longhorn1577
2015-01-28, 04:55
Hello,
This is my first post here.
My Windows 7 HP desktop has started freezing after Windows StartUp. This just started this morning.
I suspect I may be infected with malware or a virus.
I also am not able to use system restore points. I get an error message as follows:
"System Restore failed to extract the file (C:\Users\Ozzy\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Low\Content.IE5\BE1RLRHA\combo[1].js) from the restore point."
My registry has been backed up using Tweaking.com.
I am listing the requested logs below. ANY help would be greatly appreciated, thank you.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Ozzy (administrator) on OZZYDESK on 27-01-2015 20:28:43
Running from C:\Users\Ozzy\Desktop
Loaded Profiles: Ozzy (Available profiles: Ozzy & Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United
States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-
frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not
be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default
or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart
\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer
\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-
Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy
2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft
\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft
Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
[205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software
Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files
\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752
2012-02-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe
[5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe
[421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP
Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16]
(Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [Weather] => C:\Program
Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2010-04-29] (AWS Convergence
Technologies, Inc.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [Skype] => C:\Program
Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run:
[HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision
\HydraDM.exe [393216 2010-12-28] (AMD)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [FreeAC] => C:\Program
Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software
Group)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [cdloader] => C:\Users
\Ozzy\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [CCleaner Monitoring] =>
C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: J - J:
\autorun.exe
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: {36b53078-c32a-
11e0-9e72-d48564ba9175} - L:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: {4f257db6-fd7d-
11df-b516-d48564ba9175} - L:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:
\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:
\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File Not Found
Startup: C:\Users\Ozzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
\DesktopVideoPlayer.lnk
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\Ozzy\AppData\Local\vghd\bin
\vghd.exe (Totem Entertainment)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>
C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
=> No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or
restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <=======
ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?
type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 - (No Name) -
{f2c43291-151e-499c-98a7-923c120b88fa} - No File
URLSearchHook: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -
YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://vosteran.com/results.php?f=4&q={searchTerms}
&a=vst_coinis_15_04_ie&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0B0AzytCyByD0C0A0F0BtN0D0Tzu0StC
tCtCyEtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtAyC
tByC0FtGyC0ByC0DtG0DtC0FzytGtC0CyBtDtGtA0FyB0DyCzz0FyC0CyCzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu
2S0AtA0FtC0FyB0C0FtGyDzytDzytGyEtC0DyDtG0B0FzytBtG0C0A0BzztDtB0A0C0A0ByCzz2Q&cr=191197
6502&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {150F51E5-89FD-4029-83A9-0706137DF8BE} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-
psg&type=HPDTDF
SearchScopes: HKLM -> {1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607} URL =
http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://vosteran.com/results.php?f=4&q={searchTerms}
&a=vst_coinis_15_04_ie&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0B0AzytCyByD0C0A0F0BtN0D0Tzu0StC
tCtCyEtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtAyC
tByC0FtGyC0ByC0DtG0DtC0FzytGtC0CyBtDtGtA0FyB0DyCzz0FyC0CyCzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu
2S0AtA0FtC0FyB0C0FtGyDzytDzytGyEtC0DyDtG0B0FzytBtG0C0A0BzztDtB0A0C0A0ByCzz2Q&cr=191197
6502&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {DFFBC655-3F10-4FE2-8430-13CFE1FD498F} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {150F51E5-89FD-4029-83A9-0706137DF8BE} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-
psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607} URL =
http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
SearchScopes: HKLM-x32 -> {DFFBC655-3F10-4FE2-8430-13CFE1FD498F} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> DefaultScope
{150F51E5-89FD-4029-83A9-0706137DF8BE} URL = https://search.yahoo.com/search?fr=chr-
greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {150F51E5-89FD-
4029-83A9-0706137DF8BE} URL = https://search.yahoo.com/search?fr=chr-
greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {1A4CF5B9-A2FD-
464C-A311-FF2B6A3A9607} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {4637FF3D-F284-
4B7E-B76A-546A8EDCD4C6} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {95B7759C-8C7F-
4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={AA06337E-B64D-4A15-
AEBF-C8BC4BE075CC}&mid=842ce3f1f82347d081f305cc225e7886-
30d175317093727b846c91a38e39a944b40cf3c7&lang=&ds=&pr=&d=&v=17.1.3.3&pid=safeguard&sg=
0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {9CB96984-43C3-
4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?
type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {AFDBDDAA-5D3F-
42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {DFFBC655-3F10-
4FE2-8430-13CFE1FD498F} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program
Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:
\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-
F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program
Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:
\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:
\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-
F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:
\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program
Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File
Toolbar: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> No Name - {57434C32-
2D56-3700-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258}
http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {72376E32-8AF2-473F-BE32-E5D0F39C865D}
http://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463}
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853}
http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash
\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft
Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash
\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director
\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla
Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google
Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java
\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java
\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft
Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:
\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer
\npTVUAx.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real
\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks,
Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR
\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default\searchplugins\yahoo_ff.xml
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:
\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement
Pack\Default Manager\DMExtension [2011-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer
\BrowserRecordPlugin\Firefox\Ext [2012-05-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software
\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
[2014-12-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions
\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Ozzy\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05
-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin
\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
[361984 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-
12-22] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate
\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520
2014-07-14] (Microsoft Corporation)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
[460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer
\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not
signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
[73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14]
(PasswordBox, Inc.) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
[1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
[2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
[171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26]
(Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
[53888 2012-03-05] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST
Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST
Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
[487216 2014-09-10] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
U4 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2012-06-21] (Greatis
Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-07-04] ()
R1 {4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64; C:\Windows\System32\drivers\{4cff408a-
d9e7-47c3-a711-95133fcf7f45}Gw64.sys [48792 2015-01-19] (StdLib)
S3 bfsjjkvl; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any
associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 20:28 - 2015-01-27 20:29 - 00023893 _____ () C:\Users\Ozzy\Desktop\FRST.txt
2015-01-27 20:27 - 2015-01-27 20:28 - 00000000 ____D () C:\FRST
2015-01-27 20:25 - 2015-01-27 20:25 - 02129920 _____ (Farbar) C:\Users\Ozzy\Desktop
\FRST64.exe
2015-01-27 20:24 - 2015-01-27 20:24 - 00000207 _____ () C:\Windows\tweaking.com-
regbackup-OZZYDESK-Windows-7-Home-Premium-(64-bit).dat
2015-01-27 20:23 - 2015-01-27 20:23 - 00001796 _____ () C:\Users\Public\Desktop
\Tweaking.com - Registry Backup.lnk
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\Tweaking.com
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\RegBackup
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Tweaking.com
2015-01-27 20:21 - 2015-01-27 20:21 - 04712336 _____ () C:\Users\Ozzy\Desktop
\tweaking.com
2015-01-27 16:56 - 2015-01-27 16:56 - 00003224 ____N () C:\bootsqm.dat
2015-01-27 11:07 - 2015-01-27 11:07 - 00000358 _____ () C:\Windows\PFRO.log
2015-01-25 01:00 - 2015-01-27 19:55 - 00000835 _____ () C:\Windows\setupact.log
2015-01-25 01:00 - 2015-01-27 19:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 22:28 - 2015-01-27 04:28 - 00000328 _____ () C:\Windows\Tasks
\HPCeeScheduleForTest.job
2015-01-19 22:28 - 2015-01-19 22:28 - 00003180 _____ () C:\Windows\System32\Tasks
\HPCeeScheduleForTest
2015-01-19 16:49 - 2015-01-19 16:49 - 00000000 ____D () C:\Users\Test\AppData\Local
\Skype
2015-01-19 16:48 - 2015-01-19 22:16 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Skype
2015-01-19 15:59 - 2015-01-19 15:59 - 00063552 _____ () C:\Users\Test\AppData\Local
\GDIPFONTCACHEV1.DAT
2015-01-19 15:59 - 2015-01-19 15:59 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\GRETECH
2015-01-19 15:29 - 2015-01-19 06:41 - 00048792 _____ (StdLib) C:\Windows
\system32\Drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys
2015-01-19 15:20 - 2015-01-27 09:20 - 00000298 _____ () C:\Windows\Tasks
\Vosteran_helper.job
2015-01-19 15:20 - 2015-01-19 15:21 - 00000000 ____D () C:\Users\Test\AppData\Local
\Adobe
2015-01-19 15:20 - 2015-01-19 15:20 - 00003236 _____ () C:\Windows\System32\Tasks
\Vosteran_helper
2015-01-19 15:19 - 2015-01-19 22:17 - 00000000 ____D () C:\Program Files
(x86)\Solution Real
2015-01-19 15:16 - 2015-01-19 22:28 - 00000000 ____D () C:\Users\Test\AppData\Local
\Hewlett-Packard
2015-01-19 15:15 - 2015-01-19 15:15 - 00000000 ____D () C:\Users\Test\AppData\Local
\Logitech® Webcam Software
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieUserList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieSiteList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieBrowserModeList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\AVAST Software
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Local
\ArcSoft
2015-01-19 15:13 - 2015-01-19 15:59 - 00000000 ____D () C:\Users\Test\AppData\Local
\VirtualStore
2015-01-19 15:13 - 2015-01-19 15:17 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Hewlett-Packard
2015-01-19 15:13 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\ArcSoft
2015-01-19 15:13 - 2015-01-19 15:13 - 00001379 _____ () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 15:13 - 2015-01-19 15:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Adobe
2015-01-19 15:12 - 2015-01-19 15:13 - 00000000 ____D () C:\Users\Test
2015-01-19 15:12 - 2015-01-19 15:12 - 00000020 ___SH () C:\Users\Test\ntuser.ini
2015-01-19 15:12 - 2011-01-01 03:00 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Mozilla
2015-01-19 15:12 - 2010-09-10 17:52 - 00001974 _____ () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-01-19 15:12 - 2010-09-10 17:52 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Macromedia
2015-01-19 15:12 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 15:12 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 19:12 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:
\Windows\system32\profsvc.dll
2015-01-18 19:12 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:
\Windows\system32\Drivers\mrxdav.sys
2015-01-18 19:12 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:
\Windows\system32\ntoskrnl.exe
2015-01-18 19:12 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:
\Windows\system32\srcore.dll
2015-01-18 19:12 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:
\Windows\system32\rstrui.exe
2015-01-18 19:12 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:
\Windows\system32\srclient.dll
2015-01-18 19:12 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ntkrnlpa.exe
2015-01-18 19:12 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ntoskrnl.exe
2015-01-18 19:12 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\srclient.dll
2015-01-18 19:12 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:
\Windows\system32\TSWbPrxy.exe
2015-01-18 19:12 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:
\Windows\system32\nlasvc.dll
2015-01-18 19:12 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ncsi.dll
2015-01-18 19:12 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\nlaapi.dll
2015-01-15 19:54 - 2015-01-15 19:54 - 00000019 _____ () C:\Users\Ozzy\Documents\Magic
Jack Trouble Number.txt
2015-01-15 19:41 - 2015-01-15 19:42 - 13532192 _____ (magicJack L.P.) C:\Users\Ozzy
\Downloads\magicJackSetup.exe
2015-01-06 16:12 - 2015-01-06 16:12 - 00162329 _____ () C:\Users\Ozzy\Documents\Public
Storage Payment 01062015.xps
2015-01-02 13:39 - 2015-01-27 10:21 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\DVDVideoSoft
2015-01-02 13:39 - 2015-01-02 13:39 - 00003458 _____ () C:\Windows\System32\Tasks
\ProPCCleaner_Popup
2015-01-02 13:39 - 2015-01-02 13:39 - 00003194 _____ () C:\Windows\System32\Tasks
\ProPCCleaner_Start
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\Documents
\ProPCCleaner
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Rainmaker Software Group LLC.
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\Rainmaker_Software_Group_
2015-01-01 19:46 - 2015-01-01 19:46 - 00000000 ____D () C:\Users\Ozzy\.cache
2015-01-01 19:35 - 2015-01-01 19:35 - 00000000 ____D () C:\ProgramData\1887373585
2015-01-01 19:23 - 2015-01-27 10:25 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\YouTubeMuiscDownloader
2015-01-01 18:59 - 2015-01-01 18:59 - 00131430 _____ () C:\Users\Ozzy\Documents
\cc_20150101_185830.reg
2015-01-01 16:11 - 2015-01-01 17:06 - 00000000 ____D () C:\Windows\Jaksta
2015-01-01 16:11 - 2015-01-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Applian
Technologies
2015-01-01 16:11 - 2015-01-01 16:12 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Replay Music 7
2015-01-01 16:11 - 2015-01-01 16:11 - 00000000 ____D () C:\Users\Ozzy\Documents
\Applian
2015-01-01 16:11 - 2015-01-01 16:11 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\Jaksta_Technologies_Pty_L
2015-01-01 16:09 - 2015-01-01 16:09 - 10415384 _____ (Applian Technologies) C:\Users
\Ozzy\Downloads\RMSetup.exe
2014-12-31 22:56 - 2014-12-31 22:56 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Pazera Free Audio Extractor
2014-12-31 22:56 - 2014-12-31 22:56 - 00000000 ____D () C:\Program Files
(x86)\pazera-software
2014-12-31 22:55 - 2014-12-31 22:55 - 09357504 _____ (Jacek Pazera ) C:\Users\Ozzy
\Downloads\Pazera_Free_Audio_Extractor(1).exe
2014-12-31 22:52 - 2014-12-31 22:52 - 00231808 _____ () C:\Users\Ozzy\Downloads
\Pazera_Free_Audio_Extractor.exe
2014-12-29 21:36 - 2014-12-29 21:39 - 32353776 _____ () C:\Users\Ozzy\Downloads
\480P_600K_34462081.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 21:43 - 2014-12-13 22:01 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-27 19:31 - 2014-12-20 14:26 - 00001890 _____ () C:\Windows\diagwrn.xml
2015-01-27 19:31 - 2014-12-20 14:26 - 00001890 _____ () C:\Windows\diagerr.xml
2015-01-27 19:30 - 2011-06-30 13:31 - 00000992 _____ () C:\Users\Ozzy\Desktop
\magicJack.lnk
2015-01-27 19:30 - 2010-12-09 15:55 - 00000978 _____ () C:\Users\Ozzy\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-01-27 19:30 - 2010-12-01 20:06 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\mjusbsp
2015-01-27 19:28 - 2012-04-10 15:59 - 00000894 _____ () C:\Windows\Tasks
\GoogleUpdateTaskMachineCore.job
2015-01-27 19:28 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 18:11 - 2010-09-10 17:25 - 01181112 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 15:23 - 2014-05-24 16:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Skype
2015-01-27 15:23 - 2012-04-10 15:59 - 00000898 _____ () C:\Windows\Tasks
\GoogleUpdateTaskMachineUA.job
2015-01-27 10:23 - 2014-12-25 14:26 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\The-Player
2015-01-26 23:45 - 2012-09-10 19:51 - 00003922 _____ () C:\Windows\System32\Tasks
\User_Feed_Synchronization-{AFA38410-9344-489B-8E49-19848EA79A71}
2015-01-26 23:05 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 23:05 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:12 - 2014-08-25 01:48 - 00000404 ____H () C:\Windows\Tasks\Norton
Security Scan for Ozzy.job
2015-01-25 07:10 - 2011-10-05 15:05 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-25 07:10 - 2011-10-05 15:05 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-24 12:42 - 2011-08-27 11:43 - 00000398 _____ () C:\Windows\Tasks\EasyShare
Registration Task.job
2015-01-24 12:24 - 2011-10-05 15:05 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Yahoo!
2015-01-24 12:19 - 2014-12-13 21:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\Google
2015-01-24 02:02 - 2014-12-26 10:53 - 00003180 _____ () C:\Windows\System32\Tasks
\HPCeeScheduleForOzzy
2015-01-24 02:02 - 2014-12-26 10:53 - 00000328 _____ () C:\Windows\Tasks
\HPCeeScheduleForOzzy.job
2015-01-23 14:07 - 2010-12-01 12:15 - 00000000 ___RD () C:\Movies
2015-01-23 14:00 - 2011-04-01 12:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\CrashDumps
2015-01-22 17:12 - 2011-11-10 11:18 - 00000000 _____ () C:\Windows
\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-22 17:12 - 2010-12-02 08:18 - 00000052 _____ () C:\Windows
\SysWOW64\DOErrors.log
2015-01-21 20:51 - 2013-10-09 09:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 20:50 - 2014-10-20 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 20:48 - 2014-10-20 16:40 - 00272296 _____ (Oracle Corporation) C:\Windows
\SysWOW64\javaws.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00176552 _____ (Oracle Corporation) C:\Windows
\SysWOW64\javaw.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00176552 _____ (Oracle Corporation) C:\Windows
\SysWOW64\java.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00098216 _____ (Oracle Corporation) C:\Windows
\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 09:54 - 2014-12-22 10:21 - 00004182 _____ () C:\Windows\System32\Tasks
\avast! Emergency Update
2015-01-19 22:24 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-19 22:22 - 2013-12-03 17:09 - 00701616 _____ (Adobe Systems Incorporated) C:
\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:22 - 2013-12-03 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:
\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 16:48 - 2014-11-04 19:22 - 00002697 _____ () C:\Users\Public\Desktop
\Skype.lnk
2015-01-19 16:48 - 2014-11-04 19:22 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Skype
2015-01-19 16:48 - 2014-05-24 16:00 - 00000000 ____D () C:\ProgramData\Skype
2015-01-19 15:32 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-18 19:49 - 2010-12-06 14:46 - 00775586 _____ () C:\Windows
\SysWOW64\PerfStringBackup.INI
2015-01-18 19:48 - 2009-07-13 23:13 - 00775586 _____ () C:\Windows
\system32\PerfStringBackup.INI
2015-01-18 19:18 - 2013-07-17 18:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 19:13 - 2010-12-01 20:18 - 113365784 _____ (Microsoft Corporation) C:
\Windows\system32\MRT.exe
2015-01-16 10:32 - 2014-12-22 10:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla
Firefox
2015-01-13 13:02 - 2012-01-24 18:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\WeatherBug
2015-01-03 10:52 - 2011-05-26 14:29 - 00000000 ____D () C:\MyAudio
2015-01-02 17:34 - 2011-04-01 11:23 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\VirtuaGirl
2015-01-02 15:32 - 2011-08-31 11:38 - 00000000 ____D () C:\New MP3s
2015-01-02 13:48 - 2013-02-05 14:58 - 00000000 __SHD () C:\AI_RecycleBin
2015-01-02 13:46 - 2011-08-31 11:17 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Applian Technologies
2015-01-02 13:18 - 2011-08-31 11:18 - 00021717 _____ () C:\Users\Ozzy\AppData\Roaming
\ReplayMusicLog.log
2015-01-01 19:46 - 2010-12-01 19:42 - 00000000 ____D () C:\Users\Ozzy
2015-01-01 18:57 - 2011-07-23 13:38 - 00000000 ____D () C:\Windows\Minidump
==================== Files in the root of some directories =======
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\Users\Ozzy\AppData\Roaming
\0279
2011-06-23 11:20 - 2011-06-23 11:20 - 0000000 _____ () C:\Users\Ozzy\AppData\Roaming
\bibstats
2012-08-09 18:28 - 2012-08-09 18:29 - 0002455 _____ () C:\Users\Ozzy\AppData\Roaming
\hamster_installer_log.txt
2011-08-31 11:18 - 2015-01-02 13:18 - 0021717 _____ () C:\Users\Ozzy\AppData\Roaming
\ReplayMusicLog.log
2012-01-01 14:58 - 2012-01-01 14:59 - 0120554 _____ () C:\Users\Ozzy\AppData\Roaming
\VideoPad.dmp
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\Users\Ozzy\AppData\Local
\2232
2010-12-11 14:57 - 2011-04-19 19:48 - 0008704 _____ () C:\Users\Ozzy\AppData\Local
\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-05 18:22 - 2011-10-05 18:22 - 0000275 _____ () C:\Users\Ozzy\AppData\Local
\HamsterVideoConverterSettings.cfg
2012-06-04 20:39 - 2014-10-25 09:25 - 0007599 _____ () C:\Users\Ozzy\AppData\Local
\Resmon.ResmonCfg
2011-05-12 13:13 - 2011-07-03 15:03 - 0001940 _____ () C:\Users\Ozzy\AppData\Local
\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\2103
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\7049
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\9625
2014-01-04 07:39 - 2014-01-04 07:39 - 0000012 _____ () C:\ProgramData\finger.dat
Files to move or delete:
====================
C:\ProgramData\finger.dat
C:\Users\Ozzy\Flash Capture Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 14:28
==================== End Of Log ============================
Here is the Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Ozzy at 2015-01-27 20:30:11
Running from C:\Users\Ozzy\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-
C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide
them. The adware programs should be uninstalled manually.)
3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 -
3ivx Technologies, Pty. Ltd.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Adobe
Connect Add-in) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version:
16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:
16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001})
(Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635
- Adobe Systems, Inc.)
Alarm Clock version 1.0 (HKLM-x32\...\{003C285C-AC50-4B8C-8718-3481CBA49E2F}_is1)
(Version: 1.0 - )
AMD Catalyst Install Manager (HKLM\...\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7})
(Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:
2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.1) (Version: 2.1 - Applian
Technologies Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-
EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-
191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-
2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-
887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-
417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-
250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-
DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F})
(Version: 2.8.255.384 - ArcSoft)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple
Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12})
(Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-
0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DeskBabes version 1.0.6.01 (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...
\DeskBabes_is1) (Version: 1.0.6.01 - Totem Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27
-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
eJuice Me Up (HKLM-x32\...\{28107FBC-832A-4E18-9C9D-4E771B441F69}) (Version: 11.0.0.0
- Breaktru Software)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 -
Flip Video)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1)
(Version: 2.7 - Comfort Software Group)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version:
7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1)
(Version: 2.5.8.11 - Hamster Soft)
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1)
(Version: 2.5.2.33 - Hamster Soft)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company)
Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version:
3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 -
WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA})
(Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A})
(Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-
E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-
BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version:
3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-
16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307})
(Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000
- Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400
- Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version:
7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version:
10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version:
5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E})
(Version: 2.1.2.27173 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple
Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version:
8.0.310 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC})
(Version: - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}) (Version:
3.01.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243})
(Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7})
(Version: 1.18.15.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215})
(Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\magicJack) (Version:
4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-
Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} -
1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center)
(Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version:
14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version:
14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-
0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-
9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...
\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft
Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...
\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-
51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-
1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-
4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-
3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-
6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...
\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-
x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-
38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-
C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-
F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...
\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-
30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...
\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...
\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft
Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-
3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-
1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-
4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
(Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
(Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Pazera Free Audio Extractor 2.1 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}
_is1) (Version: 2.1 - Jacek Pazera)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version:
1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:
6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
(Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95
- Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-
958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Replay Music (HKLM-x32\...\Replay Music4.05) (Version: 4.05 - Applian Technologies
Inc.)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian
Technologies Inc.)
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Setup Support for Weatherbug 1.0 (HKLM-x32\...\Setup Support for Weatherbug) (Version:
1.0 - Sono Control Inc.)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version:
7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 -
Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1)
(Version: 2.4.40 - Safer-Networking Ltd.)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: - NCH Software)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version:
2.0.0 - Tweaking.com)
UnHackMe 5.99 release (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
VGDTB Player 2 (C:\Program Files (x86)\VGHDPlayer2\) #3 (HKLM-x32\...\ST6UNST #4)
(Version: - )
VGDTB Player 2 (C:\Program Files (x86)\VGHDPlayer2\) (HKLM-x32\...\ST6UNST #2)
(Version: - )
VGDTB Player 2 (HKLM-x32\...\ST6UNST #1) (Version: - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
VirtuaGirl version 1.2.0.60 (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...
\VirtuaGirl_is1) (Version: 1.2.0.60 - Totem Entertainment)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Hottie 2 (HKLM-x32\...\Quest3DVirtual Hottie 2) (Version: - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 -
AWS Convergence Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
(HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 -
Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 -
Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version:
14.0.8089.726 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 -
WinZip Computing, S.L. )
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WM Recorder (HKLM-x32\...\WM Recorder14.10) (Version: 14.10 - AllAlex, Inc)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any
eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 02:29:13 Scheduled Checkpoint
18-01-2015 19:12:55 Windows Update
18-01-2015 19:44:08 Windows Update
27-01-2015 02:44:15 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-01-27 10:31 - 00450771 ____R C:\Windows\system32\Drivers\etc
\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any
associated file could be listed separately to be moved.)
Task: {00D8A614-CEFF-461E-A454-51C24E2C1F79} - System32\Tasks\{4EEB95D5-29D6-4297-
BBEB-36386CECD5D6} => C:\VGHD Player\VGHD-Player4.exe
Task: {0840DBC3-E8A1-4577-A216-4B69EF229A9B} - System32\Tasks\{2A011254-2C0C-45FD-
A874-34FF6B0604C9} => C:\VGHD Player\VGHD-Player4.exe
Task: {098E9B76-0C88-4C15-B1C9-E72B2AB4301B} - System32\Tasks\RealUpgradeLogonTaskS-1
-5-21-2635634824-2115636220-2321885851-1000 => C:\Program Files (x86)\Real
\RealUpgrade\RealUpgrade.exe
Task: {09D59755-2C3B-444A-86DA-885C0DB2B914} - System32\Tasks\HPCeeScheduleForTest =>
C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-
Packard)
Task: {0ACC68D2-BC16-4762-85A8-8F084BB6A783} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework
\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {14C864D1-1412-464D-B085-EAA7A72C9B97} - System32\Tasks
\RealUpgradeScheduledTaskS-1-5-21-2635634824-2115636220-2321885851-1000 => C:\Program
Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1679B50D-04A8-4659-9FA8-83FC662F7D69} - System32\Tasks\{B5AA2803-C07A-4732-
853E-52A0A7386E80} => pcalua.exe -a "C:\Users\Ozzy\AppData\Local\Microsoft\Windows
\Temporary Internet Files\Content.IE5\5A4H75TR\startupcontrol[1].exe" -d C:\Users
\Ozzy\Desktop
Task: {193EFB73-40E1-43D4-955A-242AE53DE17F} - System32\Tasks
\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1B18371E-4034-47FB-9AA2-E4291843BDC2} - System32\Tasks\CCleanerSkipUAC => C:
\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {1B8AE441-47BA-4969-A4DC-05BEF0370522} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1F1123C6-47D4-48F9-A32E-20A34E1646EC} - System32\Tasks
\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1FD0EF04-9EC1-47CA-9B93-B4B9D6530AE7} - System32\Tasks\{3C39406F-9F93-46C6-
9033-25413C96D6AF} => E:/install.exe
Task: {2118D430-4217-4C36-ADFB-0B63468A9946} - System32\Tasks\{95C27B80-AE8F-4EEF-
A88E-FF6D002D39B0} => pcalua.exe -a C:\Users\Ozzy\Downloads\heart-buddy-msn.exe -d C:
\Users\Ozzy\Downloads
Task: {242849D0-AB37-49B1-8F5F-8F5BDA036312} - System32\Tasks\{1407654A-D7CE-47DD-
A6DB-E5A215E1710C} => C:\VGDesk BabesPlayer\VGDTB-Player4.exe
Task: {2C8210E4-9A79-42C6-B004-9A677B7B7E33} - System32\Tasks\{D9ED03D8-FECA-45FC-
B1CE-79130A6AC8F7} => C:\Program Files (x86)\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {2E649097-5ABC-4DD4-99F5-035CC1781B35} - System32\Tasks\{EC0C3767-4F54-41C1-
9868-825B77A30FFE} => C:\Program Files (x86)\Virtual Woman Millennium Beta
.93\vrwoman.exe
Task: {330C279A-41C3-4D19-8B4E-356B27F5509E} - System32\Tasks\{8E6CEB4D-1E80-4494-
B9F7-B88BF33E8814} => E:/install.exe
Task: {3E270791-5A2A-4808-B70D-3AEA821EC434} - System32\Tasks\Norton Security Scan for
Ozzy => C:\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
Task: {4B036544-8640-4356-ADFD-F3C86BEB6436} - System32\Tasks\UnHackMe Task Scheduler
=> C:\Program Files (x86)\UnHackMe\hackmon.exe [2012-05-04] (Greatis Software)
Task: {4E7F3496-22CA-4146-964F-6FFFB4B1F610} - System32\Tasks\{DB0AB1F0-46CF-45B5-
925B-83D1D1F06A8D} => pcalua.exe -a C:\Users\Ozzy\AppData\Local\Temp\Temp1_VGDTB-
Player2604.zip\setup.exe
Task: {553EBACE-0AEB-47A0-8524-3FD9A16289A8} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health
check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-
Packard)
Task: {5849CFE3-5535-4E60-B217-D8FDC2AF05CB} - System32\Tasks\{1D143045-023B-461C-
A214-29077CF476FF} => C:\Users\Ozzy\AppData\Local\The-Player\The-Player.exe
Task: {5E3F6FE0-CBC2-48BA-9E00-79A794748CF5} - System32\Tasks\Vosteran_helper => C:
\Users\Test\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
Task: {646FED24-FEBD-4FEE-A44B-CECDCD8BA513} - System32\Tasks\{4E7A183B-6CE1-468B-
9A0C-25C9EB453E50} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {6590E4C4-25DC-49E5-86BF-205AE92B8360} - System32\Tasks
\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {666870A4-DEC2-422A-947F-240FDFFFEB31} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search
& Destroy 2\SDImmunize.exe
Task: {68586A68-A966-46E1-8A10-BAC0FDE6B817} - System32\Tasks
\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6C418D17-8554-424C-AC57-38E175AAA3EB} - System32\Tasks
\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse
and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {75248C28-4FCA-4E01-B23B-9E27FF46D5F8} - System32\Tasks\HPCeeScheduleForOzzy =>
C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-
Packard)
Task: {787A6BAF-57D7-4D9A-AC88-35A241FDF389} - System32\Tasks\{FABAD157-B045-40FD-
AE2F-FB4EA31A1C9D} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {7DD72B58-A40B-4FC5-8937-934F16B3DEE0} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-
Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10
-21] (Hewlett-Packard)
Task: {7F08F20E-15C7-4641-8107-20D505B4A560} - System32\Tasks\{AF2D766A-F0A8-4F7C-
A2F7-06D762E8F476} => pcalua.exe -a "C:\Program Files (x86)\UnHackMe\unins000.exe"
Task: {81DDA6A9-F89B-4E45-9F4E-8FC0312C17D1} - System32\Tasks\{FE1E1694-8D5B-40E6-
8E06-D54F2B84C4FD} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {87181F8A-9AFE-41EF-94BE-A674DB7A652C} - System32\Tasks
\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8E580227-4E7D-4028-A9F6-9829212D9018} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDUpdate.exe
Task: {A1017DA8-F859-464A-923F-B17C4241C829} - System32\Tasks\{7A119311-69D1-4853-
87F1-52F043F3AD85} => C:\Users\Ozzy\AppData\Local\vghd\bin\vghd.exe [2015-01-02]
(Totem Entertainment)
Task: {A32C224D-1479-46EA-85C6-2D1095835A97} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-
Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A656058B-E663-4A6C-BAA6-EEDE4048319E} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDScan.exe
Task: {AA5B95E4-0FB7-4868-85FB-CAE548CE41C7} - System32\Tasks\RecoveryCDWin7 => C:
\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AD63E683-3D47-490C-BA8C-E8AB42B56569} - System32\Tasks\ProPCCleaner_Start =>
C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {B0DF4915-0C3F-4DC7-AD6E-1703F4D9A51E} - System32\Tasks\{C185C1D4-A0BB-416E-
9BD0-A8FA4BB234E9} => C:\VGHD Player\VGHD-Player4.exe
Task: {B1863BD8-EEEB-4261-9692-9DA34921DD19} - System32\Tasks\{CF3B0B5F-D3B1-4C4A-
9B0E-3B2EC5848F5F} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {B5689C12-BCB2-4A6D-BD9B-944A62FF38CF} - System32\Tasks\{AFB21AF8-FA00-4EEF-
8D0E-D275B81683CB} => C:\Program Files (x86)\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {BEB06C16-3F46-4D87-A059-670BC4067B8F} - System32\Tasks\EasyShare Registration
Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\
$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {C23DE7B8-F906-46BC-881C-B491C857AD8D} - System32\Tasks\ProPCCleaner_Popup =>
C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {C5366998-B3E6-4742-A834-6A9D8B98C7C2} - System32\Tasks\{E7556B8A-3488-4906-
9555-389B549675CD} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {C89012F0-A764-40FC-BA1D-8F0C23A9664A} - System32\Tasks\{93C7F3B4-D4F0-46A7-
80EB-0BFE624A08B2} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {CE63E011-4D2A-475B-B6FC-76E160AC5A75} - System32\Tasks
\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D5A9842E-061D-4B47-947F-45E683778609} - System32\Tasks\Apple
\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update
\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7FFD9B3-0DF0-4910-8BE3-9050529AEAF5} - System32\Tasks\{9D0512B2-1CC0-4E15-
9A16-842009DA0C1C} => C:\VGHD Player\VGHD-Player2.exe
Task: {E8BB7B75-9C48-4C2D-BECE-D0B63EA26C4E} - System32\Tasks\{4F08FB90-A77C-4EA6-
8BD1-1A143BE7F26D} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {E918DBD7-CA2A-4C95-A236-11CE75F7DE4E} - System32\Tasks\{DB8C1057-1D34-4BDB-
9BF1-32984E60B449} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {EAB03437-6BE1-4972-AB6E-A804D2CA9B4A} - System32\Tasks\{8BE6D72F-5DA3-4636-
9489-82B923C6271F} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {EB95C39B-D607-4741-873D-F54D62535C6F} - System32\Tasks\{D789D40F-1139-40BC-
8CCE-6D0375322FED} => pcalua.exe -a C:\Users\Ozzy\Downloads\dtunerzip
\DisplayTuner_v17.exe -d C:\Users\Ozzy\Downloads\dtunerzip
Task: {EFB4BD6E-ADDB-487E-882E-4CA9D7BCFCA3} - System32\Tasks\{DB5C521D-11BA-439A-
8D20-F6AD66F53E7C} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {F25AD1DB-A242-42D1-9951-87606D623CE9} - System32\Tasks\{BD10DCFA-6B8B-4990-
863E-66D49D8A6CC4} => C:\VGHD Player\VGHD-Player4.exe
Task: {F41E06F1-A8F0-4BED-A7E0-4E66E6D382C7} - System32\Tasks\Adobe Acrobat Update
Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19]
(Adobe Systems Incorporated)
Task: {F4CB75AC-2BFC-4F4F-850F-7AC3425C5DC8} - System32\Tasks\{585BDAF2-23EB-4851-
B942-3D3CE68DE606} => C:\VGHD Player\VGHD-Player2.exe
Task: {FA4497E4-9381-459E-9B3A-0748005631E3} - System32\Tasks\avast! Emergency Update
=> C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST
Software)
Task: {FA6DD721-4CA8-4484-8FA7-135B07933629} - System32\Tasks\{10EF5062-FADE-4238-
95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files
(x86)\Kodak\KODAK Share Button App\Listener.exe [2011-03-07] (Eastman Kodak Company)
Task: {FC1AF7C2-1E66-44AF-97B5-6FB80A7FC9DB} - System32\Tasks\{8C77953E-17C3-4BB4-
B5A6-55013BC4752A} => pcalua.exe -a "L:\Virtual Hotties\virtualhottie204.exe" -d "L:
\Virtual Hotties"
Task: {FC810110-1894-4C0D-A014-47800E9D4EF8} - System32\Tasks\{709F19A3-16E3-4DDF-
A817-3DB3544CB4B3} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {FF977FA8-94AF-4902-8385-979F03F19CD1} - System32\Tasks
\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\EasyShare Registration Task.job =>
=Ź93UF¨»¶żťLhF\<
sŔ €!ß*!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\
$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16Ozzy0Ű*
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google
\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOzzy.job => C:\Program Files (x86)\Hewlett-
Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTest.job => C:\Program Files (x86)\Hewlett-
Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Ozzy.job => C:
\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_DC475FE0-87B8-11E4-A95A-D48564BA9175.job => C:
\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage
Protector\ReiGuard.exe <==== ATTENTION
Task: C:\Windows\Tasks\Vosteran_helper.job => C:\Users\Test\AppData\Local\Vosteran
\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinZip System Utilities Suite.job => C:\Program Files
(x86)\WinZip System Utilities Suite\WINZIPSS.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be
removed.)
AlternateDataStreams: C:\ProgramData\Temp:1341FF76
AlternateDataStreams: C:\ProgramData\Temp:364682BC
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The
"AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default
entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare
software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security
Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish
PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast
\AvastUI.exe" /nogui
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe"
-bootmode
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton
Online Backup\NOBuClient.exe
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Ozzy\AppData\Roaming\ShopAtHome
\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Ozzy\AppData\Roaming\ShopAtHome
\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Wisdom-soft ScreenHunter 5.1 Free => 0
========================= Accounts: ==========================
Administrator (S-1-5-21-2635634824-2115636220-2321885851-500 - Administrator -
Disabled)
Guest (S-1-5-21-2635634824-2115636220-2321885851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2635634824-2115636220-2321885851-1021 - Limited - Enabled)
Ozzy (S-1-5-21-2635634824-2115636220-2321885851-1000 - Administrator - Enabled) => C:
\Users\Ozzy
Test (S-1-5-21-2635634824-2115636220-2321885851-1023 - Administrator - Enabled) => C:
\Users\Test
==================== Faulty Device Manager Devices =============
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for
this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the
troubleshooting wizard.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 07:56:50 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/27/2015 06:28:05 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/27/2015 03:56:27 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/26/2015 03:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 9598
Start Time: 01d039b254ef523d
Termination Time: 86
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/25/2015 01:01:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 7ffc
Start Time: 01d0384c3f11c1ce
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/20/2015 02:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time
stamp: 0x546fddcc
Faulting module name: jvm.dll, version: 24.71.0.1, time stamp: 0x542613ca
Exception code: 0xc0000005
Fault offset: 0x00084e4a
Faulting process id: 0x16dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (01/19/2015 01:39:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 1a9c
Start Time: 01d0341f923cd8a9
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/19/2015 01:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 4218
Start Time: 01d0341e0e6fed83
Termination Time: 174
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/08/2015 05:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp:
0x5202c98c
Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Exception code: 0xc0000005
Fault offset: 0x0002b78a
Faulting process id: 0x2090
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3
Error: (01/05/2015 09:42:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time
stamp: 0x546fddcc
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp:
0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005f6c6
Faulting process id: 0x9a00
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
System errors:
=============
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:18 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (01/27/2015 07:56:50 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/27/2015 06:28:05 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/27/2015 03:56:27 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/26/2015 03:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496959801d039b254ef523d86C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/25/2015 01:01:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174967ffc01d0384c3f11c1ce0C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/20/2015 02:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
IEXPLORE.EXE11.0.9600.17496546fddccjvm.dll24.71.0.1542613cac000000500084e4a16dc01d034c
a55d6b0dbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\PROGRA~2\Java
\jre7\bin\client\jvm.dlle8efcdd9-a0e0-11e4-9ad7-d48564ba9175
Error: (01/19/2015 01:39:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961a9c01d0341f923cd8a90C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/19/2015 01:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496421801d0341e0e6fed83174C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/08/2015 05:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78a209001d02b9c504e82
e1C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program
Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe924162a0-978f-11e4-
878a-d48564ba9175
Error: (01/05/2015 09:42:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
IEXPLORE.EXE11.0.9600.17496546fddccSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005
f6c69a0001d02951c4111f58C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:
\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllf9874864-9555-
11e4-8fd3-d48564ba9175
CodeIntegrity Errors:
===================================
Date: 2012-10-20 00:50:07.450
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.347
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.247
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.149
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.051
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.952
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.854
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.757
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.661
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.561
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 255 Processor
Percentage of memory in use: 24%
Total physical RAM: 4863.29 MB
Available physical RAM: 3666 MB
Total Pagefile: 9724.75 MB
Available Pagefile: 8563.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:216.23 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.44 GB) NTFS ==>[System with
boot components (obtained from reading drive)]
Drive l: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 21048339)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Could not read MBR for disk 5.
==================== End Of Log ============================
And...Here is the aswMBR log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-27 20:50:25
-----------------------------
20:50:25.380 OS Version: Windows x64 6.1.7601 Service Pack 1
20:50:25.380 Number of processors: 2 586 0x603
20:50:25.380 ComputerName: OZZYDESK UserName: Ozzy
20:50:29.374 Initialize success
20:51:07.094 AVAST engine defs: 15012701
20:51:21.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
20:51:21.883 Disk 0 Vendor: Hitachi_ JPGO Size: 610480MB BusType: 11
20:51:22.055 Disk 0 MBR read successfully
20:51:22.055 Disk 0 MBR scan
20:51:22.055 Disk 0 unknown MBR code
20:51:22.055 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:51:22.070 Disk 0 default boot code
20:51:22.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598022 MB offset 206848
20:51:22.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12356 MB offset 1224955904
20:51:22.242 Disk 0 scanning C:\Windows\system32\drivers
20:51:33.256 Service scanning
20:51:55.611 Modules scanning
20:51:55.611 Disk 0 trace - called modules:
20:51:55.657 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:51:55.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800514a060]
20:51:55.657 3 CLASSPNP.SYS[fffff8800197843f] -> nt!IofCallDriver -> [0xfffffa8004e19800]
20:51:55.673 5 amd_xata.sys[fffff88001162d00] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004e15060]
20:51:57.358 AVAST engine scan C:\Windows
20:52:01.273 AVAST engine scan C:\Windows\system32
20:55:05.572 AVAST engine scan C:\Windows\system32\drivers
20:55:18.426 AVAST engine scan C:\Users\Ozzy
21:08:49.456 AVAST engine scan C:\ProgramData
21:12:54.174 Disk 0 statistics 4184394/0/0 @ 1.83 MB/s
21:12:54.190 Scan finished successfully
21:14:13.188 Disk 0 MBR has been saved successfully to "C:\FRST\Logs\MBR.dat"
21:14:13.204 The log file has been saved successfully to "C:\FRST\Logs\aswMBR.txt"
Once again, thank you for your assistance.
- - Mark
This is my first post here.
My Windows 7 HP desktop has started freezing after Windows StartUp. This just started this morning.
I suspect I may be infected with malware or a virus.
I also am not able to use system restore points. I get an error message as follows:
"System Restore failed to extract the file (C:\Users\Ozzy\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Low\Content.IE5\BE1RLRHA\combo[1].js) from the restore point."
My registry has been backed up using Tweaking.com.
I am listing the requested logs below. ANY help would be greatly appreciated, thank you.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Ozzy (administrator) on OZZYDESK on 27-01-2015 20:28:43
Running from C:\Users\Ozzy\Desktop
Loaded Profiles: Ozzy (Available profiles: Ozzy & Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United
States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-
frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not
be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default
or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart
\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer
\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-
Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy
2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft
\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft
Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
[205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software
Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files
\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752
2012-02-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe
[5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe
[421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP
Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16]
(Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [Weather] => C:\Program
Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2010-04-29] (AWS Convergence
Technologies, Inc.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [Skype] => C:\Program
Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run:
[HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision
\HydraDM.exe [393216 2010-12-28] (AMD)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [FreeAC] => C:\Program
Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software
Group)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [cdloader] => C:\Users
\Ozzy\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Run: [CCleaner Monitoring] =>
C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: J - J:
\autorun.exe
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: {36b53078-c32a-
11e0-9e72-d48564ba9175} - L:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\MountPoints2: {4f257db6-fd7d-
11df-b516-d48564ba9175} - L:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:
\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:
\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File Not Found
Startup: C:\Users\Ozzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
\DesktopVideoPlayer.lnk
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\Ozzy\AppData\Local\vghd\bin
\vghd.exe (Totem Entertainment)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>
C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
=> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
=> No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or
restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <=======
ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?
type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet
Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 - (No Name) -
{f2c43291-151e-499c-98a7-923c120b88fa} - No File
URLSearchHook: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -
YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://vosteran.com/results.php?f=4&q={searchTerms}
&a=vst_coinis_15_04_ie&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0B0AzytCyByD0C0A0F0BtN0D0Tzu0StC
tCtCyEtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtAyC
tByC0FtGyC0ByC0DtG0DtC0FzytGtC0CyBtDtGtA0FyB0DyCzz0FyC0CyCzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu
2S0AtA0FtC0FyB0C0FtGyDzytDzytGyEtC0DyDtG0B0FzytBtG0C0A0BzztDtB0A0C0A0ByCzz2Q&cr=191197
6502&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {150F51E5-89FD-4029-83A9-0706137DF8BE} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-
psg&type=HPDTDF
SearchScopes: HKLM -> {1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607} URL =
http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://vosteran.com/results.php?f=4&q={searchTerms}
&a=vst_coinis_15_04_ie&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0B0AzytCyByD0C0A0F0BtN0D0Tzu0StC
tCtCyEtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0F0EtAyC
tByC0FtGyC0ByC0DtG0DtC0FzytGtC0CyBtDtGtA0FyB0DyCzz0FyC0CyCzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu
2S0AtA0FtC0FyB0C0FtGyDzytDzytGyEtC0DyDtG0B0FzytBtG0C0A0BzztDtB0A0C0A0ByCzz2Q&cr=191197
6502&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {DFFBC655-3F10-4FE2-8430-13CFE1FD498F} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {150F51E5-89FD-4029-83A9-0706137DF8BE} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-
psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607} URL =
http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {4637FF3D-F284-4B7E-B76A-546A8EDCD4C6} URL =
http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p=
{searchTerms}
SearchScopes: HKLM-x32 -> {DFFBC655-3F10-4FE2-8430-13CFE1FD498F} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> DefaultScope
{150F51E5-89FD-4029-83A9-0706137DF8BE} URL = https://search.yahoo.com/search?fr=chr-
greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {150F51E5-89FD-
4029-83A9-0706137DF8BE} URL = https://search.yahoo.com/search?fr=chr-
greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {1A4CF5B9-A2FD-
464C-A311-FF2B6A3A9607} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {4637FF3D-F284-
4B7E-B76A-546A8EDCD4C6} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {95B7759C-8C7F-
4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={AA06337E-B64D-4A15-
AEBF-C8BC4BE075CC}&mid=842ce3f1f82347d081f305cc225e7886-
30d175317093727b846c91a38e39a944b40cf3c7&lang=&ds=&pr=&d=&v=17.1.3.3&pid=safeguard&sg=
0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {9CB96984-43C3-
4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?
type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {AFDBDDAA-5D3F-
42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> {DFFBC655-3F10-
4FE2-8430-13CFE1FD498F} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program
Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:
\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-
F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program
Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:
\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:
\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-
F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:
\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program
Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:
\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File
Toolbar: HKU\S-1-5-21-2635634824-2115636220-2321885851-1000 -> No Name - {57434C32-
2D56-3700-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258}
http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {72376E32-8AF2-473F-BE32-E5D0F39C865D}
http://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463}
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853}
http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash
\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft
Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash
\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director
\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla
Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google
Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java
\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java
\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft
Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:
\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer
\npTVUAx.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real
\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks,
Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR
\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Ozzy\AppData\Roaming\Mozilla\Firefox\Profiles
\ixs177f7.default\searchplugins\yahoo_ff.xml
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:
\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement
Pack\Default Manager\DMExtension [2011-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer
\BrowserRecordPlugin\Firefox\Ext [2012-05-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software
\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
[2014-12-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions
\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Ozzy\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:
\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05
-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin
\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
[361984 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-
12-22] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate
\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520
2014-07-14] (Microsoft Corporation)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
[460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer
\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not
signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
[73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14]
(PasswordBox, Inc.) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
[1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
[2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
[171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26]
(Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
[53888 2012-03-05] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST
Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST
Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
[487216 2014-09-10] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
U4 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2012-06-21] (Greatis
Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-07-04] ()
R1 {4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64; C:\Windows\System32\drivers\{4cff408a-
d9e7-47c3-a711-95133fcf7f45}Gw64.sys [48792 2015-01-19] (StdLib)
S3 bfsjjkvl; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any
associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 20:28 - 2015-01-27 20:29 - 00023893 _____ () C:\Users\Ozzy\Desktop\FRST.txt
2015-01-27 20:27 - 2015-01-27 20:28 - 00000000 ____D () C:\FRST
2015-01-27 20:25 - 2015-01-27 20:25 - 02129920 _____ (Farbar) C:\Users\Ozzy\Desktop
\FRST64.exe
2015-01-27 20:24 - 2015-01-27 20:24 - 00000207 _____ () C:\Windows\tweaking.com-
regbackup-OZZYDESK-Windows-7-Home-Premium-(64-bit).dat
2015-01-27 20:23 - 2015-01-27 20:23 - 00001796 _____ () C:\Users\Public\Desktop
\Tweaking.com - Registry Backup.lnk
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\Tweaking.com
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\RegBackup
2015-01-27 20:23 - 2015-01-27 20:23 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Tweaking.com
2015-01-27 20:21 - 2015-01-27 20:21 - 04712336 _____ () C:\Users\Ozzy\Desktop
\tweaking.com
2015-01-27 16:56 - 2015-01-27 16:56 - 00003224 ____N () C:\bootsqm.dat
2015-01-27 11:07 - 2015-01-27 11:07 - 00000358 _____ () C:\Windows\PFRO.log
2015-01-25 01:00 - 2015-01-27 19:55 - 00000835 _____ () C:\Windows\setupact.log
2015-01-25 01:00 - 2015-01-27 19:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 22:28 - 2015-01-27 04:28 - 00000328 _____ () C:\Windows\Tasks
\HPCeeScheduleForTest.job
2015-01-19 22:28 - 2015-01-19 22:28 - 00003180 _____ () C:\Windows\System32\Tasks
\HPCeeScheduleForTest
2015-01-19 16:49 - 2015-01-19 16:49 - 00000000 ____D () C:\Users\Test\AppData\Local
\Skype
2015-01-19 16:48 - 2015-01-19 22:16 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Skype
2015-01-19 15:59 - 2015-01-19 15:59 - 00063552 _____ () C:\Users\Test\AppData\Local
\GDIPFONTCACHEV1.DAT
2015-01-19 15:59 - 2015-01-19 15:59 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\GRETECH
2015-01-19 15:29 - 2015-01-19 06:41 - 00048792 _____ (StdLib) C:\Windows
\system32\Drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys
2015-01-19 15:20 - 2015-01-27 09:20 - 00000298 _____ () C:\Windows\Tasks
\Vosteran_helper.job
2015-01-19 15:20 - 2015-01-19 15:21 - 00000000 ____D () C:\Users\Test\AppData\Local
\Adobe
2015-01-19 15:20 - 2015-01-19 15:20 - 00003236 _____ () C:\Windows\System32\Tasks
\Vosteran_helper
2015-01-19 15:19 - 2015-01-19 22:17 - 00000000 ____D () C:\Program Files
(x86)\Solution Real
2015-01-19 15:16 - 2015-01-19 22:28 - 00000000 ____D () C:\Users\Test\AppData\Local
\Hewlett-Packard
2015-01-19 15:15 - 2015-01-19 15:15 - 00000000 ____D () C:\Users\Test\AppData\Local
\Logitech® Webcam Software
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieUserList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieSiteList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 __SHD () C:\Users\Test\AppData\Local
\EmieBrowserModeList
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\AVAST Software
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Local
\ArcSoft
2015-01-19 15:13 - 2015-01-19 15:59 - 00000000 ____D () C:\Users\Test\AppData\Local
\VirtualStore
2015-01-19 15:13 - 2015-01-19 15:17 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Hewlett-Packard
2015-01-19 15:13 - 2015-01-19 15:14 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\ArcSoft
2015-01-19 15:13 - 2015-01-19 15:13 - 00001379 _____ () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 15:13 - 2015-01-19 15:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Adobe
2015-01-19 15:12 - 2015-01-19 15:13 - 00000000 ____D () C:\Users\Test
2015-01-19 15:12 - 2015-01-19 15:12 - 00000020 ___SH () C:\Users\Test\ntuser.ini
2015-01-19 15:12 - 2011-01-01 03:00 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Mozilla
2015-01-19 15:12 - 2010-09-10 17:52 - 00001974 _____ () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-01-19 15:12 - 2010-09-10 17:52 - 00000000 ____D () C:\Users\Test\AppData\Roaming
\Macromedia
2015-01-19 15:12 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-19 15:12 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Test\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-18 19:12 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:
\Windows\system32\profsvc.dll
2015-01-18 19:12 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:
\Windows\system32\Drivers\mrxdav.sys
2015-01-18 19:12 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:
\Windows\system32\ntoskrnl.exe
2015-01-18 19:12 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:
\Windows\system32\srcore.dll
2015-01-18 19:12 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:
\Windows\system32\rstrui.exe
2015-01-18 19:12 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:
\Windows\system32\srclient.dll
2015-01-18 19:12 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ntkrnlpa.exe
2015-01-18 19:12 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ntoskrnl.exe
2015-01-18 19:12 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\srclient.dll
2015-01-18 19:12 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:
\Windows\system32\TSWbPrxy.exe
2015-01-18 19:12 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:
\Windows\system32\nlasvc.dll
2015-01-18 19:12 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\ncsi.dll
2015-01-18 19:12 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:
\Windows\SysWOW64\nlaapi.dll
2015-01-15 19:54 - 2015-01-15 19:54 - 00000019 _____ () C:\Users\Ozzy\Documents\Magic
Jack Trouble Number.txt
2015-01-15 19:41 - 2015-01-15 19:42 - 13532192 _____ (magicJack L.P.) C:\Users\Ozzy
\Downloads\magicJackSetup.exe
2015-01-06 16:12 - 2015-01-06 16:12 - 00162329 _____ () C:\Users\Ozzy\Documents\Public
Storage Payment 01062015.xps
2015-01-02 13:39 - 2015-01-27 10:21 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\DVDVideoSoft
2015-01-02 13:39 - 2015-01-02 13:39 - 00003458 _____ () C:\Windows\System32\Tasks
\ProPCCleaner_Popup
2015-01-02 13:39 - 2015-01-02 13:39 - 00003194 _____ () C:\Windows\System32\Tasks
\ProPCCleaner_Start
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\Documents
\ProPCCleaner
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Rainmaker Software Group LLC.
2015-01-02 13:39 - 2015-01-02 13:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\Rainmaker_Software_Group_
2015-01-01 19:46 - 2015-01-01 19:46 - 00000000 ____D () C:\Users\Ozzy\.cache
2015-01-01 19:35 - 2015-01-01 19:35 - 00000000 ____D () C:\ProgramData\1887373585
2015-01-01 19:23 - 2015-01-27 10:25 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\YouTubeMuiscDownloader
2015-01-01 18:59 - 2015-01-01 18:59 - 00131430 _____ () C:\Users\Ozzy\Documents
\cc_20150101_185830.reg
2015-01-01 16:11 - 2015-01-01 17:06 - 00000000 ____D () C:\Windows\Jaksta
2015-01-01 16:11 - 2015-01-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Applian
Technologies
2015-01-01 16:11 - 2015-01-01 16:12 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Replay Music 7
2015-01-01 16:11 - 2015-01-01 16:11 - 00000000 ____D () C:\Users\Ozzy\Documents
\Applian
2015-01-01 16:11 - 2015-01-01 16:11 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\Jaksta_Technologies_Pty_L
2015-01-01 16:09 - 2015-01-01 16:09 - 10415384 _____ (Applian Technologies) C:\Users
\Ozzy\Downloads\RMSetup.exe
2014-12-31 22:56 - 2014-12-31 22:56 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Pazera Free Audio Extractor
2014-12-31 22:56 - 2014-12-31 22:56 - 00000000 ____D () C:\Program Files
(x86)\pazera-software
2014-12-31 22:55 - 2014-12-31 22:55 - 09357504 _____ (Jacek Pazera ) C:\Users\Ozzy
\Downloads\Pazera_Free_Audio_Extractor(1).exe
2014-12-31 22:52 - 2014-12-31 22:52 - 00231808 _____ () C:\Users\Ozzy\Downloads
\Pazera_Free_Audio_Extractor.exe
2014-12-29 21:36 - 2014-12-29 21:39 - 32353776 _____ () C:\Users\Ozzy\Downloads
\480P_600K_34462081.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 21:43 - 2014-12-13 22:01 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-27 19:31 - 2014-12-20 14:26 - 00001890 _____ () C:\Windows\diagwrn.xml
2015-01-27 19:31 - 2014-12-20 14:26 - 00001890 _____ () C:\Windows\diagerr.xml
2015-01-27 19:30 - 2011-06-30 13:31 - 00000992 _____ () C:\Users\Ozzy\Desktop
\magicJack.lnk
2015-01-27 19:30 - 2010-12-09 15:55 - 00000978 _____ () C:\Users\Ozzy\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-01-27 19:30 - 2010-12-01 20:06 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\mjusbsp
2015-01-27 19:28 - 2012-04-10 15:59 - 00000894 _____ () C:\Windows\Tasks
\GoogleUpdateTaskMachineCore.job
2015-01-27 19:28 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 18:11 - 2010-09-10 17:25 - 01181112 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 15:23 - 2014-05-24 16:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Skype
2015-01-27 15:23 - 2012-04-10 15:59 - 00000898 _____ () C:\Windows\Tasks
\GoogleUpdateTaskMachineUA.job
2015-01-27 10:23 - 2014-12-25 14:26 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\The-Player
2015-01-26 23:45 - 2012-09-10 19:51 - 00003922 _____ () C:\Windows\System32\Tasks
\User_Feed_Synchronization-{AFA38410-9344-489B-8E49-19848EA79A71}
2015-01-26 23:05 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 23:05 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-
376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:12 - 2014-08-25 01:48 - 00000404 ____H () C:\Windows\Tasks\Norton
Security Scan for Ozzy.job
2015-01-25 07:10 - 2011-10-05 15:05 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-25 07:10 - 2011-10-05 15:05 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-24 12:42 - 2011-08-27 11:43 - 00000398 _____ () C:\Windows\Tasks\EasyShare
Registration Task.job
2015-01-24 12:24 - 2011-10-05 15:05 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Yahoo!
2015-01-24 12:19 - 2014-12-13 21:39 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
2015-01-24 02:02 - 2014-12-26 10:53 - 00003180 _____ () C:\Windows\System32\Tasks
\HPCeeScheduleForOzzy
2015-01-24 02:02 - 2014-12-26 10:53 - 00000328 _____ () C:\Windows\Tasks
\HPCeeScheduleForOzzy.job
2015-01-23 14:07 - 2010-12-01 12:15 - 00000000 ___RD () C:\Movies
2015-01-23 14:00 - 2011-04-01 12:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\CrashDumps
2015-01-22 17:12 - 2011-11-10 11:18 - 00000000 _____ () C:\Windows
\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-22 17:12 - 2010-12-02 08:18 - 00000052 _____ () C:\Windows
\SysWOW64\DOErrors.log
2015-01-21 20:51 - 2013-10-09 09:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 20:50 - 2014-10-20 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 20:48 - 2014-10-20 16:40 - 00272296 _____ (Oracle Corporation) C:\Windows
\SysWOW64\javaws.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00176552 _____ (Oracle Corporation) C:\Windows
\SysWOW64\javaw.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00176552 _____ (Oracle Corporation) C:\Windows
\SysWOW64\java.exe
2015-01-21 20:48 - 2014-10-20 16:40 - 00098216 _____ (Oracle Corporation) C:\Windows
\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 09:54 - 2014-12-22 10:21 - 00004182 _____ () C:\Windows\System32\Tasks
\avast! Emergency Update
2015-01-19 22:24 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-19 22:22 - 2013-12-03 17:09 - 00701616 _____ (Adobe Systems Incorporated) C:
\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:22 - 2013-12-03 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:
\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 16:48 - 2014-11-04 19:22 - 00002697 _____ () C:\Users\Public\Desktop
\Skype.lnk
2015-01-19 16:48 - 2014-11-04 19:22 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Skype
2015-01-19 16:48 - 2014-05-24 16:00 - 00000000 ____D () C:\ProgramData\Skype
2015-01-19 15:32 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-18 19:49 - 2010-12-06 14:46 - 00775586 _____ () C:\Windows
\SysWOW64\PerfStringBackup.INI
2015-01-18 19:48 - 2009-07-13 23:13 - 00775586 _____ () C:\Windows
\system32\PerfStringBackup.INI
2015-01-18 19:18 - 2013-07-17 18:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 19:13 - 2010-12-01 20:18 - 113365784 _____ (Microsoft Corporation) C:
\Windows\system32\MRT.exe
2015-01-16 10:32 - 2014-12-22 10:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla
Firefox
2015-01-13 13:02 - 2012-01-24 18:00 - 00000000 ____D () C:\Users\Ozzy\AppData\Local
\WeatherBug
2015-01-03 10:52 - 2011-05-26 14:29 - 00000000 ____D () C:\MyAudio
2015-01-02 17:34 - 2011-04-01 11:23 - 00000000 ____D () C:\Users\Ozzy\AppData\Roaming
\Microsoft\Windows\Start Menu\Programs\VirtuaGirl
2015-01-02 15:32 - 2011-08-31 11:38 - 00000000 ____D () C:\New MP3s
2015-01-02 13:48 - 2013-02-05 14:58 - 00000000 __SHD () C:\AI_RecycleBin
2015-01-02 13:46 - 2011-08-31 11:17 - 00000000 ____D () C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Applian Technologies
2015-01-02 13:18 - 2011-08-31 11:18 - 00021717 _____ () C:\Users\Ozzy\AppData\Roaming
\ReplayMusicLog.log
2015-01-01 19:46 - 2010-12-01 19:42 - 00000000 ____D () C:\Users\Ozzy
2015-01-01 18:57 - 2011-07-23 13:38 - 00000000 ____D () C:\Windows\Minidump
==================== Files in the root of some directories =======
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\Users\Ozzy\AppData\Roaming
\0279
2011-06-23 11:20 - 2011-06-23 11:20 - 0000000 _____ () C:\Users\Ozzy\AppData\Roaming
\bibstats
2012-08-09 18:28 - 2012-08-09 18:29 - 0002455 _____ () C:\Users\Ozzy\AppData\Roaming
\hamster_installer_log.txt
2011-08-31 11:18 - 2015-01-02 13:18 - 0021717 _____ () C:\Users\Ozzy\AppData\Roaming
\ReplayMusicLog.log
2012-01-01 14:58 - 2012-01-01 14:59 - 0120554 _____ () C:\Users\Ozzy\AppData\Roaming
\VideoPad.dmp
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\Users\Ozzy\AppData\Local
\2232
2010-12-11 14:57 - 2011-04-19 19:48 - 0008704 _____ () C:\Users\Ozzy\AppData\Local
\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-05 18:22 - 2011-10-05 18:22 - 0000275 _____ () C:\Users\Ozzy\AppData\Local
\HamsterVideoConverterSettings.cfg
2012-06-04 20:39 - 2014-10-25 09:25 - 0007599 _____ () C:\Users\Ozzy\AppData\Local
\Resmon.ResmonCfg
2011-05-12 13:13 - 2011-07-03 15:03 - 0001940 _____ () C:\Users\Ozzy\AppData\Local
\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\2103
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\7049
2011-09-04 20:26 - 2011-09-04 20:26 - 0000012 _____ () C:\ProgramData\9625
2014-01-04 07:39 - 2014-01-04 07:39 - 0000012 _____ () C:\ProgramData\finger.dat
Files to move or delete:
====================
C:\ProgramData\finger.dat
C:\Users\Ozzy\Flash Capture Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 14:28
==================== End Of Log ============================
Here is the Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Ozzy at 2015-01-27 20:30:11
Running from C:\Users\Ozzy\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-
C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide
them. The adware programs should be uninstalled manually.)
3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 -
3ivx Technologies, Pty. Ltd.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\Adobe
Connect Add-in) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version:
16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:
16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001})
(Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635
- Adobe Systems, Inc.)
Alarm Clock version 1.0 (HKLM-x32\...\{003C285C-AC50-4B8C-8718-3481CBA49E2F}_is1)
(Version: 1.0 - )
AMD Catalyst Install Manager (HKLM\...\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7})
(Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:
2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director2.1) (Version: 2.1 - Applian
Technologies Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-
EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-
191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-
2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-
887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-
417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-
250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-
DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F})
(Version: 2.8.255.384 - ArcSoft)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple
Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12})
(Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-
0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DeskBabes version 1.0.6.01 (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...
\DeskBabes_is1) (Version: 1.0.6.01 - Totem Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27
-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
eJuice Me Up (HKLM-x32\...\{28107FBC-832A-4E18-9C9D-4E771B441F69}) (Version: 11.0.0.0
- Breaktru Software)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 -
Flip Video)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1)
(Version: 2.7 - Comfort Software Group)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version:
7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1)
(Version: 2.5.8.11 - Hamster Soft)
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1)
(Version: 2.5.2.33 - Hamster Soft)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company)
Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version:
3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 -
WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA})
(Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A})
(Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-
E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-
BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version:
3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-
16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307})
(Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000
- Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400
- Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version:
7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version:
10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version:
5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E})
(Version: 2.1.2.27173 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple
Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version:
8.0.310 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC})
(Version: - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}) (Version:
3.01.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243})
(Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7})
(Version: 1.18.15.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215})
(Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...\magicJack) (Version:
4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-
Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} -
1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center)
(Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version:
14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version:
14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-
0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-
9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...
\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft
Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...
\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-
51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-
1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-
4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-
3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-
6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...
\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-
x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-
38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-
C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-
F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...
\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-
30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...
\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...
\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft
Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-
3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-
1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-
4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
(Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
(Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Pazera Free Audio Extractor 2.1 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}
_is1) (Version: 2.1 - Jacek Pazera)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version:
1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:
6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
(Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95
- Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-
958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Replay Music (HKLM-x32\...\Replay Music4.05) (Version: 4.05 - Applian Technologies
Inc.)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian
Technologies Inc.)
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Setup Support for Weatherbug 1.0 (HKLM-x32\...\Setup Support for Weatherbug) (Version:
1.0 - Sono Control Inc.)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version:
7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 -
Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1)
(Version: 2.4.40 - Safer-Networking Ltd.)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: - NCH Software)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version:
2.0.0 - Tweaking.com)
UnHackMe 5.99 release (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
VGDTB Player 2 (C:\Program Files (x86)\VGHDPlayer2\) #3 (HKLM-x32\...\ST6UNST #4)
(Version: - )
VGDTB Player 2 (C:\Program Files (x86)\VGHDPlayer2\) (HKLM-x32\...\ST6UNST #2)
(Version: - )
VGDTB Player 2 (HKLM-x32\...\ST6UNST #1) (Version: - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
VirtuaGirl version 1.2.0.60 (HKU\S-1-5-21-2635634824-2115636220-2321885851-1000\...
\VirtuaGirl_is1) (Version: 1.2.0.60 - Totem Entertainment)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Hottie 2 (HKLM-x32\...\Quest3DVirtual Hottie 2) (Version: - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 -
AWS Convergence Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
(HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 -
Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 -
Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version:
14.0.8089.726 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 -
WinZip Computing, S.L. )
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WM Recorder (HKLM-x32\...\WM Recorder14.10) (Version: 14.10 - AllAlex, Inc)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any
eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 02:29:13 Scheduled Checkpoint
18-01-2015 19:12:55 Windows Update
18-01-2015 19:44:08 Windows Update
27-01-2015 02:44:15 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-01-27 10:31 - 00450771 ____R C:\Windows\system32\Drivers\etc
\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any
associated file could be listed separately to be moved.)
Task: {00D8A614-CEFF-461E-A454-51C24E2C1F79} - System32\Tasks\{4EEB95D5-29D6-4297-
BBEB-36386CECD5D6} => C:\VGHD Player\VGHD-Player4.exe
Task: {0840DBC3-E8A1-4577-A216-4B69EF229A9B} - System32\Tasks\{2A011254-2C0C-45FD-
A874-34FF6B0604C9} => C:\VGHD Player\VGHD-Player4.exe
Task: {098E9B76-0C88-4C15-B1C9-E72B2AB4301B} - System32\Tasks\RealUpgradeLogonTaskS-1
-5-21-2635634824-2115636220-2321885851-1000 => C:\Program Files (x86)\Real
\RealUpgrade\RealUpgrade.exe
Task: {09D59755-2C3B-444A-86DA-885C0DB2B914} - System32\Tasks\HPCeeScheduleForTest =>
C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-
Packard)
Task: {0ACC68D2-BC16-4762-85A8-8F084BB6A783} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework
\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {14C864D1-1412-464D-B085-EAA7A72C9B97} - System32\Tasks
\RealUpgradeScheduledTaskS-1-5-21-2635634824-2115636220-2321885851-1000 => C:\Program
Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1679B50D-04A8-4659-9FA8-83FC662F7D69} - System32\Tasks\{B5AA2803-C07A-4732-
853E-52A0A7386E80} => pcalua.exe -a "C:\Users\Ozzy\AppData\Local\Microsoft\Windows
\Temporary Internet Files\Content.IE5\5A4H75TR\startupcontrol[1].exe" -d C:\Users
\Ozzy\Desktop
Task: {193EFB73-40E1-43D4-955A-242AE53DE17F} - System32\Tasks
\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1B18371E-4034-47FB-9AA2-E4291843BDC2} - System32\Tasks\CCleanerSkipUAC => C:
\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {1B8AE441-47BA-4969-A4DC-05BEF0370522} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1F1123C6-47D4-48F9-A32E-20A34E1646EC} - System32\Tasks
\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1FD0EF04-9EC1-47CA-9B93-B4B9D6530AE7} - System32\Tasks\{3C39406F-9F93-46C6-
9033-25413C96D6AF} => E:/install.exe
Task: {2118D430-4217-4C36-ADFB-0B63468A9946} - System32\Tasks\{95C27B80-AE8F-4EEF-
A88E-FF6D002D39B0} => pcalua.exe -a C:\Users\Ozzy\Downloads\heart-buddy-msn.exe -d C:
\Users\Ozzy\Downloads
Task: {242849D0-AB37-49B1-8F5F-8F5BDA036312} - System32\Tasks\{1407654A-D7CE-47DD-
A6DB-E5A215E1710C} => C:\VGDesk BabesPlayer\VGDTB-Player4.exe
Task: {2C8210E4-9A79-42C6-B004-9A677B7B7E33} - System32\Tasks\{D9ED03D8-FECA-45FC-
B1CE-79130A6AC8F7} => C:\Program Files (x86)\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {2E649097-5ABC-4DD4-99F5-035CC1781B35} - System32\Tasks\{EC0C3767-4F54-41C1-
9868-825B77A30FFE} => C:\Program Files (x86)\Virtual Woman Millennium Beta
.93\vrwoman.exe
Task: {330C279A-41C3-4D19-8B4E-356B27F5509E} - System32\Tasks\{8E6CEB4D-1E80-4494-
B9F7-B88BF33E8814} => E:/install.exe
Task: {3E270791-5A2A-4808-B70D-3AEA821EC434} - System32\Tasks\Norton Security Scan for
Ozzy => C:\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
Task: {4B036544-8640-4356-ADFD-F3C86BEB6436} - System32\Tasks\UnHackMe Task Scheduler
=> C:\Program Files (x86)\UnHackMe\hackmon.exe [2012-05-04] (Greatis Software)
Task: {4E7F3496-22CA-4146-964F-6FFFB4B1F610} - System32\Tasks\{DB0AB1F0-46CF-45B5-
925B-83D1D1F06A8D} => pcalua.exe -a C:\Users\Ozzy\AppData\Local\Temp\Temp1_VGDTB-
Player2604.zip\setup.exe
Task: {553EBACE-0AEB-47A0-8524-3FD9A16289A8} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health
check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-
Packard)
Task: {5849CFE3-5535-4E60-B217-D8FDC2AF05CB} - System32\Tasks\{1D143045-023B-461C-
A214-29077CF476FF} => C:\Users\Ozzy\AppData\Local\The-Player\The-Player.exe
Task: {5E3F6FE0-CBC2-48BA-9E00-79A794748CF5} - System32\Tasks\Vosteran_helper => C:
\Users\Test\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
Task: {646FED24-FEBD-4FEE-A44B-CECDCD8BA513} - System32\Tasks\{4E7A183B-6CE1-468B-
9A0C-25C9EB453E50} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {6590E4C4-25DC-49E5-86BF-205AE92B8360} - System32\Tasks
\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {666870A4-DEC2-422A-947F-240FDFFFEB31} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search
& Destroy 2\SDImmunize.exe
Task: {68586A68-A966-46E1-8A10-BAC0FDE6B817} - System32\Tasks
\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6C418D17-8554-424C-AC57-38E175AAA3EB} - System32\Tasks
\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse
and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {75248C28-4FCA-4E01-B23B-9E27FF46D5F8} - System32\Tasks\HPCeeScheduleForOzzy =>
C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-
Packard)
Task: {787A6BAF-57D7-4D9A-AC88-35A241FDF389} - System32\Tasks\{FABAD157-B045-40FD-
AE2F-FB4EA31A1C9D} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {7DD72B58-A40B-4FC5-8937-934F16B3DEE0} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-
Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10
-21] (Hewlett-Packard)
Task: {7F08F20E-15C7-4641-8107-20D505B4A560} - System32\Tasks\{AF2D766A-F0A8-4F7C-
A2F7-06D762E8F476} => pcalua.exe -a "C:\Program Files (x86)\UnHackMe\unins000.exe"
Task: {81DDA6A9-F89B-4E45-9F4E-8FC0312C17D1} - System32\Tasks\{FE1E1694-8D5B-40E6-
8E06-D54F2B84C4FD} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {87181F8A-9AFE-41EF-94BE-A674DB7A652C} - System32\Tasks
\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8E580227-4E7D-4028-A9F6-9829212D9018} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDUpdate.exe
Task: {A1017DA8-F859-464A-923F-B17C4241C829} - System32\Tasks\{7A119311-69D1-4853-
87F1-52F043F3AD85} => C:\Users\Ozzy\AppData\Local\vghd\bin\vghd.exe [2015-01-02]
(Totem Entertainment)
Task: {A32C224D-1479-46EA-85C6-2D1095835A97} - System32\Tasks\Hewlett-Packard\HP
Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-
Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A656058B-E663-4A6C-BAA6-EEDE4048319E} - System32\Tasks\Safer-Networking\Spybot
- Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDScan.exe
Task: {AA5B95E4-0FB7-4868-85FB-CAE548CE41C7} - System32\Tasks\RecoveryCDWin7 => C:
\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AD63E683-3D47-490C-BA8C-E8AB42B56569} - System32\Tasks\ProPCCleaner_Start =>
C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {B0DF4915-0C3F-4DC7-AD6E-1703F4D9A51E} - System32\Tasks\{C185C1D4-A0BB-416E-
9BD0-A8FA4BB234E9} => C:\VGHD Player\VGHD-Player4.exe
Task: {B1863BD8-EEEB-4261-9692-9DA34921DD19} - System32\Tasks\{CF3B0B5F-D3B1-4C4A-
9B0E-3B2EC5848F5F} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {B5689C12-BCB2-4A6D-BD9B-944A62FF38CF} - System32\Tasks\{AFB21AF8-FA00-4EEF-
8D0E-D275B81683CB} => C:\Program Files (x86)\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {BEB06C16-3F46-4D87-A059-670BC4067B8F} - System32\Tasks\EasyShare Registration
Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\
$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {C23DE7B8-F906-46BC-881C-B491C857AD8D} - System32\Tasks\ProPCCleaner_Popup =>
C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {C5366998-B3E6-4742-A834-6A9D8B98C7C2} - System32\Tasks\{E7556B8A-3488-4906-
9555-389B549675CD} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {C89012F0-A764-40FC-BA1D-8F0C23A9664A} - System32\Tasks\{93C7F3B4-D4F0-46A7-
80EB-0BFE624A08B2} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {CE63E011-4D2A-475B-B6FC-76E160AC5A75} - System32\Tasks
\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D5A9842E-061D-4B47-947F-45E683778609} - System32\Tasks\Apple
\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update
\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7FFD9B3-0DF0-4910-8BE3-9050529AEAF5} - System32\Tasks\{9D0512B2-1CC0-4E15-
9A16-842009DA0C1C} => C:\VGHD Player\VGHD-Player2.exe
Task: {E8BB7B75-9C48-4C2D-BECE-D0B63EA26C4E} - System32\Tasks\{4F08FB90-A77C-4EA6-
8BD1-1A143BE7F26D} => L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Task: {E918DBD7-CA2A-4C95-A236-11CE75F7DE4E} - System32\Tasks\{DB8C1057-1D34-4BDB-
9BF1-32984E60B449} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {EAB03437-6BE1-4972-AB6E-A804D2CA9B4A} - System32\Tasks\{8BE6D72F-5DA3-4636-
9489-82B923C6271F} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {EB95C39B-D607-4741-873D-F54D62535C6F} - System32\Tasks\{D789D40F-1139-40BC-
8CCE-6D0375322FED} => pcalua.exe -a C:\Users\Ozzy\Downloads\dtunerzip
\DisplayTuner_v17.exe -d C:\Users\Ozzy\Downloads\dtunerzip
Task: {EFB4BD6E-ADDB-487E-882E-4CA9D7BCFCA3} - System32\Tasks\{DB5C521D-11BA-439A-
8D20-F6AD66F53E7C} => C:\VGDeskBabesPlayer\VGDTB-Player2.exe
Task: {F25AD1DB-A242-42D1-9951-87606D623CE9} - System32\Tasks\{BD10DCFA-6B8B-4990-
863E-66D49D8A6CC4} => C:\VGHD Player\VGHD-Player4.exe
Task: {F41E06F1-A8F0-4BED-A7E0-4E66E6D382C7} - System32\Tasks\Adobe Acrobat Update
Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19]
(Adobe Systems Incorporated)
Task: {F4CB75AC-2BFC-4F4F-850F-7AC3425C5DC8} - System32\Tasks\{585BDAF2-23EB-4851-
B942-3D3CE68DE606} => C:\VGHD Player\VGHD-Player2.exe
Task: {FA4497E4-9381-459E-9B3A-0748005631E3} - System32\Tasks\avast! Emergency Update
=> C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST
Software)
Task: {FA6DD721-4CA8-4484-8FA7-135B07933629} - System32\Tasks\{10EF5062-FADE-4238-
95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files
(x86)\Kodak\KODAK Share Button App\Listener.exe [2011-03-07] (Eastman Kodak Company)
Task: {FC1AF7C2-1E66-44AF-97B5-6FB80A7FC9DB} - System32\Tasks\{8C77953E-17C3-4BB4-
B5A6-55013BC4752A} => pcalua.exe -a "L:\Virtual Hotties\virtualhottie204.exe" -d "L:
\Virtual Hotties"
Task: {FC810110-1894-4C0D-A014-47800E9D4EF8} - System32\Tasks\{709F19A3-16E3-4DDF-
A817-3DB3544CB4B3} => C:\VGDesk BabesPlayer\VGDTB-Player2.exe
Task: {FF977FA8-94AF-4902-8385-979F03F19CD1} - System32\Tasks
\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard
Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\EasyShare Registration Task.job =>
=Ź93UF¨»¶żťLhF\<
sŔ €!ß*!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\
$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16Ozzy0Ű*
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google
\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOzzy.job => C:\Program Files (x86)\Hewlett-
Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTest.job => C:\Program Files (x86)\Hewlett-
Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Ozzy.job => C:
\PROGRA~2\NORTON~2\Engine\410~1.29\Nss.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_DC475FE0-87B8-11E4-A95A-D48564BA9175.job => C:
\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage
Protector\ReiGuard.exe <==== ATTENTION
Task: C:\Windows\Tasks\Vosteran_helper.job => C:\Users\Test\AppData\Local\Vosteran
\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinZip System Utilities Suite.job => C:\Program Files
(x86)\WinZip System Utilities Suite\WINZIPSS.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be
removed.)
AlternateDataStreams: C:\ProgramData\Temp:1341FF76
AlternateDataStreams: C:\ProgramData\Temp:364682BC
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The
"AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default
entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare
software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security
Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start
Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish
PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast
\AvastUI.exe" /nogui
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe"
-bootmode
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton
Online Backup\NOBuClient.exe
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Ozzy\AppData\Roaming\ShopAtHome
\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Ozzy\AppData\Roaming\ShopAtHome
\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Wisdom-soft ScreenHunter 5.1 Free => 0
========================= Accounts: ==========================
Administrator (S-1-5-21-2635634824-2115636220-2321885851-500 - Administrator -
Disabled)
Guest (S-1-5-21-2635634824-2115636220-2321885851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2635634824-2115636220-2321885851-1021 - Limited - Enabled)
Ozzy (S-1-5-21-2635634824-2115636220-2321885851-1000 - Administrator - Enabled) => C:
\Users\Ozzy
Test (S-1-5-21-2635634824-2115636220-2321885851-1023 - Administrator - Enabled) => C:
\Users\Test
==================== Faulty Device Manager Devices =============
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for
this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the
troubleshooting wizard.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all
its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware
failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error
should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 07:56:50 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/27/2015 06:28:05 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/27/2015 03:56:27 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: System Restore encountered a disk error during the restore (Windows
Update).
Error: (01/26/2015 03:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 9598
Start Time: 01d039b254ef523d
Termination Time: 86
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/25/2015 01:01:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 7ffc
Start Time: 01d0384c3f11c1ce
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/20/2015 02:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time
stamp: 0x546fddcc
Faulting module name: jvm.dll, version: 24.71.0.1, time stamp: 0x542613ca
Exception code: 0xc0000005
Fault offset: 0x00084e4a
Faulting process id: 0x16dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (01/19/2015 01:39:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 1a9c
Start Time: 01d0341f923cd8a9
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/19/2015 01:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.
Process ID: 4218
Start Time: 01d0341e0e6fed83
Termination Time: 174
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/08/2015 05:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp:
0x5202c98c
Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Exception code: 0xc0000005
Fault offset: 0x0002b78a
Faulting process id: 0x2090
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3
Error: (01/05/2015 09:42:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time
stamp: 0x546fddcc
Faulting module name: SkypeIEPlugin.dll, version: 7.3.16540.9015, time stamp:
0x53c40dfa
Exception code: 0xc0000005
Fault offset: 0x0005f6c6
Faulting process id: 0x9a00
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
System errors:
=============
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:28:24 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Error: (01/27/2015 08:26:18 PM) (Source: Service Control Manager) (EventID: 7001)
(User: )
Description: The Computer Browser service depends on the Server service which failed
to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (01/27/2015 07:56:50 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/27/2015 06:28:05 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/27/2015 03:56:27 PM) (Source: System Restore) (EventID: 8208) (User: )
Description: Windows Update
Error: (01/26/2015 03:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496959801d039b254ef523d86C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/25/2015 01:01:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174967ffc01d0384c3f11c1ce0C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/20/2015 02:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
IEXPLORE.EXE11.0.9600.17496546fddccjvm.dll24.71.0.1542613cac000000500084e4a16dc01d034c
a55d6b0dbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\PROGRA~2\Java
\jre7\bin\client\jvm.dlle8efcdd9-a0e0-11e4-9ad7-d48564ba9175
Error: (01/19/2015 01:39:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961a9c01d0341f923cd8a90C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/19/2015 01:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496421801d0341e0e6fed83174C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/08/2015 05:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78a209001d02b9c504e82
e1C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program
Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe924162a0-978f-11e4-
878a-d48564ba9175
Error: (01/05/2015 09:42:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
IEXPLORE.EXE11.0.9600.17496546fddccSkypeIEPlugin.dll7.3.16540.901553c40dfac00000050005
f6c69a0001d02951c4111f58C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:
\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllf9874864-9555-
11e4-8fd3-d48564ba9175
CodeIntegrity Errors:
===================================
Date: 2012-10-20 00:50:07.450
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.347
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.247
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.149
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:07.051
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.952
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.854
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.757
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.661
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
Date: 2012-10-20 00:50:06.561
Description: Code Integrity is unable to verify the image integrity of the file
\Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision
\HydraDMH64.dll because the set of per-page image hashes could not be found on the
system.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 255 Processor
Percentage of memory in use: 24%
Total physical RAM: 4863.29 MB
Available physical RAM: 3666 MB
Total Pagefile: 9724.75 MB
Available Pagefile: 8563.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:216.23 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1.44 GB) NTFS ==>[System with
boot components (obtained from reading drive)]
Drive l: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 21048339)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Could not read MBR for disk 5.
==================== End Of Log ============================
And...Here is the aswMBR log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-27 20:50:25
-----------------------------
20:50:25.380 OS Version: Windows x64 6.1.7601 Service Pack 1
20:50:25.380 Number of processors: 2 586 0x603
20:50:25.380 ComputerName: OZZYDESK UserName: Ozzy
20:50:29.374 Initialize success
20:51:07.094 AVAST engine defs: 15012701
20:51:21.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
20:51:21.883 Disk 0 Vendor: Hitachi_ JPGO Size: 610480MB BusType: 11
20:51:22.055 Disk 0 MBR read successfully
20:51:22.055 Disk 0 MBR scan
20:51:22.055 Disk 0 unknown MBR code
20:51:22.055 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:51:22.070 Disk 0 default boot code
20:51:22.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598022 MB offset 206848
20:51:22.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12356 MB offset 1224955904
20:51:22.242 Disk 0 scanning C:\Windows\system32\drivers
20:51:33.256 Service scanning
20:51:55.611 Modules scanning
20:51:55.611 Disk 0 trace - called modules:
20:51:55.657 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:51:55.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800514a060]
20:51:55.657 3 CLASSPNP.SYS[fffff8800197843f] -> nt!IofCallDriver -> [0xfffffa8004e19800]
20:51:55.673 5 amd_xata.sys[fffff88001162d00] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004e15060]
20:51:57.358 AVAST engine scan C:\Windows
20:52:01.273 AVAST engine scan C:\Windows\system32
20:55:05.572 AVAST engine scan C:\Windows\system32\drivers
20:55:18.426 AVAST engine scan C:\Users\Ozzy
21:08:49.456 AVAST engine scan C:\ProgramData
21:12:54.174 Disk 0 statistics 4184394/0/0 @ 1.83 MB/s
21:12:54.190 Scan finished successfully
21:14:13.188 Disk 0 MBR has been saved successfully to "C:\FRST\Logs\MBR.dat"
21:14:13.204 The log file has been saved successfully to "C:\FRST\Logs\aswMBR.txt"
Once again, thank you for your assistance.
- - Mark