.49. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Derryck\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 5/23/2015 8:32:23 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\CompuClever deleted successfully C:\PROGRA~2\Conduit deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Sling Media deleted successfully C:\PROGRA~2\Software Updater deleted successfully C:\PROGRA~2\System Optimizer Pro deleted successfully C:\PROGRA~2\COMMON~1\AOL deleted successfully C:\Program Files\Conduit deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Viewpoint deleted successfully C:\Users\Derryck\AppData\Roaming\HPAppData deleted successfully C:\Users\Derryck\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Derryck\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Derryck\AppData\Local\Conduit deleted successfully C:\Users\Derryck\AppData\Local\Yahoo deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB9D98C-A92F-4F3C-8CF6-113EB4B7A69} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72C9E2DF-5EF8-4DFF-8DFC-75397879DD65} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77B18C78-834-42DA-ACC8-4DD75A6E130} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\43np0l7n.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- FireFox user.js and prefs.js backups ---- prefs_20150523_0847_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\CompuClever not found C:\PROGRA~2\Conduit not found C:\PROGRA~2\Sling Media not found C:\PROGRA~2\Software Updater not found C:\PROGRA~2\System Optimizer Pro not found C:\Users\Derryck\AppData\Local\41 deleted C:\Users\Derryck\daemonprocess.txt deleted C:\Users\Derryck\.android deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\Yahoo! deleted C:\Users\Derryck\AppData\Roaming\Yahoo! deleted C:\Users\Family\AppData\Roaming\Yahoo! deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\Yahoo! deleted C:\Users\Derryck\AppData\Local\Mobogenie deleted C:\Users\Derryck\AppData\Local\cache deleted C:\Users\Derryck\AppData\LocalLow\Yahoo! deleted C:\Users\Family\AppData\LocalLow\AskToolbar deleted C:\windows\SysNative\drivers\hlnfd.sys deleted C:\END deleted C:\Windows\Syswow64\SearchProtect deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Derryck\Documents\Mobogenie deleted "C:\PROGRA~2\Windows Collaboration" deleted ==== Registry Search Results for "{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}" ====================== [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Smartbar] "EngineGuid"="{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}" ==== Registry Search Results for "Snap.Do Engine" ====================== [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] "DisplayName"="Snap.Do Engine" ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09/03/2009 03:01 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\43np0l7n.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Bookmark Manager - Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Chrome Hotword Shared Module - Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Chrome Hotword Shared Module - Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Preferences 000},{\"custom_display_name\":\"Choukei 4 90x205mm\",\"height_microns\":205000,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"74\",\"width_microns\":90000},{\"custom_display_name\":\"Youkei 4 105x235mm\",\"height_microns\":235000,\"name\":\"JPN_YOU4\",\"vendor_id\":\"91\",\"width_microns\":105000},{\"custom_display_name\":\"Youkei 6 98x190mm\",\"height_microns\":190000,\"name\":\"NA_MONARCH\",\"vendor_id\":\"149\",\"width_microns\":98000},{\"custom_display_name\":\"Card 2.16\\\"x3.58\\\" 55x91mm\",\"height_microns\":91000,\"vendor_id\":\"150\",\"width_microns\":55000},{\"custom_display_name\":\"Wide 4\\\"x7.1\\\" 101.6x180.6mm\",\"height_microns\":180600,\"vendor_id\":\"151\",\"width_microns\":101600},{\"custom_display_name\":\"Letter+ (Scaled)\",\"height_microns\":337800,\"vendor_id\":\"272\",\"width_microns\":228600},{\"custom_display_name\":\"11\\\"x17\\\" 279.4x431.8mm (Scaled)\",\"height_microns\":431800,\"name\":\"NA_LEDGER\",\"vendor_id\":\"3\",\"width_microns\":279400},{\"custom_display_name\":\"13.5\\\"x17\\\" 342.9x431.8mm (Scaled)\",\"height_microns\":431800,\"vendor_id\":\"262\",\"width_microns\":342900},{\"custom_display_name\":\"17\\\"x22\\\" 431.8x558.8mm (Scaled)\",\"height_microns\":558800,\"name\":\"NA_C\",\"vendor_id\":\"24\",\"width_microns\":431800},{\"custom_display_name\":\"A4+ (Scaled)\",\"height_microns\":355600,\"vendor_id\":\"273\",\"width_microns\":222700},{\"custom_display_name\":\"A3 (Scaled)\",\"height_microns\":420000,\"name\":\"ISO_A3\",\"vendor_id\":\"8\",\"width_microns\":297000},{\"custom_display_name\":\"A3+ 13\\\"x19\\\" 329x483mm (Scaled)\",\"height_microns\":483000,\"vendor_id\":\"274\",\"width_microns\":329000},{\"custom_display_name\":\"A2 (Scaled)\",\"height_microns\":594000,\"name\":\"ISO_A2\",\"vendor_id\":\"66\",\"width_microns\":420000},{\"custom_display_name\":\"B4 (Scaled)\",\"height_microns\":364000,\"name\":\"JIS_B4\",\"vendor_id\":\"12\",\"width_microns\":257000},{\"custom_display_name\":\"B3 (Scaled)\",\"height_microns\":515000,\"name\":\"JIS_B3\",\"vendor_id\":\"257\",\"width_microns\":364000},{\"custom_display_name\":\"10\\\"x12\\\" 25x30cm (Scaled)\",\"height_microns\":304800,\"vendor_id\":\"297\",\"width_microns\":254000},{\"custom_display_name\":\"14\\\"x17\\\" 36x43cm (Scaled)\",\"height_microns\":431800,\"vendor_id\":\"296\",\"width_microns\":355600}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"mediaSize\":{\"custom_display_name\":\"Letter 8.5\\\"x11\\\"\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"isColorEnabled\":false}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://www.discoverbeauty.com:443,*":{"setting":1}},"media_stream_mic":{"https://www.discoverbeauty.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.nosejobs.info:80,*":{"last_used":{"media-stream-camera":1431972389.165016}},"https://www.discoverbeauty.com:443,*":{"last_used":{"media-stream-camera":1431970316.729416,"media-stream-mic":1431970316.729416},"media-stream-camera":1,"media-stream-mic":1}},"pref_version":1},"created_by_version":"32.0.1700.76","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13076442075044800","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[7,null,null,null,null,9,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Derryck\\Desktop","type":1},"selectfile":{"last_directory":"C:\\Users\\Derryck\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13040797562583800"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"history_delete_directives":true,"managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncBuUrgUb5Mav6rEjuPIkm5A==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1,"user_skipped":true},"synced_notification":{"enabled_sending_services":["Google+"],"first_run":false,"initialized_sending_services":["Google+"]},"translate_accepted_count":{"de":0,"es":0,"no":0,"tr":0,"zh-TW":2},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"es":1,"no":1,"tr":1,"zh-TW":0},"translate_last_denied_time":1427302357729.0,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Uninstall List x64 ====================== Acrobat.com [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}] ActiveCheck component for HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}] Adobe Flash Player 10 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin] Adobe Reader 9.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A92000000001}] Adobe Shockwave Player 11.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] Agere Systems HDA Modem [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}] Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] Broadcom 802.11 Wireless LAN Adapter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11 Wireless LAN Adapter] Canon MP280 series MP Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series] Cards_Calendar_OrderGift_DoMorePlugout [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}] CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] CyberLink YouCam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}] CyberLink YouCam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] ESU for Microsoft Vista [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3877C901-7B90-4727-A639-B6ED2DD59D43}] GIMP 2.8.14 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GIMP-2_is1] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}] HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}] HP Doc Viewer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{082702D5-5DD8-4600-BCE5-48B15174687F}] HP Help and Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0054A0F6-00C9-4498-B821-B5C9578F433E}] HP MULTIPLE MODEM INSTALLER for VISTA [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}] HP Photosmart Essential 2.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential] HP Photosmart Essential 2.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}] HP Quick Launch Buttons [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}] HP QuickPlay 3.7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45D707E9-F3C4-11D9-A373-0050BAE317E1}] HP QuickTouch 1.00 D2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}] HP Total Care Advisor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f32502b5-5b64-4882-bf61-77f23edcac4f}] HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}] HP User Guides 0101 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}] HP Wireless Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}] HP Wireless Comfort Mouse [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C65938D-9456-4D9A-B117-04391A3FA379}] HPAsset component for HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}] HPPhotoSmartDiscLabel_PaperLabel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A07840FC-CE63-4CB8-8030-EF4B9805925A}] HPPhotoSmartDiscLabel_PrintOnDisc [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}] HPPhotoSmartDiscLabel_Tattoo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F636EE9A-F9EC-4606-BCFA-77DD0E210788}] HPPhotoSmartDiscLabelContent1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD3C88A0-C53C-41D0-A21B-6D021981D23E}] hpphotosmartdisclabelplugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADFB9653-F44C-460C-BF58-189CC552DFFE}] HPPhotoSmartPhotobookHolidayPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06E74B9B-631F-4378-BF3A-40D868450C05}] HPPhotoSmartPhotobookModernPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}] HPPhotoSmartPhotobookPlayfulPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{172AEB5E-CBB2-4CDD-A4CF-388600825839}] HPPhotoSmartPhotobookScrapbookPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC95121F-1576-45B8-82F7-3911D27882E6}] HPPhotoSmartPhotobookWebPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12A76360-388E-4B27-ABEB-D5FC5378DD2A}] HPTCSSetup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}] iCloud [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}] IDT Audio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}] Intel® Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI] iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}] Java 6 Update 33 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216033FF}] JMicron JMB38X Flash Media Controller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}] LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] LightScribe System Software 1.12.33.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582287DA-0806-4AC0-BF19-C15E3A466034}] Malwarebytes Anti-Malware version 2.1.6.1022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] Power2Go [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] ProtectSmart Hard Drive Protection [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F97CE84-9C33-4631-821B-85EA371EA254}] PSSWCORE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34BFB099-07B2-4E95-A673-7362D60866A2}] QLBCASL [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1D7AC58-554A-4A58-B784-B61558B1449A}] QuickTime 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}] Realtek 8169 8168 8101E 8102E Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] Segoe UI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}] SimUText [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE38D084-6F8C-417C-9555-101A0F359E02}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Snap.Do Engine [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] Spelling Dictionaries Support For Adobe Reader 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}] TI Connect 1.6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A8B94669-8654-4126-BD28-D0D2412CDED6}] TI StudyCards Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}] Touch Pad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] VideoToolkit01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}] Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EC3E466026556D3EB760B01C4772277614354E11] Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7511B29C86C398B4D11A0B0E4176CAD68D1B7057] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}] ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\229583BF23E226447ACD725169416A06 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8N7SEEY will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7DILJWJ will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUKGK9NT will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSCQWW2 will be deleted at reboot C:\Users\Derryck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Family\AppData\Local\Mozilla\Firefox\Profiles\43np0l7n.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=47 folders=48 4655532 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Derryck\AppData\Local\Temp will be emptied at reboot C:\Users\Family\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Derryck\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Derryck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8N7SEEY" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7DILJWJ" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUKGK9NT" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSCQWW2" not deleted ==== EOF on Sat 05/23/2015 at 20:57:38.66 ======================

If you are talking about the internet speed, I'm fine with it for now. I restarted the router, same results. My service provider isn't the greatest. In regards to the snap.do, it is still present in the programs. What's next?

Can any of this be affecting my download speed via Wifi? I noticed that Speedtest.net on my laptop is only getting around 17mbps, while I get 50+ on my Lg Handheld Device.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02 Ran by Derryck at 2015-05-18 10:09:52 Run:2 Running from C:\Users\Derryck\Downloads Loaded Profiles: Derryck & Family (Available profiles: Derryck & Family) Boot Mode: Normal ============================================== Content of fixlist: ***************** closeprocesses: emptytemp: CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP12BCA438-A94A-4A5D-9BCD-1C1A5ACE9B11&SSPV=", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfR5zAEPXDBT9ImHGmSBYX6fF56cudmaXYYSF8pVPUvaKHng9uzkAa5_x4xHhZodXpNSE8SMwpzQB3CWz5arpulgYzxu2XLjXYeiA_w371_3p7cwuVUVvWbF6h35k0q0DXaCWXL39nhyOo," S2 DefWatch; "C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe" [X] S2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe" [X] U4 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {4371e676-52af-11df-82dd-001eecf6f945} - F:\bckdmsn.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {e5949adc-fbe3-11dd-9bf0-001eecf6f945} - setupSNK.exe ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1000] => ProxyServer: [s-1-5-21-1168040921-1354016781- -1001] => HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb SearchScopes: HKLM -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = http://www.ask.com/w...}&l=dis&o=ushpl SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File RemoveProxy: Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers ***************** Processes closed successfully. Chrome HomePage not detected. Chrome StartupUrls not detected. DefWatch => Service not found. Symantec AntiVirus => Service not found. eabfiltr => Service not found. IpInIp => Service not found. NwlnkFlt => Service not found. NwlnkFwd => Service not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => Value not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4371e676-52af-11df-82dd-001eecf6f945} => Key not found. HKCR\CLSID\{4371e676-52af-11df-82dd-001eecf6f945} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5949adc-fbe3-11dd-9bf0-001eecf6f945} => Key not found. HKCR\CLSID\{e5949adc-fbe3-11dd-9bf0-001eecf6f945} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. HKU\ProxyServer: [s-1-5-21-1168040921-1354016781-\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. -1001] => => Error: No automatic fix found for this entry. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKCR\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304} => Key not found. HKCR\CLSID\{6F983AA9-79B7-4D5A-9B46-3E116BC60304} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKCR\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.0.6001 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. Unable to cancel {2F2F480A-768C-4D9A-8AF4-E91F7953B5AF}. Unable to cancel {CBB8CE74-6347-4065-A381-E7CEF82AF752}. 0 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 803.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:10:45 ====

Ask Toolbar Updater is not found in the programs list. Norton Download and Removal Tool says that I must first uninstall Symantec before it can continue, however; Symantec is also absent from the programs list. Please advise before I run the Farbar tool.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02 Ran by Derryck (administrator) on DERRYCK-PC on 14-05-2015 17:12:53 Running from C:\Users\Derryck\Downloads Loaded Profiles: Derryck & Family (Available profiles: Derryck & Family) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe () C:\Windows\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.197.2354.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [246784 2008-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [530432 2008-09-19] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.) HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-04-23] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [mobilegeni daemon] => "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {4371e676-52af-11df-82dd-001eecf6f945} - F:\bckdmsn.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {e5949adc-fbe3-11dd-9bf0-001eecf6f945} - setupSNK.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1000] => ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1001] => HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb SearchScopes: HKLM -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb SearchScopes: HKLM -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-07-14] (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-07-14] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-09-10] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-14] (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-07-14] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-07-31] (Apple Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-25] Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP12BCA438-A94A-4A5D-9BCD-1C1A5ACE9B11&SSPV=", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfR5zAEPXDBT9ImHGmSBYX6fF56cudmaXYYSF8pVPUvaKHng9uzkAa5_x4xHhZodXpNSE8SMwpzQB3CWz5arpulgYzxu2XLjXYeiA_w371_3p7cwuVUVvWbF6h35k0q0DXaCWXL39nhyOo," CHR Profile: C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-05-07] CHR Extension: (Google Docs) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22] CHR Extension: (Google Drive) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22] CHR Extension: (YouTube) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22] CHR Extension: (Google Search) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22] CHR Extension: (AdBlock) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-26] CHR Extension: (Bookmark Manager) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22] CHR Extension: (Gmail) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation) R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] () R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] () R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S2 DefWatch; "C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe" [X] S2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-31] (Symantec Corporation) S3 HpStm001; C:\Windows\System32\DRIVERS\HpStm001.SYS [14336 2008-08-28] (Primax Electronics Ltd.) S3 iscFlash; C:\Program Files (x86)\SP42276\iscflashx64.sys [24568 2008-08-05] (Insyde Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation) [File not signed] R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation) [File not signed] S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [156008 2009-02-27] (Symantec Corporation) U4 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 17:12 - 2015-05-14 17:13 - 00022382 _____ () C:\Users\Derryck\Downloads\FRST.txt 2015-05-14 17:06 - 2015-05-14 17:13 - 00000000 ____D () C:\FRST 2015-05-14 17:05 - 2015-05-14 17:05 - 02106368 _____ (Farbar) C:\Users\Derryck\Downloads\FRST64.exe 2015-05-13 18:22 - 2015-04-19 14:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2015-05-13 18:22 - 2015-04-19 13:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-05-13 18:22 - 2015-04-19 13:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2015-05-13 18:22 - 2015-04-19 13:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-05-13 18:22 - 2015-04-19 13:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-13 18:22 - 2015-04-17 16:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-13 18:22 - 2015-04-17 16:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-13 18:22 - 2015-04-17 16:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-13 18:22 - 2015-04-17 16:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 18:22 - 2015-04-17 16:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 18:22 - 2015-04-17 16:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 17:40 - 2015-04-30 09:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 17:40 - 2015-04-30 08:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 17:32 - 2015-04-10 16:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 17:32 - 2015-04-10 16:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe 2015-05-13 17:30 - 2015-04-30 06:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:30 - 2015-04-30 06:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:24 - 2015-04-09 17:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 17:24 - 2015-04-09 16:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 17:24 - 2015-04-09 16:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 17:24 - 2015-04-09 16:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 17:24 - 2015-04-09 16:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 17:24 - 2015-04-09 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 17:24 - 2015-04-09 16:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 17:24 - 2015-04-09 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 17:24 - 2015-04-09 16:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-13 17:24 - 2015-04-09 16:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-05-13 17:24 - 2015-04-09 16:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 17:24 - 2015-04-09 16:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 17:24 - 2015-04-09 16:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 17:24 - 2015-04-09 16:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 17:24 - 2015-04-09 16:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 17:24 - 2015-04-09 16:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 17:24 - 2015-04-09 16:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 17:24 - 2015-04-09 16:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 17:24 - 2015-04-09 16:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-05-13 17:24 - 2015-04-09 16:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-05-13 15:13 - 2015-05-13 15:13 - 00001716 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-05-13 15:13 - 2015-05-13 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-05-13 15:12 - 2015-05-13 15:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-05-13 12:26 - 2015-03-04 19:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-05-13 12:26 - 2015-03-04 18:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-05-13 12:25 - 2015-03-13 19:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:25 - 2015-03-13 19:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:25 - 2015-03-12 18:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:25 - 2015-03-12 18:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:25 - 2015-03-12 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:25 - 2015-03-12 17:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:25 - 2015-03-12 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:25 - 2015-03-12 17:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:00 - 2015-05-13 12:00 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-13 12:00 - 2015-05-13 12:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-13 12:00 - 2015-05-13 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-13 11:58 - 2015-03-04 19:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-05-13 11:58 - 2015-03-04 19:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-05-13 11:58 - 2015-03-04 18:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-05-13 11:57 - 2015-03-08 18:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-05-13 11:57 - 2015-03-08 17:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-04-14 02:26 - 2015-04-14 02:26 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-04-14 02:26 - 2015-04-14 02:26 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 17:12 - 2008-11-19 16:53 - 01257874 _____ () C:\Windows\WindowsUpdate.log 2015-05-14 16:58 - 2014-01-22 16:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-14 16:55 - 2014-01-22 16:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-14 16:55 - 2008-11-19 17:38 - 00000290 _____ () C:\Users\Public\Documents\hpqp.ini 2015-05-14 09:48 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-14 09:48 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-14 05:49 - 2014-03-31 19:30 - 00000680 _____ () C:\Users\Family\AppData\Local\d3d9caps.dat 2015-05-13 22:51 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-13 22:51 - 2006-11-02 08:21 - 00313880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 22:49 - 2009-05-02 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 22:48 - 2008-08-04 01:29 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-05-13 22:48 - 2006-11-02 08:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-13 22:47 - 2006-11-02 08:07 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-13 18:51 - 2014-01-22 16:53 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-13 18:13 - 2008-08-04 02:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 18:11 - 2013-09-10 01:22 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 17:49 - 2006-11-02 05:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-13 17:31 - 2006-11-02 08:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-05-13 17:29 - 2010-06-05 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 17:13 - 2014-08-11 23:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-13 17:02 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-13 16:54 - 2008-01-20 20:26 - 00333696 _____ () C:\Windows\PFRO.log 2015-05-13 16:33 - 2013-09-10 23:14 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-05-13 16:33 - 2013-09-10 23:13 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-13 16:32 - 2013-09-10 23:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-13 16:32 - 2013-09-10 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-13 16:08 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\IME 2015-05-13 14:58 - 2014-08-11 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-13 14:58 - 2014-08-11 23:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-13 14:58 - 2013-09-11 12:34 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-13 12:20 - 2014-01-22 17:32 - 00753386 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-13 12:01 - 2012-04-04 12:20 - 00000000 ____D () C:\ProgramData\Skype 2015-05-04 17:40 - 2008-12-25 22:40 - 00000000 ____D () C:\Users\Derryck\Documents\Youcam 2015-04-14 09:37 - 2014-08-11 23:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 09:37 - 2014-08-11 23:30 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 09:37 - 2013-09-11 12:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2008-12-26 22:30 - 2008-12-26 22:30 - 0023888 _____ () C:\Users\Derryck\AppData\Roaming\UserTile.png 2009-06-11 00:10 - 2009-06-11 00:10 - 0000000 _____ () C:\Users\Derryck\AppData\Roaming\wklnhst.dat 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\AtStart.txt 2009-01-11 02:00 - 2014-04-18 14:45 - 0000680 _____ () C:\Users\Derryck\AppData\Local\d3d9caps.dat 2008-12-25 23:14 - 2015-02-23 20:53 - 0022528 _____ () C:\Users\Derryck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-31 18:29 - 2014-03-31 18:30 - 0435214 _____ () C:\Users\Derryck\AppData\Local\dd_vcredistMSI37DE.txt 2014-03-31 18:29 - 2014-03-31 18:30 - 0013344 _____ () C:\Users\Derryck\AppData\Local\dd_vcredistUI37DE.txt 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\DSwitch.txt 2011-10-26 11:07 - 2011-11-02 14:46 - 0000079 _____ () C:\Users\Derryck\AppData\Local\DVDPATH.TXT 2011-03-19 22:47 - 2011-03-23 13:45 - 0000000 _____ () C:\Users\Derryck\AppData\Local\FnF4.txt 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\QSwitch.txt 2014-09-09 12:34 - 2014-09-09 12:34 - 0032703 _____ () C:\Users\Derryck\AppData\Local\recently-used.xbel 2008-08-04 02:57 - 2008-08-04 02:58 - 0000372 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Derryck\AppData\Local\Temp\air4A3D.exe C:\Users\Derryck\AppData\Local\Temp\air7926.exe C:\Users\Derryck\AppData\Local\Temp\airABCF.exe C:\Users\Derryck\AppData\Local\Temp\airFD45.exe C:\Users\Derryck\AppData\Local\Temp\chrome.exe C:\Users\Derryck\AppData\Local\Temp\EnableExtDll.dll C:\Users\Derryck\AppData\Local\Temp\mMamStub.exe C:\Users\Derryck\AppData\Local\Temp\SfpcHelper_installFinish.exe C:\Users\Derryck\AppData\Local\Temp\SfpcHelper_installStart.exe C:\Users\Derryck\AppData\Local\Temp\srtUnin.dll C:\Users\Derryck\AppData\Local\Temp\vcredist_x64.exe C:\Users\Derryck\AppData\Local\Temp\_isAB7C.exe C:\Users\Derryck\AppData\Local\Temp\{CBB008EC-64A9-4F92-B133-1A5090B003ED}-36.0.1985.125_chrome_installer.exe C:\Users\Family\AppData\Local\Temp\HPQSi.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 11:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02 Ran by Derryck at 2015-05-14 17:14:19 Running from C:\Users\Derryck\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1168040921-1354016781-2725636698-500 - Administrator - Disabled) Derryck (S-1-5-21-1168040921-1354016781-2725636698-1000 - Administrator - Enabled) => C:\Users\Derryck Family (S-1-5-21-1168040921-1354016781-2725636698-1001 - Limited - Enabled) => C:\Users\Family Guest (S-1-5-21-1168040921-1354016781-2725636698-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar Updater (HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - ) Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2029 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.2.0 - Hewlett-Packard Company) HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company) HP QuickPlay 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - ) HP QuickTouch 1.00 D2 (HKLM\...\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}) (Version: 1.0.9 - Hewlett-Packard) HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard) HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard) HP User Guides 0101 (HKLM-x32\...\{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard) HP Wireless Comfort Mouse (HKLM-x32\...\{6C65938D-9456-4D9A-B117-04391A3FA379}) (Version: 1.0.0.0 - HP) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.) LightScribe System Software 1.12.33.2 (HKLM-x32\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.) PowerDirector (x32 Version: 6.5.2719 - CyberLink Corp.) Hidden ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard) PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden SimUText (HKLM-x32\...\{AE38D084-6F8C-417C-9555-101A0F359E02}) (Version: 2.1.1 - SimBio) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snap.Do Engine (HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc) TI StudyCards Creator (HKLM-x32\...\{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}) (Version: 2.1.0.269 - Texas Instruments Incorporated) Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) ValueApps (HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\ValueApps) (Version: 1.4.0.3 - Conduit) <==== ATTENTION VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-03-2015 10:16:13 Scheduled Checkpoint 25-03-2015 08:54:19 Windows Update 29-03-2015 19:19:45 Windows Update 04-04-2015 12:16:15 Windows Update 08-04-2015 09:59:44 Windows Update 13-04-2015 15:29:13 Windows Update 27-04-2015 20:00:56 Windows Update 29-04-2015 16:39:26 Scheduled Checkpoint 02-05-2015 18:15:04 Windows Update 05-05-2015 21:09:35 Windows Update 13-05-2015 11:56:08 Windows Update 13-05-2015 16:30:27 Windows Update 13-05-2015 17:25:11 Windows Update 14-05-2015 09:53:22 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {17FB5E73-59E3-4CD3-B69F-CB7EDFE9565C} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard) Task: {200AD03A-D3A6-4C11-8EFC-CB48052BD026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {2E1A093B-AAEC-42BC-806C-150282487E58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {3ADCEF1C-4861-413C-9E37-E2D4EE908781} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Derryck => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation) Task: {437D6917-21A7-4F76-9DB5-9A43FD4FAF94} - System32\Tasks\{FF045CF8-9733-4DAC-BD2C-A8461DBDA9CC} => pcalua.exe -a C:\Users\Derryck\AppData\Local\Temp\Temp1_tg74pluginsetup[1].zip\tgpluginsetup.exe Task: {AA0F6F52-7C20-48F6-9B0F-FE123B8CE1EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BC1C8E72-B07C-4B53-975F-0CE3E3BB0726} - System32\Tasks\{7FBDD45C-F4F0-4477-96D4-FC3D4BFA78D7} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c @0,0x706c676e Task: {D723B240-3A8A-4CB9-A9B9-02F4A7F9E547} - System32\Tasks\HPCeeScheduleForDerryck => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForDerryck.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{AEEC6CFF-1F05-4A32-9E70-1DFC1499A1E3}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== 2008-08-04 02:06 - 2008-04-23 23:51 - 00292232 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2008-08-04 02:06 - 2008-04-23 23:52 - 00112008 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2008-08-04 03:17 - 2008-04-25 16:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe 2008-08-04 03:08 - 2007-01-09 02:25 - 00272024 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 2009-03-28 16:58 - 2008-09-19 18:00 - 00530432 _____ () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe 2009-03-28 16:58 - 2008-09-19 13:09 - 00453632 _____ () C:\Program Files\HP\HP Wireless Comfort Mouse\UI\xManager\xTools.dll 2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2008-08-04 02:05 - 2008-04-23 23:51 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00259472 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00120200 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll 2008-08-04 03:17 - 2007-11-14 16:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Derryck\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img24.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vptray => C:\PROGRA~2\SYMANT~1\VPTray.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{15348FFF-91CE-4D1C-BB13-D0543A64E09D}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe FirewallRules: [{42E9F7C2-2876-4B54-AF74-E6101B255DB7}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe FirewallRules: [{8B932AB5-6C7D-48BB-9003-0147CED749D4}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE FirewallRules: [{CF4DE775-A621-4266-BB9A-5A5E81D8E1FD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{E6230000-8725-46AB-A155-585F496913A5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [TCP Query User{68E1218C-EA87-409C-9F82-0FEBADAB1BDD}C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe FirewallRules: [uDP Query User{1C4A7A80-025F-4768-B215-2401F4D94A40}C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe FirewallRules: [{FAC34A02-74B0-4F4D-A434-B5B022B7DFF4}] => (Allow) C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe FirewallRules: [{E9C51FF8-33FA-4AD6-B404-5C9DD41E23C5}] => (Allow) C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe FirewallRules: [{9031CD37-F3CE-4B84-A3AA-C298B11C64FA}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{48252A28-26F2-48A1-B254-DC737D020058}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [TCP Query User{4857BE4A-2CCA-41A4-8E72-D2452E4A98B0}C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe] => (Allow) C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe FirewallRules: [uDP Query User{48C0B1D4-5600-4097-A587-8728B51A4DE1}C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe] => (Allow) C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe FirewallRules: [{D05CE784-C806-4500-BD9D-6CA233BADA07}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{B53F8114-1DF3-4C17-B76D-B52D74AC4E26}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{87841AC2-1EC2-4CC3-BCF5-0B7506B26608}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{6B525427-2EFC-4566-9545-353BFDFC47E6}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{10054F99-6E00-4371-A309-A1D4CE120C36}] => (Allow) LPort=80 FirewallRules: [{46ABABE7-727C-4C04-BBD5-13DEA7AD0F5A}] => (Allow) LPort=80 FirewallRules: [{39D342CE-7201-4A7F-8748-A73693C02F4D}] => (Allow) LPort=80 FirewallRules: [{4768A688-A3F1-46EC-84F4-285155ECE262}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{8B4BDA39-CBFC-4492-A98C-73B9D539AB2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{988CD4E3-4840-4CBB-885E-8996C8D986D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4C7C4695-9D8B-48DC-B8AB-C532C9ACEAEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A3E4C1D1-AB94-4C5B-9E06-D5F211717925}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{16F2C1D4-09A9-4FAA-BDB9-EBDE8CF1418B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6926F3DE-88F4-42B3-BEB9-8156636918D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{34DC2DE0-779E-4DB1-A0EF-F7B274F2099B}] => (Allow) LPort=2869 FirewallRules: [{4D02E062-BE04-4499-B114-7674724039D0}] => (Allow) LPort=1900 FirewallRules: [{897CC710-40E8-4CE8-8D03-46433AFC79C8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{742AEA15-EE03-4DEB-850C-BE4A62D04D5F}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [uDP Query User{56EBE5A5-4944-46C3-9C85-8C3FE2FCA0D4}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [{8BE62750-7338-4841-AB7A-E1CF9C6E8B6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 759507 Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 759507 Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 755747 Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 755747 Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1937439 Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1937439 Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 06:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1810 System errors: ============= Microsoft Office Sessions: ========================= Error: (02/25/2014 02:19:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 211 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/16/2012 05:19:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6830 seconds with 2520 seconds of active time. This session ended with a crash. Error: (08/30/2010 08:22:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4642 seconds with 840 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-05-14 17:14:10.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:10.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:09.994 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:09.526 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.520 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.068 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:07.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:13:26.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:13:25.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz Percentage of memory in use: 74% Total physical RAM: 4059.02 MB Available physical RAM: 1026.98 MB Total Pagefile: 8355.3 MB Available Pagefile: 4602.68 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:221.65 GB) (Free:104.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 19814382) Partition 1: (Active) - (Size=221.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================

I am having difficulty removing this program from my computer. I have already attempted deleting it from the control panel. It doesn't go away. I have run Malwarebytes several times and it cannot remove the software. Any ideas?