Slow computer
Hi,
I am using my parents computer & have found it to be really slow. My parents say that they have found problems with loading applications, drop in internet connection - weak wifi signal even when next to hub (not sure if this is related to computer). Overall not very good. I have created a back up. Here's FRST & Ambr
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by valerie (administrator) on REPLACEMENTPC on 11-04-2015 11:28:11
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available profiles: valerie)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(VER_COMPANY_NAME) C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(COMPANYVERS_NAME) C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Joyent, Inc) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2039096 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [TotalRecipeSearch Search Scope Monitor] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [44784 2013-10-09] (MindSpark)
HKLM\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2013-10-09] (VER_COMPANY_NAME)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: E - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: {474edf55-1b46-11dc-8149-806e6f6e6963} - E:\inst_32\autorun.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispa...b_id&%language
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {0633EE93-1111-472f-A0FF-E1416B8B2EAA} URL = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-01-21] (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
BHO: Toolbar BHO -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-09-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO: Search Assistant BHO -> {df22384f-cf68-4d19-969f-10423715528b} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [2013-10-09] (MindSpark)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-01-21] (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKLM - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.4.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-04-01] (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll [2009-12-07] (Panda Security)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll [2013-10-09] (MindSpark)
FF Plugin HKU\S-1-5-21-1343853513-471013651-1662923988-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll [2010-06-10] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-28]
FF HKLM\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files\TotalRecipeSearch_14\bar\1.bin
FF Extension: TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013-10-09]
Chrome:
=======
CHR Profile: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (YouTube) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google Search) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (BT DesktopHelp extension) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-12-01]
CHR Extension: (Google Sheets) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (Gmail) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-11-29]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
S2 gupdate1c95fd8b90ceb00; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TotalRecipeSearch_14Service; C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2013-10-09] (COMPANYVERS_NAME)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NETIMFLT; C:\Windows\System32\DRIVERS\netimflt.sys [142128 2007-04-24] (Panda Software)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-29] (Sonic Solutions) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2010-10-01] (VIA Technologies, Inc.)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 PavSRK.sys; No ImagePath
S3 PavTPK.sys; No ImagePath
S1 WNMFLT; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 11:28 - 2015-04-11 11:28 - 00020597 _____ () C:\Users\valerie\Desktop\FRST.txt
2015-04-11 11:26 - 2015-04-11 11:28 - 00000000 ____D () C:\FRST
2015-04-11 11:25 - 2015-04-11 11:25 - 01135104 _____ (Farbar) C:\Users\valerie\Desktop\FRST.exe
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 _____ () C:\Windows\setupact.log
2015-04-11 11:21 - 2015-04-11 11:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-REPLACEMENTPC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-11 11:19 - 2015-04-11 11:19 - 00002027 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\RegBackup
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-11 11:18 - 2015-04-11 11:18 - 04720448 _____ () C:\Users\valerie\Desktop\tweaking.com_registry_backup_setup.exe
2015-04-11 10:02 - 2015-04-11 10:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-09 09:51 - 2015-04-11 10:11 - 00101280 _____ () C:\Users\valerie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 16:13 - 2015-04-08 16:13 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-08 16:13 - 2015-04-08 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 22:38 - 2015-04-04 22:58 - 00158929 _____ () C:\Users\valerie\Documents\St Barnabas Heading.pptx
2015-04-02 09:00 - 2015-04-02 09:00 - 00741888 _____ () C:\Users\valerie\Downloads\Candle day 2015 dates.pub
2015-03-29 15:06 - 2015-03-29 15:41 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00001742 _____ () C:\Users\Public\Desktop\Play Jewel Match 3.lnk
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\Program Files\Jewel Match 3
2015-03-29 14:34 - 2015-03-29 14:34 - 00001678 _____ () C:\Users\Public\Desktop\Play Fairies.lnk
2015-03-29 14:34 - 2015-03-29 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairies
2015-03-29 14:34 - 2015-03-29 14:34 - 00000000 ____D () C:\Program Files\Fairies
2015-03-28 00:24 - 2015-03-28 00:24 - 00000000 ____D () C:\Users\valerie\AppData\Local\{7D251CB0-B59D-45C9-AAC5-40D6702D2A82}
2015-03-23 16:15 - 2015-03-23 16:15 - 00000000 ____D () C:\Users\valerie\AppData\Local\{EBE90903-51C9-429C-905C-72EE76B30A8C}
2015-03-12 12:14 - 2015-03-12 12:14 - 00000000 ____D () C:\Users\valerie\AppData\Local\{090BB9AD-9A11-4E24-9546-4DC285C1F52A}
2015-03-12 01:12 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 01:11 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 01:10 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 01:02 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 01:02 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 01:01 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 01:01 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 01:01 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 01:01 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 01:01 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 01:00 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 00:59 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 00:58 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 11:19 - 2009-07-02 11:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 11:06 - 2014-04-17 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 11:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-11 10:50 - 2007-06-18 20:24 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-11 10:18 - 2007-06-15 14:47 - 02074065 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 10:05 - 2006-11-02 11:33 - 00753902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 09:46 - 2014-04-17 15:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-11 09:46 - 2011-08-20 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-11 09:46 - 2007-08-28 00:36 - 00000000 ____D () C:\Users\valerie\AppData\Local\Adobe
2015-04-11 09:42 - 2010-03-04 21:21 - 00000384 _____ () C:\Windows\Tasks\FileCure Startup.job
2015-04-11 09:42 - 2009-07-02 11:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 09:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 09:42 - 2006-11-02 13:47 - 00005984 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 09:42 - 2006-11-02 13:47 - 00005984 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 21:46 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-10 19:29 - 2007-09-04 13:26 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 18:00 - 2010-02-06 01:30 - 00000446 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-04-10 17:50 - 2014-12-09 18:50 - 00000244 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-04-10 17:18 - 2011-01-20 19:22 - 00000000 ____D () C:\Users\valerie\Documents\Excel
2015-04-10 03:28 - 2010-03-04 21:21 - 00000368 _____ () C:\Windows\Tasks\FileCure.job
2015-04-10 00:33 - 2010-02-06 01:30 - 00000420 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2015-04-09 17:11 - 2011-06-16 12:59 - 00000000 ____D () C:\Users\valerie\Documents\Charlie's Book
2015-04-08 16:16 - 2009-08-28 11:41 - 00000000 ____D () C:\Users\valerie\Tracing
2015-04-08 16:15 - 2009-01-19 21:40 - 00000000 ____D () C:\Users\valerie\Desktop\Big Fish
2015-04-08 16:15 - 2008-08-17 22:34 - 00000000 ____D () C:\Users\valerie\Desktop\GAMES
2015-04-08 16:15 - 2007-09-25 20:11 - 00000000 ____D () C:\Windows\Minidump
2015-04-08 16:15 - 2007-06-08 03:00 - 00000000 ____D () C:\Windows\Panther
2015-04-08 16:13 - 2010-04-06 09:05 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-08 16:13 - 2010-04-06 09:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 16:27 - 2013-11-04 10:52 - 00002627 _____ () C:\Users\valerie\Desktop\Microsoft Office Word 2007.lnk
2015-04-07 12:49 - 2010-02-05 15:11 - 00000000 ____D () C:\Program Files\TrainzSimulator2009
2015-04-05 10:31 - 2013-03-03 13:38 - 00000000 ____D () C:\Users\valerie\Desktop\Trains for sorting
2015-04-04 22:56 - 2014-08-14 08:58 - 00000000 ____D () C:\Users\valerie\Documents\St.Barnabas Brvment
2015-04-04 22:56 - 2010-09-12 10:03 - 00000000 ____D () C:\Users\valerie\Documents\St Barnabas shop
2015-04-04 13:28 - 2014-12-09 19:30 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Epson
2015-04-01 21:23 - 2014-12-01 23:12 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 15:24 - 2014-09-11 23:17 - 00000000 ____D () C:\Users\valerie\Desktop\Busses & Lorries for sorting
2015-03-31 15:24 - 2012-01-28 11:16 - 00000000 ____D () C:\Users\valerie\Desktop\Photo sorting
2015-03-29 17:43 - 2013-12-06 16:54 - 00000000 ____D () C:\BigFishCache
2015-03-29 15:05 - 2015-01-15 21:36 - 00001192 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2015-03-29 15:05 - 2011-08-15 10:45 - 00006533 _____ () C:\Windows\wininit.ini
2015-03-29 15:05 - 2007-06-18 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 15:30 - 2010-10-23 23:40 - 00000000 ____D () C:\Users\valerie\Documents\King Arthur stuff
2015-03-12 01:12 - 2008-05-13 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 01:10 - 2013-07-20 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 01:03 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2007-09-19 13:02 - 2007-09-19 13:02 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2010-04-06 20:23 - 2010-04-06 20:23 - 16409960 _____ (Safer Networking Limited ) C:\Program Files\spybotsd162.exe
2007-10-15 19:05 - 2011-05-06 14:51 - 0000680 _____ () C:\Users\valerie\AppData\Local\d3d9caps.dat
2007-08-24 10:29 - 2014-12-02 22:43 - 0051712 _____ () C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-20 09:24 - 2010-11-27 20:35 - 0000118 _____ () C:\Users\valerie\AppData\Local\DownloadLog.txt
2011-05-21 16:10 - 2011-05-21 16:11 - 0000000 _____ () C:\Users\valerie\AppData\Local\{83FB0A07-5C3A-4242-839C-60C562C72A87}
2013-07-19 10:32 - 2013-07-19 10:32 - 15985837 _____ () C:\ProgramData\SPL51CD.tmp
2012-03-24 11:30 - 2012-03-24 11:30 - 2409340 _____ () C:\ProgramData\SPL5456.tmp
2013-10-20 09:46 - 2013-10-20 09:46 - 0597668 _____ () C:\ProgramData\SPL6315.tmp
2012-05-21 13:12 - 2012-05-21 13:12 - 0514329 _____ () C:\ProgramData\SPL777F.tmp
2012-05-21 12:33 - 2012-05-21 12:33 - 0514329 _____ () C:\ProgramData\SPL7F3E.tmp
2013-10-19 10:36 - 2013-10-19 10:36 - 0597668 _____ () C:\ProgramData\SPLAE87.tmp
2012-03-24 11:04 - 2012-03-24 11:04 - 2409340 _____ () C:\ProgramData\SPLCC55.tmp
2007-10-30 17:14 - 2007-10-30 17:14 - 0474688 _____ () C:\ProgramData\SPLCF13.tmp
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-11 10:14
==================== End Of Log ============================
FRST Addt.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by valerie at 2015-04-11 11:29:11
Running from C:\Users\valerie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
100% Hidden Objects (HKLM\...\BFG-100 Percent Hidden Objects) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.258 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.258 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Alchemy Quest (HKLM\...\BFG-Alchemy Quest) (Version: - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.45 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{7A9FC484-2002-39E6-EF93-990C8A0D6F96}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version: - BT)
BT Desktop Help (HKLM\...\BT Desktop Help) (Version: - )
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version: - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fairies (HKLM\...\BFG-Fairies) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
File Signature Verification (HKLM\...\chklogo) (Version: - Microsoft Corporation)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HydraVision (Version: 4.2.152.0 - ATI Technologies Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Jar of Marbles (HKLM\...\BFG-Jar of Marbles) (Version: - )
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Jewel Match 3 (HKLM\...\BFG-Jewel Match 3) (Version: - )
Jewel Quest Heritage (HKLM\...\BFG-Jewel Quest Heritage) (Version: - )
Jigs@w Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Trains - Trainz Simulator 2009 (HKLM\...\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}) (Version: 1.00.0000 - Just Trains)
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Midnight Castle (HKLM\...\BFG-Midnight Castle) (Version: - )
MyFreeCodec (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MyFreeCodec) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM\...\Noah's Ark Deluxe 1.1) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
Panda ActiveScan 2.0 (HKLM\...\ActiveScan 2.0) (Version: 01.04.00.0000 - Panda Security)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
RealArcade (HKLM\...\RealArcade 1.2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tesco Easy Record (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Tesco Personal Finance 1.0 (HKLM\...\Tesco Personal Finance 1.0) (Version: - Tesco)
Tesco Photobook Creator (HKLM\...\Tesco Photobook Creator_is1) (Version: - )
TotalRecipeSearch Firefox Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
TotalRecipeSearch Internet Explorer Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Trainz Paint Shed (HKLM\...\{6202DCFE-2F03-445C-9885-CB54B062BC0F}) (Version: RC1 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Word Web Deluxe (HKLM\...\BFG-Word Web Deluxe) (Version: - )
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F499-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4741943-6C4B-4CF7-BF44-A0F4207D1330}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A5DC33CE-214B-4C26-8596-8A45456C9EB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\SYSTEM32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D7B70EE0-4340-11CF-B063-0020AFC2CD35}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ED50FC29-B964-48A9-AFB3-15EBB9B97F36}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
==================== Restore Points =========================
27-03-2015 08:36:48 Scheduled Checkpoint
28-03-2015 08:43:38 Scheduled Checkpoint
28-03-2015 20:46:55 Scheduled Checkpoint
29-03-2015 09:25:27 Windows Update
30-03-2015 17:15:59 Scheduled Checkpoint
31-03-2015 08:23:59 Scheduled Checkpoint
31-03-2015 21:58:02 Scheduled Checkpoint
01-04-2015 16:27:08 Scheduled Checkpoint
02-04-2015 08:41:47 Scheduled Checkpoint
03-04-2015 09:51:58 Windows Update
04-04-2015 11:46:11 Scheduled Checkpoint
05-04-2015 12:52:18 Scheduled Checkpoint
06-04-2015 10:33:38 Scheduled Checkpoint
07-04-2015 07:54:22 Windows Update
08-04-2015 11:09:02 Scheduled Checkpoint
09-04-2015 12:00:48 Scheduled Checkpoint
11-04-2015 09:56:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00028F98-99F8-4772-888E-D0DC1FBEF665} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {00174B35-32E4-44B9-940D-209ED9BACC9E} - System32\Tasks\{73AA2CD6-CAD3-4721-89B5-E3452E6AFAFA} => pcalua.exe -a "C:\Program Files\Tesco Personal Finance\uninstall.exe"
Task: {04A8197C-8FB4-4B06-8CA1-F30F53FC91F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {04F98558-1D21-49F5-98F0-E2CD3B4B3AE0} - System32\Tasks\{BBDD49CB-3815-4BD6-83EE-80159BD9F933} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {256A0AF9-EB2B-4675-A31E-DA1D00A5FB3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {351B575A-DEC1-4C17-863F-ED487E239FF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-11] (Adobe Systems Incorporated)
Task: {43476512-A033-4A98-9EBA-EB4E8EABBAF8} - System32\Tasks\{59AF0045-13DB-4F00-958F-5FAD84A0C32A} => pcalua.exe -a K:\setup.exe -d K:\
Task: {4B12814A-0278-4AE2-942A-2C2D76FCBB93} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {56A8465F-11BC-4A52-9C59-C6932DB59CEC} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
Task: {67F29650-86CE-4A2D-BC3E-9DB0EACA13CF} - System32\Tasks\{3660E0B3-09A1-4A9A-9284-36C25AA3FE35} => pcalua.exe -a "C:\Program Files\MSN Games\Bricks of Egypt\Uninstall.exe" -c "C:\Program Files\MSN Games\Bricks of Egypt\install.log"
Task: {6D6B60DB-E737-47EC-BB52-BE392745BBEC} - System32\Tasks\{708ED796-EFCC-4AA5-B076-56E5FFECC07D} => pcalua.exe -a "C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe" -c "C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log"
Task: {6EE90EB4-DF32-4B7F-8599-85834E2C9741} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - valerie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {73562AC1-83E0-465E-AC0D-9A2F9D45EC59} - System32\Tasks\{BF35C40C-9B64-41B7-87AF-DD649973324B} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H803DTMW\BTBroadbandDesktopHelpUpgradeAdvisor[1].exe" -d C:\Users\valerie\Desktop
Task: {7BF1193B-B38C-49F4-A1C9-97C774363A0A} - System32\Tasks\FileCure => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {814AF987-DF13-466A-9BBF-731FA9ED9F19} - System32\Tasks\{3F37112C-66E7-40F1-989D-0B4323D482FB} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENJZG3OM\RealArcade-Installer_superjigsawlandscapes_ambient[1].exe" -d C:\Users\valerie\Desktop
Task: {BCE95D7D-5E85-412C-93C2-44B0931DD70A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {CD4A2B41-060F-4B24-8E9C-18BE76B54869} - System32\Tasks\FileCure Startup => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {E8817263-B960-4694-AB18-D90D885080B3} - System32\Tasks\User_Feed_Synchronization-{FD04D118-7ADD-45FF-9BC4-CC3188C3ED40}
Task: {EE03B125-D2BE-45C6-A291-FA1435F5EF9C} - System32\Tasks\Microsoft\Windows\RestartManager\{01F03597-8273-4e5d-9D17-DC769DB71D28} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F7631F9D-7067-4EB7-A10E-B954351C3BBE} - System32\Tasks\{E47480C0-5F1D-4DB3-9730-5777A95CAED0} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {FD7E32D2-FADB-4899-ADF0-57015DD687FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\FileCure Startup.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-09 18:47 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 18:47 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0588E665
AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:96C05DC7
AlternateDataStreams: C:\ProgramData\TEMP:9B9B0020
AlternateDataStreams: C:\ProgramData\TEMP:9F683177
AlternateDataStreams: C:\ProgramData\TEMP:ABCD2B94
AlternateDataStreams: C:\ProgramData\TEMP:ACBEBDAA
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:D03C22B4
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:F5E90ED3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\valerie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Pareto_Update => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== Accounts: =============================
Administrator (S-1-5-21-1343853513-471013651-1662923988-500 - Administrator - Disabled)
Guest (S-1-5-21-1343853513-471013651-1662923988-501 - Limited - Enabled)
valerie (S-1-5-21-1343853513-471013651-1662923988-1000 - Administrator - Enabled) => C:\Users\valerie
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LB8UQGW8\FBSTATIC-A.AKAMAIHD.NET\RSRC.PHP\V1\YA\R\IHTYLMRZTQK.SWF\FB_VIDEO_PLAYER.SXX> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/11/2015 10:25:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CACHE.BTRLL.COM\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/11/2015 10:25:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CACHE.BTRLL.COM\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/11/2015 10:00:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c48
Start Time: 01d07433bde7c59a
Termination Time: 9453
Error: (04/10/2015 06:42:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16633, time stamp 0x54e8be59, faulting module Flash32_16_0_0_305.ocx, version 16.0.0.305, time stamp 0x54cff11b, exception code 0xc0000005, fault offset 0x00227c4c,
process id 0x18f0, application start time 0xiexplore.exe0.
Error: (04/10/2015 06:06:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/10/2015 06:06:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (04/10/2015 10:37:41 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM\SETTINGS.SOL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (04/11/2015 09:45:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456
Error: (04/11/2015 09:43:47 AM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
Expiration Reason: %%873
Expiration Date (UTC): 11/04/2015 08:43:46
Error Code: 0x80092003
Error Description: An error occurred while reading or writing to a file.
Error: (04/11/2015 09:43:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: WNMFLT
Error: (04/09/2015 05:21:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456
Error: (04/09/2015 05:20:32 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
Expiration Reason: %%873
Expiration Date (UTC): 09/04/2015 16:20:32
Error Code: 0x80092003
Error Description: An error occurred while reading or writing to a file.
Error: (04/09/2015 05:18:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (04/09/2015 05:17:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: WNMFLT
Error: (04/09/2015 05:17:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:12:21 on 09/04/2015 was unexpected.
Error: (04/09/2015 09:17:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456
Error: (04/09/2015 09:17:44 AM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
Expiration Reason: %%873
Expiration Date (UTC): 09/04/2015 08:17:44
Error Code: 0x80092003
Error Description: An error occurred while reading or writing to a file.
Microsoft Office Sessions:
=========================
Error: (12/22/2011 10:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/21/2011 01:06:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/12/2011 00:40:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/30/2011 07:09:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/05/2011 00:20:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/01/2011 09:23:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/01/2011 09:21:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/05/2011 00:53:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/26/2010 07:51:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/26/2010 04:49:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-04-11 11:28:32.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-11 11:28:32.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-11 11:28:31.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-11 11:28:31.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-13 12:11:54.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-13 12:11:54.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-13 12:10:12.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-13 12:10:11.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-10-13 11:56:08.334
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-10-13 11:56:07.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 63%
Total physical RAM: 2037.44 MB
Available physical RAM: 736.63 MB
Total Pagefile: 4318.13 MB
Available Pagefile: 2897.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.29 MB
==================== Drives ================================
Drive c: (Partition_1) (Fixed) (Total:221.69 GB) (Free:109.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.19 GB) (Free:4.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 063912D2)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-04-11 11:32:12
-----------------------------
11:32:12.326 OS Version: Windows 6.0.6002 Service Pack 2
11:32:12.326 Number of processors: 2 586 0x602
11:32:12.342 ComputerName: REPLACEMENTPC UserName: valerie
11:32:14.261 Initialize success
11:32:14.339 VM: initialized successfully
11:32:14.339 VM: Intel CPU supported
11:32:16.537 VM: disk I/O atapi.sys
11:37:57.300 AVAST engine defs: 15041100
11:38:07.830 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:38:07.846 Disk 0 Vendor: SAMSUNG_SP2514N VF100-50 Size: 238474MB BusType: 3
11:38:07.986 Disk 0 MBR read successfully
11:38:07.986 Disk 0 MBR scan
11:38:08.095 Disk 0 unknown MBR code
11:38:08.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227012 MB offset 23470965
11:38:08.126 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11460 MB offset 63
11:38:08.142 Disk 0 scanning sectors +488392065
11:38:08.220 Disk 0 scanning C:\Windows\system32\drivers
11:38:22.666 Service scanning
11:38:50.122 Modules scanning
11:38:50.122 Disk 0 trace - called modules:
11:38:50.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys rassstp.sys tcpip.sys NETIO.SYS
11:38:50.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86865620]
11:38:50.184 3 CLASSPNP.SYS[88bac8b3] -> nt!IofCallDriver -> [0x85271c10]
11:38:50.200 5 acpi.sys[832996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8526bb98]
11:38:53.132 AVAST engine scan C:\Windows
11:38:57.937 AVAST engine scan C:\Windows\system32
11:43:39.065 AVAST engine scan C:\Windows\system32\drivers
11:44:00.764 AVAST engine scan C:\Users\valerie
11:53:12.084 File: C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\68ce22e9-59cafc33 **INFECTED** Win32:SmokeLoader-EG [Trj]
12:02:20.939 AVAST engine scan C:\ProgramData
12:18:45.751 Disk 0 statistics 3127898/0/0 @ 0.77 MB/s
12:18:45.751 Scan finished successfully
12:19:07.872 Disk 0 MBR has been saved successfully to "C:\Users\valerie\Desktop\MBR.dat"
12:19:07.888 The log file has been saved successfully to "C:\Users\valerie\Desktop\aswMBR.txt"
Many thanks.
AdwCleaner
Run as administrator to run the programme.
ESET Online Scan