Romeo1
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 Neutral-
Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Derryck on Sat 05/23/2015 at 20:31:05.49. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Derryck\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 5/23/2015 8:32:23 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\CompuClever deleted successfully C:\PROGRA~2\Conduit deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Sling Media deleted successfully C:\PROGRA~2\Software Updater deleted successfully C:\PROGRA~2\System Optimizer Pro deleted successfully C:\PROGRA~2\COMMON~1\AOL deleted successfully C:\Program Files\Conduit deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Viewpoint deleted successfully C:\Users\Derryck\AppData\Roaming\HPAppData deleted successfully C:\Users\Derryck\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Derryck\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Derryck\AppData\Local\Conduit deleted successfully C:\Users\Derryck\AppData\Local\Yahoo deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB9D98C-A92F-4F3C-8CF6-113EB4B7A69} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72C9E2DF-5EF8-4DFF-8DFC-75397879DD65} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77B18C78-834-42DA-ACC8-4DD75A6E130} deleted successfully HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\43np0l7n.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- FireFox user.js and prefs.js backups ---- prefs_20150523_0847_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\CompuClever not found C:\PROGRA~2\Conduit not found C:\PROGRA~2\Sling Media not found C:\PROGRA~2\Software Updater not found C:\PROGRA~2\System Optimizer Pro not found C:\Users\Derryck\AppData\Local\41 deleted C:\Users\Derryck\daemonprocess.txt deleted C:\Users\Derryck\.android deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\Yahoo! deleted C:\Users\Derryck\AppData\Roaming\Yahoo! deleted C:\Users\Family\AppData\Roaming\Yahoo! deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\Yahoo! deleted C:\Users\Derryck\AppData\Local\Mobogenie deleted C:\Users\Derryck\AppData\Local\cache deleted C:\Users\Derryck\AppData\LocalLow\Yahoo! deleted C:\Users\Family\AppData\LocalLow\AskToolbar deleted C:\windows\SysNative\drivers\hlnfd.sys deleted C:\END deleted C:\Windows\Syswow64\SearchProtect deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Derryck\Documents\Mobogenie deleted "C:\PROGRA~2\Windows Collaboration" deleted ==== Registry Search Results for "{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}" ====================== [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Smartbar] "EngineGuid"="{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}" ==== Registry Search Results for "Snap.Do Engine" ====================== [HKEY_USERS\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] "DisplayName"="Snap.Do Engine" ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09/03/2009 03:01 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\43np0l7n.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Bookmark Manager - Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Chrome Hotword Shared Module - Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Chrome Hotword Shared Module - Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Preferences 000},{\"custom_display_name\":\"Choukei 4 90x205mm\",\"height_microns\":205000,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"74\",\"width_microns\":90000},{\"custom_display_name\":\"Youkei 4 105x235mm\",\"height_microns\":235000,\"name\":\"JPN_YOU4\",\"vendor_id\":\"91\",\"width_microns\":105000},{\"custom_display_name\":\"Youkei 6 98x190mm\",\"height_microns\":190000,\"name\":\"NA_MONARCH\",\"vendor_id\":\"149\",\"width_microns\":98000},{\"custom_display_name\":\"Card 2.16\\\"x3.58\\\" 55x91mm\",\"height_microns\":91000,\"vendor_id\":\"150\",\"width_microns\":55000},{\"custom_display_name\":\"Wide 4\\\"x7.1\\\" 101.6x180.6mm\",\"height_microns\":180600,\"vendor_id\":\"151\",\"width_microns\":101600},{\"custom_display_name\":\"Letter+ (Scaled)\",\"height_microns\":337800,\"vendor_id\":\"272\",\"width_microns\":228600},{\"custom_display_name\":\"11\\\"x17\\\" 279.4x431.8mm (Scaled)\",\"height_microns\":431800,\"name\":\"NA_LEDGER\",\"vendor_id\":\"3\",\"width_microns\":279400},{\"custom_display_name\":\"13.5\\\"x17\\\" 342.9x431.8mm (Scaled)\",\"height_microns\":431800,\"vendor_id\":\"262\",\"width_microns\":342900},{\"custom_display_name\":\"17\\\"x22\\\" 431.8x558.8mm (Scaled)\",\"height_microns\":558800,\"name\":\"NA_C\",\"vendor_id\":\"24\",\"width_microns\":431800},{\"custom_display_name\":\"A4+ (Scaled)\",\"height_microns\":355600,\"vendor_id\":\"273\",\"width_microns\":222700},{\"custom_display_name\":\"A3 (Scaled)\",\"height_microns\":420000,\"name\":\"ISO_A3\",\"vendor_id\":\"8\",\"width_microns\":297000},{\"custom_display_name\":\"A3+ 13\\\"x19\\\" 329x483mm (Scaled)\",\"height_microns\":483000,\"vendor_id\":\"274\",\"width_microns\":329000},{\"custom_display_name\":\"A2 (Scaled)\",\"height_microns\":594000,\"name\":\"ISO_A2\",\"vendor_id\":\"66\",\"width_microns\":420000},{\"custom_display_name\":\"B4 (Scaled)\",\"height_microns\":364000,\"name\":\"JIS_B4\",\"vendor_id\":\"12\",\"width_microns\":257000},{\"custom_display_name\":\"B3 (Scaled)\",\"height_microns\":515000,\"name\":\"JIS_B3\",\"vendor_id\":\"257\",\"width_microns\":364000},{\"custom_display_name\":\"10\\\"x12\\\" 25x30cm (Scaled)\",\"height_microns\":304800,\"vendor_id\":\"297\",\"width_microns\":254000},{\"custom_display_name\":\"14\\\"x17\\\" 36x43cm (Scaled)\",\"height_microns\":431800,\"vendor_id\":\"296\",\"width_microns\":355600}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"mediaSize\":{\"custom_display_name\":\"Letter 8.5\\\"x11\\\"\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"isColorEnabled\":false}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://www.discoverbeauty.com:443,*":{"setting":1}},"media_stream_mic":{"https://www.discoverbeauty.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.nosejobs.info:80,*":{"last_used":{"media-stream-camera":1431972389.165016}},"https://www.discoverbeauty.com:443,*":{"last_used":{"media-stream-camera":1431970316.729416,"media-stream-mic":1431970316.729416},"media-stream-camera":1,"media-stream-mic":1}},"pref_version":1},"created_by_version":"32.0.1700.76","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13076442075044800","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[7,null,null,null,null,9,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Derryck\\Desktop","type":1},"selectfile":{"last_directory":"C:\\Users\\Derryck\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13040797562583800"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"history_delete_directives":true,"managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncBuUrgUb5Mav6rEjuPIkm5A==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1,"user_skipped":true},"synced_notification":{"enabled_sending_services":["Google+"],"first_run":false,"initialized_sending_services":["Google+"]},"translate_accepted_count":{"de":0,"es":0,"no":0,"tr":0,"zh-TW":2},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"es":1,"no":1,"tr":1,"zh-TW":0},"translate_last_denied_time":1427302357729.0,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Uninstall List x64 ====================== Acrobat.com [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}] ActiveCheck component for HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}] Adobe Flash Player 10 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin] Adobe Reader 9.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A92000000001}] Adobe Shockwave Player 11.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] Agere Systems HDA Modem [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}] Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] Broadcom 802.11 Wireless LAN Adapter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11 Wireless LAN Adapter] Canon MP280 series MP Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series] Cards_Calendar_OrderGift_DoMorePlugout [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}] CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] CyberLink YouCam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}] CyberLink YouCam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] ESU for Microsoft Vista [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3877C901-7B90-4727-A639-B6ED2DD59D43}] GIMP 2.8.14 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GIMP-2_is1] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}] HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}] HP Doc Viewer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{082702D5-5DD8-4600-BCE5-48B15174687F}] HP Help and Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0054A0F6-00C9-4498-B821-B5C9578F433E}] HP MULTIPLE MODEM INSTALLER for VISTA [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}] HP Photosmart Essential 2.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential] HP Photosmart Essential 2.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}] HP Quick Launch Buttons [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}] HP QuickPlay 3.7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45D707E9-F3C4-11D9-A373-0050BAE317E1}] HP QuickTouch 1.00 D2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}] HP Total Care Advisor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f32502b5-5b64-4882-bf61-77f23edcac4f}] HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}] HP User Guides 0101 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}] HP Wireless Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}] HP Wireless Comfort Mouse [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C65938D-9456-4D9A-B117-04391A3FA379}] HPAsset component for HP Active Support Library [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}] HPPhotoSmartDiscLabel_PaperLabel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A07840FC-CE63-4CB8-8030-EF4B9805925A}] HPPhotoSmartDiscLabel_PrintOnDisc [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}] HPPhotoSmartDiscLabel_Tattoo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F636EE9A-F9EC-4606-BCFA-77DD0E210788}] HPPhotoSmartDiscLabelContent1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD3C88A0-C53C-41D0-A21B-6D021981D23E}] hpphotosmartdisclabelplugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADFB9653-F44C-460C-BF58-189CC552DFFE}] HPPhotoSmartPhotobookHolidayPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06E74B9B-631F-4378-BF3A-40D868450C05}] HPPhotoSmartPhotobookModernPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}] HPPhotoSmartPhotobookPlayfulPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{172AEB5E-CBB2-4CDD-A4CF-388600825839}] HPPhotoSmartPhotobookScrapbookPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC95121F-1576-45B8-82F7-3911D27882E6}] HPPhotoSmartPhotobookWebPack1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12A76360-388E-4B27-ABEB-D5FC5378DD2A}] HPTCSSetup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}] iCloud [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}] IDT Audio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}] Intel® Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI] iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}] Java 6 Update 33 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216033FF}] JMicron JMB38X Flash Media Controller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}] LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] LightScribe System Software 1.12.33.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582287DA-0806-4AC0-BF19-C15E3A466034}] Malwarebytes Anti-Malware version 2.1.6.1022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] Power2Go [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] ProtectSmart Hard Drive Protection [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F97CE84-9C33-4631-821B-85EA371EA254}] PSSWCORE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34BFB099-07B2-4E95-A673-7362D60866A2}] QLBCASL [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1D7AC58-554A-4A58-B784-B61558B1449A}] QuickTime 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}] Realtek 8169 8168 8101E 8102E Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] Segoe UI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}] SimUText [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE38D084-6F8C-417C-9555-101A0F359E02}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Snap.Do Engine [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}] Spelling Dictionaries Support For Adobe Reader 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}] TI Connect 1.6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A8B94669-8654-4126-BD28-D0D2412CDED6}] TI StudyCards Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}] Touch Pad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] VideoToolkit01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}] Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EC3E466026556D3EB760B01C4772277614354E11] Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7511B29C86C398B4D11A0B0E4176CAD68D1B7057] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}] ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\229583BF23E226447ACD725169416A06 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8N7SEEY will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7DILJWJ will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUKGK9NT will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSCQWW2 will be deleted at reboot C:\Users\Derryck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Family\AppData\Local\Mozilla\Firefox\Profiles\43np0l7n.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=47 folders=48 4655532 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Derryck\AppData\Local\Temp will be emptied at reboot C:\Users\Family\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Derryck\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Derryck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8N7SEEY" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7DILJWJ" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUKGK9NT" not deleted "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGSCQWW2" not deleted ==== EOF on Sat 05/23/2015 at 20:57:38.66 ======================
-
If you are talking about the internet speed, I'm fine with it for now. I restarted the router, same results. My service provider isn't the greatest. In regards to the snap.do, it is still present in the programs. What's next?
-
Can any of this be affecting my download speed via Wifi? I noticed that Speedtest.net on my laptop is only getting around 17mbps, while I get 50+ on my Lg Handheld Device.
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02 Ran by Derryck at 2015-05-18 10:09:52 Run:2 Running from C:\Users\Derryck\Downloads Loaded Profiles: Derryck & Family (Available profiles: Derryck & Family) Boot Mode: Normal ============================================== Content of fixlist: ***************** closeprocesses: emptytemp: CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP12BCA438-A94A-4A5D-9BCD-1C1A5ACE9B11&SSPV=", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfR5zAEPXDBT9ImHGmSBYX6fF56cudmaXYYSF8pVPUvaKHng9uzkAa5_x4xHhZodXpNSE8SMwpzQB3CWz5arpulgYzxu2XLjXYeiA_w371_3p7cwuVUVvWbF6h35k0q0DXaCWXL39nhyOo," S2 DefWatch; "C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe" [X] S2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe" [X] U4 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {4371e676-52af-11df-82dd-001eecf6f945} - F:\bckdmsn.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {e5949adc-fbe3-11dd-9bf0-001eecf6f945} - setupSNK.exe ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1000] => ProxyServer: [s-1-5-21-1168040921-1354016781- -1001] => HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb SearchScopes: HKLM -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = http://www.ask.com/w...}&l=dis&o=ushpl SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File RemoveProxy: Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers ***************** Processes closed successfully. Chrome HomePage not detected. Chrome StartupUrls not detected. DefWatch => Service not found. Symantec AntiVirus => Service not found. eabfiltr => Service not found. IpInIp => Service not found. NwlnkFlt => Service not found. NwlnkFwd => Service not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => Value not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4371e676-52af-11df-82dd-001eecf6f945} => Key not found. HKCR\CLSID\{4371e676-52af-11df-82dd-001eecf6f945} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5949adc-fbe3-11dd-9bf0-001eecf6f945} => Key not found. HKCR\CLSID\{e5949adc-fbe3-11dd-9bf0-001eecf6f945} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. HKU\ProxyServer: [s-1-5-21-1168040921-1354016781-\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. -1001] => => Error: No automatic fix found for this entry. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKCR\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304} => Key not found. HKCR\CLSID\{6F983AA9-79B7-4D5A-9B46-3E116BC60304} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKCR\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.0.6001 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. Unable to cancel {2F2F480A-768C-4D9A-8AF4-E91F7953B5AF}. Unable to cancel {CBB8CE74-6347-4065-A381-E7CEF82AF752}. 0 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 803.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:10:45 ====
-
Ask Toolbar Updater is not found in the programs list. Norton Download and Removal Tool says that I must first uninstall Symantec before it can continue, however; Symantec is also absent from the programs list. Please advise before I run the Farbar tool.
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02 Ran by Derryck (administrator) on DERRYCK-PC on 14-05-2015 17:12:53 Running from C:\Users\Derryck\Downloads Loaded Profiles: Derryck & Family (Available profiles: Derryck & Family) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe () C:\Windows\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.197.2354.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [246784 2008-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [530432 2008-09-19] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.) HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-04-23] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [mobilegeni daemon] => "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {4371e676-52af-11df-82dd-001eecf6f945} - F:\bckdmsn.exe HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\MountPoints2: {e5949adc-fbe3-11dd-9bf0-001eecf6f945} - setupSNK.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1000] => ProxyServer: [s-1-5-21-1168040921-1354016781-2725636698-1001] => HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb SearchScopes: HKLM -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb SearchScopes: HKLM -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {6F983AA9-79B7-4D5A-9B46-3E116BC60304} URL = SearchScopes: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> {D36439C9-37CD-47CA-97D6-93DB9EADB688} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-07-14] (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-07-14] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-1168040921-1354016781-2725636698-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-09-10] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-14] (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-07-14] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-07-31] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-07-31] (Apple Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-25] Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP12BCA438-A94A-4A5D-9BCD-1C1A5ACE9B11&SSPV=", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfR5zAEPXDBT9ImHGmSBYX6fF56cudmaXYYSF8pVPUvaKHng9uzkAa5_x4xHhZodXpNSE8SMwpzQB3CWz5arpulgYzxu2XLjXYeiA_w371_3p7cwuVUVvWbF6h35k0q0DXaCWXL39nhyOo," CHR Profile: C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-05-07] CHR Extension: (Google Docs) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22] CHR Extension: (Google Drive) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22] CHR Extension: (YouTube) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22] CHR Extension: (Google Search) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22] CHR Extension: (AdBlock) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-26] CHR Extension: (Bookmark Manager) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22] CHR Extension: (Gmail) - C:\Users\Derryck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation) R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] () R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] () R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S2 DefWatch; "C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe" [X] S2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-31] (Symantec Corporation) S3 HpStm001; C:\Windows\System32\DRIVERS\HpStm001.SYS [14336 2008-08-28] (Primax Electronics Ltd.) S3 iscFlash; C:\Program Files (x86)\SP42276\iscflashx64.sys [24568 2008-08-05] (Insyde Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation) [File not signed] R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation) [File not signed] S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [156008 2009-02-27] (Symantec Corporation) U4 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 17:12 - 2015-05-14 17:13 - 00022382 _____ () C:\Users\Derryck\Downloads\FRST.txt 2015-05-14 17:06 - 2015-05-14 17:13 - 00000000 ____D () C:\FRST 2015-05-14 17:05 - 2015-05-14 17:05 - 02106368 _____ (Farbar) C:\Users\Derryck\Downloads\FRST64.exe 2015-05-13 18:22 - 2015-04-19 14:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2015-05-13 18:22 - 2015-04-19 14:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2015-05-13 18:22 - 2015-04-19 13:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-05-13 18:22 - 2015-04-19 13:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2015-05-13 18:22 - 2015-04-19 13:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-05-13 18:22 - 2015-04-19 13:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-13 18:22 - 2015-04-17 17:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-13 18:22 - 2015-04-17 16:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-13 18:22 - 2015-04-17 16:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-13 18:22 - 2015-04-17 16:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-13 18:22 - 2015-04-17 16:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 18:22 - 2015-04-17 16:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 18:22 - 2015-04-17 16:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 17:40 - 2015-04-30 09:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 17:40 - 2015-04-30 08:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 17:32 - 2015-04-10 16:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 17:32 - 2015-04-10 16:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe 2015-05-13 17:30 - 2015-04-30 06:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:30 - 2015-04-30 06:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:24 - 2015-04-09 17:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 17:24 - 2015-04-09 16:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 17:24 - 2015-04-09 16:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 17:24 - 2015-04-09 16:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 17:24 - 2015-04-09 16:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 17:24 - 2015-04-09 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 17:24 - 2015-04-09 16:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-13 17:24 - 2015-04-09 16:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 17:24 - 2015-04-09 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 17:24 - 2015-04-09 16:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-13 17:24 - 2015-04-09 16:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-13 17:24 - 2015-04-09 16:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-05-13 17:24 - 2015-04-09 16:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 17:24 - 2015-04-09 16:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 17:24 - 2015-04-09 16:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 17:24 - 2015-04-09 16:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 17:24 - 2015-04-09 16:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 17:24 - 2015-04-09 16:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 17:24 - 2015-04-09 16:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-05-13 17:24 - 2015-04-09 16:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 17:24 - 2015-04-09 16:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 17:24 - 2015-04-09 16:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-05-13 17:24 - 2015-04-09 16:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-05-13 17:24 - 2015-04-09 16:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-05-13 15:13 - 2015-05-13 15:13 - 00001716 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-05-13 15:13 - 2015-05-13 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-05-13 15:12 - 2015-05-13 15:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-05-13 12:26 - 2015-03-04 19:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-05-13 12:26 - 2015-03-04 18:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-05-13 12:25 - 2015-03-13 19:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:25 - 2015-03-13 19:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:25 - 2015-03-12 18:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:25 - 2015-03-12 18:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:25 - 2015-03-12 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:25 - 2015-03-12 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:25 - 2015-03-12 17:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:25 - 2015-03-12 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:25 - 2015-03-12 17:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:00 - 2015-05-13 12:00 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-13 12:00 - 2015-05-13 12:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-13 12:00 - 2015-05-13 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-13 11:58 - 2015-03-04 19:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-05-13 11:58 - 2015-03-04 19:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-05-13 11:58 - 2015-03-04 18:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-05-13 11:57 - 2015-03-08 18:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-05-13 11:57 - 2015-03-08 17:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-04-14 02:26 - 2015-04-14 02:26 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-04-14 02:26 - 2015-04-14 02:26 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 17:12 - 2008-11-19 16:53 - 01257874 _____ () C:\Windows\WindowsUpdate.log 2015-05-14 16:58 - 2014-01-22 16:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-14 16:55 - 2014-01-22 16:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-14 16:55 - 2008-11-19 17:38 - 00000290 _____ () C:\Users\Public\Documents\hpqp.ini 2015-05-14 09:48 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-14 09:48 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-14 05:49 - 2014-03-31 19:30 - 00000680 _____ () C:\Users\Family\AppData\Local\d3d9caps.dat 2015-05-13 22:51 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-13 22:51 - 2006-11-02 08:21 - 00313880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 22:49 - 2009-05-02 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 22:48 - 2008-08-04 01:29 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-05-13 22:48 - 2006-11-02 08:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-13 22:47 - 2006-11-02 08:07 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-13 18:51 - 2014-01-22 16:53 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-13 18:13 - 2008-08-04 02:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 18:11 - 2013-09-10 01:22 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 17:49 - 2006-11-02 05:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-13 17:31 - 2006-11-02 08:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-05-13 17:29 - 2010-06-05 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 17:13 - 2014-08-11 23:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-13 17:02 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-13 16:54 - 2008-01-20 20:26 - 00333696 _____ () C:\Windows\PFRO.log 2015-05-13 16:33 - 2013-09-10 23:14 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-05-13 16:33 - 2013-09-10 23:13 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-13 16:32 - 2013-09-10 23:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-13 16:32 - 2013-09-10 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-13 16:08 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\IME 2015-05-13 14:58 - 2014-08-11 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-13 14:58 - 2014-08-11 23:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-13 14:58 - 2013-09-11 12:34 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-13 12:20 - 2014-01-22 17:32 - 00753386 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-13 12:01 - 2012-04-04 12:20 - 00000000 ____D () C:\ProgramData\Skype 2015-05-04 17:40 - 2008-12-25 22:40 - 00000000 ____D () C:\Users\Derryck\Documents\Youcam 2015-04-14 09:37 - 2014-08-11 23:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 09:37 - 2014-08-11 23:30 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 09:37 - 2013-09-11 12:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2008-12-26 22:30 - 2008-12-26 22:30 - 0023888 _____ () C:\Users\Derryck\AppData\Roaming\UserTile.png 2009-06-11 00:10 - 2009-06-11 00:10 - 0000000 _____ () C:\Users\Derryck\AppData\Roaming\wklnhst.dat 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\AtStart.txt 2009-01-11 02:00 - 2014-04-18 14:45 - 0000680 _____ () C:\Users\Derryck\AppData\Local\d3d9caps.dat 2008-12-25 23:14 - 2015-02-23 20:53 - 0022528 _____ () C:\Users\Derryck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-31 18:29 - 2014-03-31 18:30 - 0435214 _____ () C:\Users\Derryck\AppData\Local\dd_vcredistMSI37DE.txt 2014-03-31 18:29 - 2014-03-31 18:30 - 0013344 _____ () C:\Users\Derryck\AppData\Local\dd_vcredistUI37DE.txt 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\DSwitch.txt 2011-10-26 11:07 - 2011-11-02 14:46 - 0000079 _____ () C:\Users\Derryck\AppData\Local\DVDPATH.TXT 2011-03-19 22:47 - 2011-03-23 13:45 - 0000000 _____ () C:\Users\Derryck\AppData\Local\FnF4.txt 2008-12-25 22:29 - 2008-12-25 22:29 - 0000000 _____ () C:\Users\Derryck\AppData\Local\QSwitch.txt 2014-09-09 12:34 - 2014-09-09 12:34 - 0032703 _____ () C:\Users\Derryck\AppData\Local\recently-used.xbel 2008-08-04 02:57 - 2008-08-04 02:58 - 0000372 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Derryck\AppData\Local\Temp\air4A3D.exe C:\Users\Derryck\AppData\Local\Temp\air7926.exe C:\Users\Derryck\AppData\Local\Temp\airABCF.exe C:\Users\Derryck\AppData\Local\Temp\airFD45.exe C:\Users\Derryck\AppData\Local\Temp\chrome.exe C:\Users\Derryck\AppData\Local\Temp\EnableExtDll.dll C:\Users\Derryck\AppData\Local\Temp\mMamStub.exe C:\Users\Derryck\AppData\Local\Temp\SfpcHelper_installFinish.exe C:\Users\Derryck\AppData\Local\Temp\SfpcHelper_installStart.exe C:\Users\Derryck\AppData\Local\Temp\srtUnin.dll C:\Users\Derryck\AppData\Local\Temp\vcredist_x64.exe C:\Users\Derryck\AppData\Local\Temp\_isAB7C.exe C:\Users\Derryck\AppData\Local\Temp\{CBB008EC-64A9-4F92-B133-1A5090B003ED}-36.0.1985.125_chrome_installer.exe C:\Users\Family\AppData\Local\Temp\HPQSi.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 11:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02 Ran by Derryck at 2015-05-14 17:14:19 Running from C:\Users\Derryck\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1168040921-1354016781-2725636698-500 - Administrator - Disabled) Derryck (S-1-5-21-1168040921-1354016781-2725636698-1000 - Administrator - Enabled) => C:\Users\Derryck Family (S-1-5-21-1168040921-1354016781-2725636698-1001 - Limited - Enabled) => C:\Users\Family Guest (S-1-5-21-1168040921-1354016781-2725636698-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar Updater (HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - ) Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2029 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.2.0 - Hewlett-Packard Company) HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company) HP QuickPlay 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - ) HP QuickTouch 1.00 D2 (HKLM\...\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}) (Version: 1.0.9 - Hewlett-Packard) HP Total Care Advisor (HKLM-x32\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard) HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard) HP User Guides 0101 (HKLM-x32\...\{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard) HP Wireless Comfort Mouse (HKLM-x32\...\{6C65938D-9456-4D9A-B117-04391A3FA379}) (Version: 1.0.0.0 - HP) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.) LightScribe System Software 1.12.33.2 (HKLM-x32\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.) PowerDirector (x32 Version: 6.5.2719 - CyberLink Corp.) Hidden ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard) PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden SimUText (HKLM-x32\...\{AE38D084-6F8C-417C-9555-101A0F359E02}) (Version: 2.1.1 - SimBio) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snap.Do Engine (HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\{67fd8fe0-aa23-4935-abbc-70fd01bd6eef}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc) TI StudyCards Creator (HKLM-x32\...\{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}) (Version: 2.1.0.269 - Texas Instruments Incorporated) Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) ValueApps (HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\...\ValueApps) (Version: 1.4.0.3 - Conduit) <==== ATTENTION VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-03-2015 10:16:13 Scheduled Checkpoint 25-03-2015 08:54:19 Windows Update 29-03-2015 19:19:45 Windows Update 04-04-2015 12:16:15 Windows Update 08-04-2015 09:59:44 Windows Update 13-04-2015 15:29:13 Windows Update 27-04-2015 20:00:56 Windows Update 29-04-2015 16:39:26 Scheduled Checkpoint 02-05-2015 18:15:04 Windows Update 05-05-2015 21:09:35 Windows Update 13-05-2015 11:56:08 Windows Update 13-05-2015 16:30:27 Windows Update 13-05-2015 17:25:11 Windows Update 14-05-2015 09:53:22 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {17FB5E73-59E3-4CD3-B69F-CB7EDFE9565C} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard) Task: {200AD03A-D3A6-4C11-8EFC-CB48052BD026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {2E1A093B-AAEC-42BC-806C-150282487E58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {3ADCEF1C-4861-413C-9E37-E2D4EE908781} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Derryck => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation) Task: {437D6917-21A7-4F76-9DB5-9A43FD4FAF94} - System32\Tasks\{FF045CF8-9733-4DAC-BD2C-A8461DBDA9CC} => pcalua.exe -a C:\Users\Derryck\AppData\Local\Temp\Temp1_tg74pluginsetup[1].zip\tgpluginsetup.exe Task: {AA0F6F52-7C20-48F6-9B0F-FE123B8CE1EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BC1C8E72-B07C-4B53-975F-0CE3E3BB0726} - System32\Tasks\{7FBDD45C-F4F0-4477-96D4-FC3D4BFA78D7} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c @0,0x706c676e Task: {D723B240-3A8A-4CB9-A9B9-02F4A7F9E547} - System32\Tasks\HPCeeScheduleForDerryck => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForDerryck.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{AEEC6CFF-1F05-4A32-9E70-1DFC1499A1E3}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== 2008-08-04 02:06 - 2008-04-23 23:51 - 00292232 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2008-08-04 02:06 - 2008-04-23 23:52 - 00112008 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2008-08-04 03:17 - 2008-04-25 16:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe 2008-08-04 03:08 - 2007-01-09 02:25 - 00272024 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 2009-03-28 16:58 - 2008-09-19 18:00 - 00530432 _____ () C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe 2009-03-28 16:58 - 2008-09-19 13:09 - 00453632 _____ () C:\Program Files\HP\HP Wireless Comfort Mouse\UI\xManager\xTools.dll 2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2008-08-04 02:05 - 2008-04-23 23:51 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00259472 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00120200 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll 2008-08-04 02:06 - 2008-04-23 23:51 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll 2008-08-04 03:17 - 2007-11-14 16:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1168040921-1354016781-2725636698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Derryck\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg HKU\S-1-5-21-1168040921-1354016781-2725636698-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img24.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vptray => C:\PROGRA~2\SYMANT~1\VPTray.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{15348FFF-91CE-4D1C-BB13-D0543A64E09D}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe FirewallRules: [{42E9F7C2-2876-4B54-AF74-E6101B255DB7}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe FirewallRules: [{8B932AB5-6C7D-48BB-9003-0147CED749D4}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE FirewallRules: [{CF4DE775-A621-4266-BB9A-5A5E81D8E1FD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{E6230000-8725-46AB-A155-585F496913A5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [TCP Query User{68E1218C-EA87-409C-9F82-0FEBADAB1BDD}C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe FirewallRules: [uDP Query User{1C4A7A80-025F-4768-B215-2401F4D94A40}C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\derryck\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe FirewallRules: [{FAC34A02-74B0-4F4D-A434-B5B022B7DFF4}] => (Allow) C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe FirewallRules: [{E9C51FF8-33FA-4AD6-B404-5C9DD41E23C5}] => (Allow) C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe FirewallRules: [{9031CD37-F3CE-4B84-A3AA-C298B11C64FA}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{48252A28-26F2-48A1-B254-DC737D020058}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [TCP Query User{4857BE4A-2CCA-41A4-8E72-D2452E4A98B0}C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe] => (Allow) C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe FirewallRules: [uDP Query User{48C0B1D4-5600-4097-A587-8728B51A4DE1}C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe] => (Allow) C:\users\derryck\appdata\local\temp\lmi14ce.tmp\lmi_rescue.exe FirewallRules: [{D05CE784-C806-4500-BD9D-6CA233BADA07}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{B53F8114-1DF3-4C17-B76D-B52D74AC4E26}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{87841AC2-1EC2-4CC3-BCF5-0B7506B26608}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{6B525427-2EFC-4566-9545-353BFDFC47E6}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{10054F99-6E00-4371-A309-A1D4CE120C36}] => (Allow) LPort=80 FirewallRules: [{46ABABE7-727C-4C04-BBD5-13DEA7AD0F5A}] => (Allow) LPort=80 FirewallRules: [{39D342CE-7201-4A7F-8748-A73693C02F4D}] => (Allow) LPort=80 FirewallRules: [{4768A688-A3F1-46EC-84F4-285155ECE262}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{8B4BDA39-CBFC-4492-A98C-73B9D539AB2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{988CD4E3-4840-4CBB-885E-8996C8D986D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4C7C4695-9D8B-48DC-B8AB-C532C9ACEAEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A3E4C1D1-AB94-4C5B-9E06-D5F211717925}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{16F2C1D4-09A9-4FAA-BDB9-EBDE8CF1418B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6926F3DE-88F4-42B3-BEB9-8156636918D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{34DC2DE0-779E-4DB1-A0EF-F7B274F2099B}] => (Allow) LPort=2869 FirewallRules: [{4D02E062-BE04-4499-B114-7674724039D0}] => (Allow) LPort=1900 FirewallRules: [{897CC710-40E8-4CE8-8D03-46433AFC79C8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{742AEA15-EE03-4DEB-850C-BE4A62D04D5F}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [uDP Query User{56EBE5A5-4944-46C3-9C85-8C3FE2FCA0D4}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [{8BE62750-7338-4841-AB7A-E1CF9C6E8B6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 759507 Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 759507 Error: (05/14/2015 09:08:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 755747 Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 755747 Error: (05/14/2015 09:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1937439 Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1937439 Error: (05/14/2015 07:29:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/14/2015 06:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1810 System errors: ============= Microsoft Office Sessions: ========================= Error: (02/25/2014 02:19:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 211 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/16/2012 05:19:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6830 seconds with 2520 seconds of active time. This session ended with a crash. Error: (08/30/2010 08:22:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4642 seconds with 840 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-05-14 17:14:10.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:10.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:09.994 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:09.526 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.520 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:08.068 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:14:07.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:13:26.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-05-14 17:13:25.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz Percentage of memory in use: 74% Total physical RAM: 4059.02 MB Available physical RAM: 1026.98 MB Total Pagefile: 8355.3 MB Available Pagefile: 4602.68 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:221.65 GB) (Free:104.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 19814382) Partition 1: (Active) - (Size=221.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
-
I am having difficulty removing this program from my computer. I have already attempted deleting it from the control panel. It doesn't go away. I have run Malwarebytes several times and it cannot remove the software. Any ideas?