• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

rle7

Full Member
  • Content count

    166
  • Joined

  • Last visited

About rle7

  • Rank
    Advanced Member
  • Birthday
  1. Hi nasdaq, ran tweaking again. there is no difference still missing devices and cant do the update. I don't know if there were any errors. I mistakenly hit restart. I found all the log files but dont know if you want to see them. let me know I'll try a windows 7 forum and see what they suggest. As always you guys are the best !!! I greatly appreciate all your time and knowledge Thanks Again and again rle7
  2. Morning nasdaq, That seemed to take care of the malwarebyte pop-up there is no change to devices or trying to update service pack 1 Can I assume from this point forward it is a windows problem ? Thanks rle7
  3. Hi nasdaq, thanks for the additional work here is the rogue killer log: RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Samantha [Administrator] Mode : Delete -- Date : 02/19/2015 17:25:25 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected ¤¤¤ Tasks : 4 ¤¤¤ [suspicious.Path] FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core.job -- C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Deleted [suspicious.Path] FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA.job -- C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> Deleted [suspicious.Path] \\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core -- C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Deleted [suspicious.Path] \\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA -- C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> ERROR [0] ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 35cdcf2d6902b3140cbbf1e1c437dd83 [bSP] ad3169145d5a5582624fdef33b7b7fca : HP MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954832896 | Size: 10713 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_02192015_172353.log thanks rle7
  4. Morning nasdaq, Thanks for all your help. I do have one question.Whenever I open chrome, Malwarebytes anti-malware pops-up and says malicious website blocked Domain: epicunitscan.info IP:XXXXX Port:XXXXX Type: Outbound Process: XXXX Should I be concerned about this? Thanks, rle7
  5. hi nasdaq, I did all requested. when windows rebooted there was a window that popped up program compatibility assistant This program might not have installed correctly Program: Uninstall Publisher: Uninstall Location: C\Program Files (x86)\CommonFI..\Uninstall.exe no change- devices still don't load and windows still fails to update the service pack Here is the log from tweaking Log: Tweaking.com - Windows Repair v2.11.1 -------------------------------------------------------------------------------- System Variables -------------------------------------------------------------------------------- OS: Windows 7 Home Premium OS Architecture: 64-bit OS Version: 6.1.7600 OS Service Pack: Computer Name: SAMANTHA-PC Windows Drive: C:\ Windows Path: C:\windows Program Files: C:\Program Files Program Files (x86): C:\Program Files (x86) Current Profile: C:\Users\Samantha Current Profile SID: S-1-5-21-2245364889-2588088723-280986198-1001 Current Profile Classes: S-1-5-21-2245364889-2588088723-280986198-1001_Classes Profiles Location: C:\Users Profiles Location 2: C:\windows\ServiceProfiles Local Settings AppData: C:\Users\Samantha\AppData\Local -------------------------------------------------------------------------------- System Information -------------------------------------------------------------------------------- System Up Time: 0 Days 00:05:29 Process Count: 23 Commit Total: 720.08 MB Commit Limit: 7.60 GB Commit Peak: 734.39 MB Handle Count: 5725 Kernel Total: 297.92 MB Kernel Paged: 238.88 MB Kernel Non Paged: 59.04 MB System Cache: 468.20 MB Thread Count: 288 -------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 3.80 GB Memory Used: 756.31 MB(19.4391%) Memory Avail.: 3.06 GB -------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 3.80 GB Memory Used: 646.42 MB(16.6147%) Memory Avail.: 3.17 GB -------------------------------------------------------------------------------- Starting Repairs... Started at (2/18/2015 4:31:36 PM) Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair... Total Missing 'InstallDate' Fixed: 116 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (2/18/2015 4:31:37 PM) You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running. Running Repair Under Current User Account Done (2/18/2015 4:31:54 PM) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (2/18/2015 4:31:54 PM) You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running. Decompressing & Updating Windows Permission File services.txt Done, 0.31 seconds. Running Repair Under System Account Done (2/18/2015 4:35:36 PM) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (2/18/2015 4:35:36 PM) You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running. Running Repair Under System Account Done (2/18/2015 4:36:39 PM) 03 - Reset Service Permissions Start (2/18/2015 4:36:39 PM) You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running. Running Repair Under System Account Done (2/18/2015 4:36:53 PM) 04 - Register System Files Start (2/18/2015 4:36:53 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:37:23 PM) 05 - Repair WMI Start (2/18/2015 4:37:23 PM) Starting Security Center So We Can Export The Security Info. Exporting Antivirus Info... Microsoft Security Essentials Exported. Exporting AntiSpyware Info... Microsoft Security Essentials Exported. Windows Defender Exported. IObit Malware Fighter Exported. Exporting 3rd Party Firewall Info... No Firewall Products Reported. Running Repair Under Current User Account Done (2/18/2015 4:41:16 PM) 06 - Repair Windows Firewall Start (2/18/2015 4:41:16 PM) Running Repair Under Current User Account Decompressing & Updating Windows Permission File services.txt Done, 0.13 seconds. Running Repair Under System Account Done (2/18/2015 4:41:47 PM) 07 - Repair Internet Explorer Start (2/18/2015 4:41:47 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:42:08 PM) 08 - Repair MDAC/MS Jet Start (2/18/2015 4:42:08 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:42:14 PM) 10 - Remove Policies Set By Infections Start (2/18/2015 4:42:14 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:42:36 PM) 13 - Repair Winsock & DNS Cache Start (2/18/2015 4:42:36 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:42:52 PM) 14 - Remove Temp Files Start (2/18/2015 4:42:52 PM) Running Repair Under System Account Done (2/18/2015 4:42:54 PM) 15 - Repair Proxy Settings Start (2/18/2015 4:42:54 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:42:57 PM) 17 - Repair Windows Updates Start (2/18/2015 4:42:57 PM) Running Repair Under Current User Account Decompressing & Updating Windows Permission File services.txt Done, 0.13 seconds. Running Repair Under System Account Setting Windows Updates Files That Are In Use To Be Removed At Next Boot. Done (2/18/2015 4:43:16 PM) 19 - Repair Volume Shadow Copy Service Start (2/18/2015 4:43:16 PM) Running Repair Under Current User Account Decompressing & Updating Windows Permission File services.txt Done, 0.13 seconds. Running Repair Under System Account Done (2/18/2015 4:43:35 PM) 21 - Repair MSI (Windows Installer) Start (2/18/2015 4:43:35 PM) Running Repair Under Current User Account Decompressing & Updating Windows Permission File services.txt Done, 0.13 seconds. Running Repair Under System Account Done (2/18/2015 4:43:46 PM) 26 - Restore Important Windows Services Start (2/18/2015 4:43:46 PM) Running Repair Under Current User Account Decompressing & Updating Windows Permission File services.txt Done, 0.13 seconds. Running Repair Under System Account Done (2/18/2015 4:43:57 PM) 27 - Set Windows Services To Default Startup Start (2/18/2015 4:43:57 PM) Running Repair Under Current User Account Running Repair Under System Account Done (2/18/2015 4:44:06 PM) Cleaning up empty logs... All Selected Repairs Done. Done at (2/18/2015 4:44:06 PM) Total Repair Time: 00:12:31 ...YOU MUST RESTART YOUR SYSTEM... Thanks rle7
  6. hi nasdaq I have done as instructed. Enabled those 2 services Ran mbam and adsware still devices not working I have tried all the steps listed about servi.ce pack 1 all to no avail. Any other suggestions would be really appreciated. Thanks rle7
  7. Morning nasdaq I'm not sure what to do with msconfig. When i run it and go to the services tab the only things that I could find listed were the gupdate and guptem I checked the boxes and said apply. I don't know how to find the other items.I haven't run Mbam or adwcleaner yet. Ill wait for further instructions on the msconfig. the disk usage was at 1% I increased it to 2% Thanks, rle7
  8. combo fix did not load a recovery partition and my devices are still missing on normal boot thanks, rle7
  9. here is the combofix log ComboFix 15-02-16.01 - Samantha 02/17/2015 10:50:38.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2324 [GMT -5:00] Running from: c:\users\Samantha\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Samantha\AppData\Local\dsisetup15140439292.exe c:\users\Samantha\AppData\Local\hvyv.exe c:\users\Samantha\AppData\Local\shve.exe c:\users\Samantha\AppData\Local\Temp\_MEI21522\_ctypes.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\_elementtree.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\_hashlib.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\_multiprocessing.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\_socket.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\_ssl.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\hashobjs_ext.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\pyexpat.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\pysqlite2._sqlite.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\python27.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\pythoncom27.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\PyWinTypes27.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\select.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\unicodedata.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32api.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32com.shell.shell.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32crypt.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32event.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32file.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32gui.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32inet.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32pdh.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32pipe.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32process.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32profile.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32security.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\win32ts.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\windows._lib_cacheinvalidation.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._animate.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._controls_.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._core_.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._gdi_.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._html2.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._misc_.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._windows_.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wx._wizard.pyd c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxbase294u_net_vc90.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxbase294u_vc90.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxmsw294u_adv_vc90.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxmsw294u_core_vc90.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxmsw294u_html_vc90.dll c:\users\Samantha\AppData\Local\Temp\_MEI21522\wxmsw294u_webview_vc90.dll c:\users\Samantha\AppData\Local\vkkq.exe c:\users\Samantha\AppData\Local\yflx.exe c:\users\Samantha\AppData\Roaming\Adobe\plugs c:\users\Samantha\AppData\Roaming\Adobe\shed c:\users\Samantha\AppData\Roaming\install c:\users\Samantha\Documents\~WRL0295.tmp c:\users\Samantha\Documents\~WRL3729.tmp c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . . ((((((((((((((((((((((((( Files Created from 2015-01-17 to 2015-02-17 ))))))))))))))))))))))))))))))) . . 2015-02-17 16:02 . 2015-02-17 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-02-17 01:11 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B147F038-43AB-43D0-8C5D-F68F69BB1A04}\mpengine.dll 2015-02-16 22:49 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-02-16 22:21 . 2015-02-16 22:22 -------- d-----w- c:\programdata\Reimage Protector 2015-02-16 21:59 . 2015-02-16 22:42 -------- d-----w- c:\program files\Reimage 2015-02-16 17:09 . 2015-02-16 17:09 -------- d-----w- c:\windows\system32\SPReview 2015-02-14 19:08 . 2015-02-17 14:42 -------- d-----w- C:\FRST 2015-02-14 19:02 . 2015-02-15 18:45 -------- d-----w- C:\AdwCleaner 2015-02-14 18:52 . 2015-02-14 18:52 -------- d-----w- c:\users\Samantha\AppData\Roaming\LavasoftStatistics 2015-02-14 14:28 . 2015-02-14 14:29 129752 ----a-w- c:\windows\system32\drivers\0AFF6881.sys 2015-02-14 01:02 . 2015-02-14 01:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-02-14 00:33 . 2015-02-14 00:33 -------- d-----w- c:\program files (x86)\Minimal Bookmarks Tree 2015-02-14 00:30 . 2015-02-14 00:31 -------- d-----w- c:\program files (x86)\lOwerate 2015-02-13 22:51 . 2015-02-13 22:51 -------- d-----w- c:\windows\system32\SRSLabs 2015-02-13 22:51 . 2015-02-13 22:51 -------- d-----w- c:\windows\SysWow64\RTCOM 2015-02-13 22:49 . 2015-02-13 22:49 942808 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2015-02-13 22:49 . 2015-02-13 22:49 73800 ----a-w- c:\windows\system32\RtNicProp64.dll 2015-02-13 22:49 . 2015-02-13 22:49 11527888 ----a-w- c:\windows\system32\drivers\NETwsw00.sys 2015-02-13 22:49 . 2015-02-13 22:49 9101016 ----a-w- c:\windows\system32\drivers\rtsuvc.sys 2015-02-13 22:49 . 2015-02-13 22:49 156888 ----a-w- c:\windows\RtsCM64.exe 2015-02-13 22:48 . 2015-02-13 22:48 471768 ----a-w- c:\windows\system32\RtCamX64.dll 2015-02-13 22:48 . 2015-02-13 22:48 418008 ----a-w- c:\windows\SysWow64\RtCamX.dll 2015-02-13 22:48 . 2015-02-13 22:48 2628312 ----a-w- c:\windows\RtCamU64.exe 2015-02-13 22:48 . 2015-02-13 22:48 1979096 ----a-w- c:\windows\SysWow64\RsDecode.dll 2015-02-13 22:48 . 2015-02-13 22:48 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2015-02-13 22:46 . 2015-02-13 22:46 203352 ----a-w- c:\windows\SysWow64\jmcricon.dll 2015-02-13 22:46 . 2015-02-13 22:46 203352 ----a-w- c:\windows\system32\jmcricon.dll 2015-02-13 22:46 . 2015-02-13 22:46 176880 ----a-w- c:\windows\system32\drivers\jmcr.sys 2015-02-13 21:29 . 2015-02-13 21:29 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-02-13 21:29 . 2015-02-13 21:29 -------- d-----w- c:\program files (x86)\Common Files\IObit 2015-02-13 15:28 . 2015-02-16 23:57 20 ----a-w- c:\users\Samantha\AppData\Roaming\appdataFr3.bin 2015-02-13 15:07 . 2015-02-13 15:07 -------- d-----w- c:\program files (x86)\RelaySys 2015-02-11 15:36 . 2014-09-17 01:59 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3755FC0A-378E-4F28-89E3-E256CBA0F7EC}\gapaengine.dll 2015-02-11 15:28 . 2015-02-04 03:04 609280 ----a-w- c:\windows\system32\generaltel.dll 2015-02-11 15:28 . 2015-02-04 03:03 762368 ----a-w- c:\windows\system32\invagent.dll 2015-02-11 15:28 . 2015-02-04 03:03 414720 ----a-w- c:\windows\system32\devinv.dll 2015-02-11 15:28 . 2015-02-04 03:03 894976 ----a-w- c:\windows\system32\appraiser.dll 2015-02-11 15:28 . 2015-02-04 03:01 1098752 ----a-w- c:\windows\system32\aeinv.dll 2015-02-11 15:28 . 2015-01-27 23:23 1239720 ----a-w- c:\windows\system32\aitstatic.exe 2015-02-11 15:28 . 2015-02-04 03:03 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-01-19 18:48 . 2015-01-19 18:48 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2015-01-19 18:40 . 2015-01-19 18:45 -------- d-----w- c:\program files\Adobe 2015-01-19 18:35 . 2015-01-19 18:47 -------- d-----w- c:\program files\Common Files\Adobe 2015-01-19 18:24 . 2015-01-19 18:26 -------- d-----w- c:\programdata\Package Cache 2015-01-19 17:14 . 2015-01-19 17:14 -------- d-----w- c:\users\Samantha\AppData\Local\StormFall 2015-01-19 16:51 . 2015-01-19 16:51 -------- d-----w- c:\users\Samantha\AppData\Local\IsolatedStorage 2015-01-19 16:50 . 2015-01-19 17:15 -------- d-----w- c:\programdata\Unchecky 2015-01-19 16:44 . 2015-01-19 16:44 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-16 21:03 . 2015-01-02 22:06 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-02-16 18:20 . 2010-07-17 06:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2015-02-16 18:19 . 2010-07-23 17:41 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2015-02-15 18:45 . 2010-07-17 06:04 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2015-02-15 18:45 . 2010-08-02 06:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2015-02-15 14:53 . 2012-04-21 13:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-15 14:42 . 2012-04-21 13:15 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-02-14 01:01 . 2015-01-02 21:27 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-02-13 22:49 . 2009-12-03 14:27 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2015-02-13 18:19 . 2015-01-02 22:06 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-02-13 16:11 . 2010-07-23 17:42 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2015-02-13 16:11 . 2010-07-23 17:41 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2015-02-13 16:11 . 2010-07-17 06:04 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2015-01-29 22:49 . 2010-07-08 01:41 116773704 ----a-w- c:\windows\system32\MRT.exe 2014-12-31 11:14 . 2010-07-07 21:10 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-12-19 13:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2014-12-19 13:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2014-12-10 12:05 . 2014-11-27 14:46 3981488 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-12-04 02:31 . 2014-12-10 12:07 192000 ----a-w- c:\windows\system32\aepic.dll 2014-11-21 11:14 . 2015-01-02 22:06 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-21 11:14 . 2010-11-11 22:19 25816 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088] "Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 3362336] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-01-08 2694320] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704] . c:\users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Password Safe.lnk - c:\program files (x86)\Password Safe\pwsafe.exe -s [2013-9-24 4422656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "RequireSignedAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . R2 bce312cc;RelaySys;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x] R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] R3 cpuz134;cpuz134;c:\users\Samantha\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Samantha\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x] R4 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x] S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2015-02-15 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe [2015-02-15 14:42] . 2015-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core.job - c:\users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 22:49] . 2015-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA.job - c:\users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 22:49] . 2015-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 21:24] . 2015-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 21:24] . 2015-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core.job - c:\users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 21:24] . 2015-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA.job - c:\users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 21:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2014-12-19 20:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2014-12-19 20:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2014-12-19 20:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-20 557768] "RtsCM"="RTSCM64.EXE" [2015-02-13 156888] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-02-13 13774040] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.com mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe Toolbar-Locked - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-2867617154.optimumapp.iptv.optimum.net - c:\program files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Password Safe\pwsafe.exe c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe . ************************************************************************** . Completion time: 2015-02-17 11:18:04 - machine was rebooted ComboFix-quarantined-files.txt 2015-02-17 16:17 . Pre-Run: 149,798,203,392 bytes free Post-Run: 149,545,140,224 bytes free . - - End Of File - - 4DCF141479D43AB7688AB750DB4C0335
  10. hi nasdaq, here is the farbar fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015 Ran by Samantha at 2015-02-17 09:42:20 Run:2 Running from C:\Users\Samantha\Desktop\FARBAR Loaded Profiles: Samantha (Available profiles: Samantha) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION! AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 Task: {EEA9FAF2-6008-4F02-805F-2AC62BCA8586} - System32\Tasks\d943ba68 => C:\Users\Samantha\AppData\Local\Temp\\setup2984054720.exe <==== ATTENTION Task: {C07B37BE-BFC2-42DC-B9D4-D9BC28E79121} - System32\Tasks\376049c0 => C:\Users\Samantha\AppData\Local\Temp\\setup2206354064.exe <==== ATTENTION Task: {10C3CD79-CF6E-40FA-958A-6B379DD54394} - \f1486b74 No Task File <==== ATTENTION Task: {AFCF1D9A-C084-434D-AFC8-020B9756EBD5} - System32\Tasks\5e57ed70 => C:\Users\Samantha\AppData\Local\Temp\\setup2458651256.exe <==== ATTENTION Task: {B2DCB51C-2242-4902-B023-2F09D227001D} - System32\Tasks\8457bd70 => C:\Users\Samantha\AppData\Local\Temp\\setup1485863488.exe <==== ATTENTION Task: {7021E38C-F257-421E-8771-3B57E1B1F5DD} - System32\Tasks\e473ab20 => C:\Users\Samantha\AppData\Local\Temp\\setup1402344272.exe <==== ATTENTION Task: {53D69FEA-285E-41D8-B1A8-AA741501602C} - System32\Tasks\b2f11ea0 => C:\Users\Samantha\AppData\Local\Temp\\setup3321116688.exe <==== ATTENTION Task: {382B2ACC-A75F-4538-8E8B-AACA65545098} - System32\Tasks\4cd113b0 => C:\Users\Samantha\AppData\Local\Temp\\setup961130960.exe <==== ATTENTION Task: {39EF17B7-C1AD-476A-93A2-221FC9CFEBAA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: {199F5737-2863-4B1E-8B6C-DD22C8A26D7A} - System32\Tasks\17a6bc84 => C:\Users\Samantha\AppData\Local\Temp\\setup1020770656.exe <==== ATTENTION Task: {094EB264-B3FA-4DA6-9FDF-EB7B7BDD6D30} - System32\Tasks\e18f9ccc => C:\Users\Samantha\AppData\Local\Temp\\setup2939242404.exe <==== ATTENTION Task: {10C3CD79-CF6E-40FA-958A-6B379DD54394} - \f1486b74 No Task File <==== ATTENTION C:\ProgramData\fmcu.exe C:\ProgramData\njse.exe C:\ProgramData\olqd.exe C:\ProgramData\xlxm.exe C:\Users\Samantha\AppData\Local\Temp\0mt9mzdw.dll C:\Users\Samantha\AppData\Local\Temp\ICReinstall_adobe-photoshop-cs6.exe C:\Users\Samantha\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Samantha\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Windows\SysWOW64\Sendori.dll End ***************** Processes closed successfully. "HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\exefile => Key not found. C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEA9FAF2-6008-4F02-805F-2AC62BCA8586}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA9FAF2-6008-4F02-805F-2AC62BCA8586}" => Key deleted successfully. C:\Windows\System32\Tasks\d943ba68 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d943ba68" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C07B37BE-BFC2-42DC-B9D4-D9BC28E79121}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C07B37BE-BFC2-42DC-B9D4-D9BC28E79121}" => Key deleted successfully. C:\Windows\System32\Tasks\376049c0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\376049c0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10C3CD79-CF6E-40FA-958A-6B379DD54394}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10C3CD79-CF6E-40FA-958A-6B379DD54394}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f1486b74" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFCF1D9A-C084-434D-AFC8-020B9756EBD5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFCF1D9A-C084-434D-AFC8-020B9756EBD5}" => Key deleted successfully. C:\Windows\System32\Tasks\5e57ed70 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5e57ed70" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2DCB51C-2242-4902-B023-2F09D227001D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2DCB51C-2242-4902-B023-2F09D227001D}" => Key deleted successfully. C:\Windows\System32\Tasks\8457bd70 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8457bd70" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7021E38C-F257-421E-8771-3B57E1B1F5DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7021E38C-F257-421E-8771-3B57E1B1F5DD}" => Key deleted successfully. C:\Windows\System32\Tasks\e473ab20 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e473ab20" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53D69FEA-285E-41D8-B1A8-AA741501602C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53D69FEA-285E-41D8-B1A8-AA741501602C}" => Key deleted successfully. C:\Windows\System32\Tasks\b2f11ea0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b2f11ea0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{382B2ACC-A75F-4538-8E8B-AACA65545098}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{382B2ACC-A75F-4538-8E8B-AACA65545098}" => Key deleted successfully. C:\Windows\System32\Tasks\4cd113b0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4cd113b0" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39EF17B7-C1AD-476A-93A2-221FC9CFEBAA} => Key not found. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{199F5737-2863-4B1E-8B6C-DD22C8A26D7A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199F5737-2863-4B1E-8B6C-DD22C8A26D7A}" => Key deleted successfully. C:\Windows\System32\Tasks\17a6bc84 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\17a6bc84" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{094EB264-B3FA-4DA6-9FDF-EB7B7BDD6D30}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{094EB264-B3FA-4DA6-9FDF-EB7B7BDD6D30}" => Key deleted successfully. C:\Windows\System32\Tasks\e18f9ccc => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e18f9ccc" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10C3CD79-CF6E-40FA-958A-6B379DD54394} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f1486b74 => Key not found. "C:\ProgramData\fmcu.exe" => File/Directory not found. "C:\ProgramData\njse.exe" => File/Directory not found. "C:\ProgramData\olqd.exe" => File/Directory not found. "C:\ProgramData\xlxm.exe" => File/Directory not found. "C:\Users\Samantha\AppData\Local\Temp\0mt9mzdw.dll" => File/Directory not found. "C:\Users\Samantha\AppData\Local\Temp\ICReinstall_adobe-photoshop-cs6.exe" => File/Directory not found. "C:\Users\Samantha\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe" => File/Directory not found. "C:\Users\Samantha\AppData\Local\Temp\jre-8u31-windows-au.exe" => File/Directory not found. "C:\Windows\SysWOW64\Sendori.dll" => File/Directory not found. The system needed a reboot. ==== End of Fixlog 09:42:29 ====
  11. morning nasdaq, I've discovered if I start windows disabling digital signatures on drivers that the audio, dvd drive, and usb all work. when I try updating to service pack1 using the manual download it fails and says Error: ERROR_SXS_ASSEMBLY_NOT_FOUND(0x800736b3) any suggestions? sorry I didn't see your previous post i will do as instructed and respond thanks, rle7
  12. hi nasdaq, resetting the browsers seemed to do the trick. I have tried to install service pack 1 but no matter how ways I try it it fails i even tried burning an iso but when i tried installing from the dvd which didn't now the dvd usb and audio on the computer dont work. windows trouble shooter blames it on a possible hardware change. here is this addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015 Ran by Samantha at 2015-02-14 14:09:17 Running from C:\Users\Samantha\Desktop\FARBAR Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_c14ac4070fd9614ffe63f4bb533db2c) (Version: 1.0 - Adobe Systems Incorporated) Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.) Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit) AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - ) Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.3.0.1 - Best Buy) Best Buy Software Installer (Version: 2.3.0.1 - Best Buy) Hidden BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - ) BitTorrent (HKU\S-1-5-21-2245364889-2588088723-280986198-1001\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.) FoxTab MP3 Converter (remove only) (HKLM-x32\...\Z0 - MP3 Converter) (Version: - ) <==== ATTENTION Free Audio CD Burner version 1.4.8 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to MP3 Converter version 3.12.27.225 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.27.225 - DVDVideoSoft Ltd.) Google Chrome (HKU\S-1-5-21-2245364889-2588088723-280986198-1001\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Driver Diagnostics (HKLM-x32\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Photosmart Premium C309g-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}) (Version: 13.01.1000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) Intel® Wireless Display (HKLM\...\{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}) (Version: 1.1.8.0 - Intel Corporation) Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) IObit Apps Toolbar v10.5 (HKLM-x32\...\{9C2D4436-24B7-4123-BFC4-673B83A9CE33}) (Version: 10.5 - Spigot, Inc.) <==== ATTENTION IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.) Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Optimum (HKU\S-1-5-21-2245364889-2588088723-280986198-1001\...\2867617154.optimumapp.iptv.optimum.net) (Version: - optimumapp.iptv.optimum.net) Optimum App for Laptop 1.70 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 1.70 - Cablevision) Password Safe (HKLM-x32\...\Password Safe) (Version: - ) PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) System Requirements Lab for Intel (HKLM-x32\...\{F7FC9307-374E-4017-8E9D-DE1154780480}) (Version: 4.1.66.0 - Husdawg, LLC) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-AU - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.1 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation) Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation) Yontoo Layers 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2245364889-2588088723-280986198-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2245364889-2588088723-280986198-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 14-02-2015 13:56:27 AA11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-01-19 12:37 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05877DDC-9F59-4898-94A7-A3DF65E16691} - System32\Tasks\{3DB25CC3-B65B-480C-81BF-D284E7F096CD} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe Task: {094EB264-B3FA-4DA6-9FDF-EB7B7BDD6D30} - System32\Tasks\e18f9ccc => C:\Users\Samantha\AppData\Local\Temp\\setup2939242404.exe <==== ATTENTION Task: {10C3CD79-CF6E-40FA-958A-6B379DD54394} - \f1486b74 No Task File <==== ATTENTION Task: {12F9CA5E-ED6B-4DF8-8F0B-4FA7556D0AD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {199F5737-2863-4B1E-8B6C-DD22C8A26D7A} - System32\Tasks\17a6bc84 => C:\Users\Samantha\AppData\Local\Temp\\setup1020770656.exe <==== ATTENTION Task: {28383A7F-0F27-48E0-B144-C7A096F91669} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit) Task: {296A8E31-7E9A-473C-B921-B4203D14D365} - System32\Tasks\a48b06ec => C:\Users\Samantha\AppData\Local\Temp\\setup1536902856.exe <==== ATTENTION Task: {29EAC75E-8B5E-4FB4-A452-13B762A30C00} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {3263846F-528B-48AD-8872-12185E8E9835} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA => C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {382B2ACC-A75F-4538-8E8B-AACA65545098} - System32\Tasks\4cd113b0 => C:\Users\Samantha\AppData\Local\Temp\\setup961130960.exe <==== ATTENTION Task: {39EF17B7-C1AD-476A-93A2-221FC9CFEBAA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: {3AA0CDA2-B131-4045-AF2D-E704D78034BE} - System32\Tasks\{24FC86DE-FAA0-4672-8D32-08D64877F5E7} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {40220DDC-67F8-4C18-AACE-5775EAAC6129} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit) Task: {468547C8-A706-45C4-A886-AD32502B53FD} - System32\Tasks\{9A1750DB-E14A-464D-87FE-BC82EF4EC0EB} => pcalua.exe -a C:\Users\Samantha\Downloads\saw0v220.exe -d C:\Users\Samantha\Downloads Task: {53B5F90E-5562-465F-8AD8-015D7BF34CC6} - System32\Tasks\{E0E137A1-238D-4010-80FC-8E27FECFF604} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe Task: {53D69FEA-285E-41D8-B1A8-AA741501602C} - System32\Tasks\b2f11ea0 => C:\Users\Samantha\AppData\Local\Temp\\setup3321116688.exe <==== ATTENTION Task: {5C2F7496-61B6-4FF6-8BF5-057B736A6B8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {629CE628-F269-4C2B-A8F8-FF2B2A425BDD} - System32\Tasks\AdobeAAMUpdater-1.0-Samantha-PC-Samantha => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {6A8968E9-5452-406D-B98C-72293EA548FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {7021E38C-F257-421E-8771-3B57E1B1F5DD} - System32\Tasks\e473ab20 => C:\Users\Samantha\AppData\Local\Temp\\setup1402344272.exe <==== ATTENTION Task: {7393C500-4711-4DD0-9307-165C5D2D2FFB} - System32\Tasks\{C23F3DCE-2616-4138-8F12-FD9DAAF8B727} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe Task: {7D44F4BE-4B4B-4BC6-9FB2-5B4FDC9953AB} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit) Task: {89A345B6-904D-4A39-A15F-FBFF93C55A8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {8F2EEC9C-14DA-4071-824F-0188183EB0E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {913E8F7E-7372-42F2-AF9B-C58DD45626C7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit) Task: {99A98AD9-995B-4189-91AE-F31B32715349} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {9AFDD33E-837C-410B-B07D-E20782EEF0E0} - System32\Tasks\ASC8_SkipUac_Samantha => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit) Task: {9E524F68-8F9B-4846-A46D-BAF8E9EC7826} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {9F0032E4-082B-4C69-BE30-BA53CC12E3AC} - System32\Tasks\Driver Booster SkipUAC (Samantha) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit) Task: {AFCF1D9A-C084-434D-AFC8-020B9756EBD5} - System32\Tasks\5e57ed70 => C:\Users\Samantha\AppData\Local\Temp\\setup2458651256.exe <==== ATTENTION Task: {B2DCB51C-2242-4902-B023-2F09D227001D} - System32\Tasks\8457bd70 => C:\Users\Samantha\AppData\Local\Temp\\setup1485863488.exe <==== ATTENTION Task: {B9F2A6F0-C0D9-4889-BE0F-1C68121473A8} - System32\Tasks\{35444294-E18F-4DFC-B953-BAAC5D6E4ACF} => pcalua.exe -a "C:\Users\Samantha\AppData\Local\Apple\Apple Software Update\QuickTimeInstallerAdmin.exe" -d "C:\Users\Samantha\AppData\Local\Apple\Apple Software Update" Task: {C07B37BE-BFC2-42DC-B9D4-D9BC28E79121} - System32\Tasks\376049c0 => C:\Users\Samantha\AppData\Local\Temp\\setup2206354064.exe <==== ATTENTION Task: {C6B4556D-BD0F-4F7F-8FEB-827E3AA37C51} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {C9FD9BEF-344D-4F21-BCB5-092E1F0EFF8A} - System32\Tasks\{CC642336-C6DF-4FF0-B559-82F22EB64264} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {D84FF2C9-D93F-4F63-B20F-B6899E331DC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core => C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {E3106450-5A9A-4160-B0CD-2C86A144AE74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E9C8F7F9-82DF-4D17-9B32-D1B25A13D1D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {EEA9FAF2-6008-4F02-805F-2AC62BCA8586} - System32\Tasks\d943ba68 => C:\Users\Samantha\AppData\Local\Temp\\setup2984054720.exe <==== ATTENTION Task: {F3F3DBF7-3539-4CC2-9F23-95A3DD67F211} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit) Task: {F60C04F8-0724-45F0-B4DB-92FD8F5ED865} - System32\Tasks\{8462A836-1992-4250-9469-4FA375B8F7AF} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core.job => C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA.job => C:\Users\Samantha\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001Core.job => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245364889-2588088723-280986198-1001UA.job => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2015-02-13 16:29 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll 2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-13 10:07 - 2015-02-13 10:07 - 01656832 _____ () c:\Program Files (x86)\RelaySys\RelaySys.dll 2015-02-13 18:50 - 2015-02-13 18:50 - 00098816 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32api.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00110080 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\pywintypes27.dll 2015-02-13 18:50 - 2015-02-13 18:50 - 00364544 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\pythoncom27.dll 2015-02-13 18:50 - 2015-02-13 18:50 - 00045568 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_socket.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 01160704 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_ssl.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00320512 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32com.shell.shell.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00713216 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_hashlib.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 01175040 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._core_.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00805888 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._gdi_.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00811008 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._windows_.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 01062400 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._controls_.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00735232 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._misc_.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00128512 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_elementtree.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00127488 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\pyexpat.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00557056 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\pysqlite2._sqlite.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00087552 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_ctypes.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00119808 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32file.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00108544 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32security.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00007168 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\hashobjs_ext.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00167936 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32gui.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00018432 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32event.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00038912 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32inet.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00011264 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32crypt.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00070656 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._html2.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00027136 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\_multiprocessing.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00035840 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32process.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00686080 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\unicodedata.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00122368 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._wizard.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00024064 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32pipe.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00025600 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32pdh.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00525640 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\windows._lib_cacheinvalidation.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00010240 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\select.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00017408 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32profile.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00022528 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\win32ts.pyd 2015-02-13 18:50 - 2015-02-13 18:50 - 00078336 _____ () C:\Users\Samantha\AppData\Local\Temp\_MEI24482\wx._animate.pyd 2014-09-11 16:41 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2014-09-11 16:41 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2014-09-11 16:41 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll 2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll 2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdvancedSystemCareService7 => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Application Sendori => 2 MSCONFIG\Services: Application Updater => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: Fitbit Connect => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IMFservice => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: PMBDeviceInfoProvider => 2 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: Service Sendori => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: sndappv2 => 2 MSCONFIG\Services: Thpsrv => 2 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: TPCHSrv => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\startupreg: BackgroundContainer => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Samantha\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => MSCONFIG\startupreg: MyWebSearch Email Plugin => MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Accounts: ============================= Administrator (S-1-5-21-2245364889-2588088723-280986198-500 - Administrator - Disabled) Guest (S-1-5-21-2245364889-2588088723-280986198-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2245364889-2588088723-280986198-1003 - Limited - Enabled) Samantha (S-1-5-21-2245364889-2588088723-280986198-1001 - Administrator - Enabled) => C:\Users\Samantha ==================== Faulty Device Manager Devices ============= Name: Photosmart Premium C309g-m Description: Photosmart Premium C309g-m Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/14/2015 11:19:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 98c Start Time: 01d0486fc16ee09c Termination Time: 12 Application Path: C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: Error: (02/14/2015 10:56:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2384 Start Time: 01d0485d784fd79f Termination Time: 6923 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (02/14/2015 09:30:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 397c Start Time: 01d04862601fcde7 Termination Time: 11 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: e4404298-b455-11e4-bb77-88ae1d3dbffa Error: (02/13/2015 08:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 17ec Start Time: 01d047f3062f7197 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error: (02/13/2015 06:52:08 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: TSS Load: could not communicate with TMachInfo service Error: (02/13/2015 06:52:08 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Cannot start service TMachInfo on computer '.'. Error: (02/13/2015 06:09:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: TSS Load: could not communicate with TMachInfo service Error: (02/13/2015 06:09:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Cannot start service TMachInfo on computer '.'. Error: (02/13/2015 00:00:13 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: TSS Load: could not communicate with TMachInfo service Error: (02/13/2015 00:00:13 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Cannot start service TMachInfo on computer '.'. System errors: ============= Error: (02/14/2015 01:55:09 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (02/14/2015 09:29:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (02/13/2015 06:33:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.4767.0 Update Source: %NT AUTHORITY59 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/13/2015 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (02/13/2015 06:20:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (02/04/2014 01:19:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2014 01:19:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2014 01:19:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2014 01:19:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1032386 seconds with 240 seconds of active time. This session ended with a crash. Error: (04/29/2013 09:42:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 184 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/29/2013 09:39:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18095 seconds with 6720 seconds of active time. This session ended with a crash. Error: (01/16/2013 04:09:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 188907 seconds with 12780 seconds of active time. This session ended with a crash. Error: (11/14/2011 02:14:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1745088 seconds with 5580 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 350 @ 2.27GHz Percentage of memory in use: 40% Total physical RAM: 3890.67 MB Available physical RAM: 2313.16 MB Total Pagefile: 8760.1 MB Available Pagefile: 6515.23 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (TI105835W0G) (Fixed) (Total:453.83 GB) (Free:130.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1786ECE7) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=453.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.5 GB) - (Type=17) ==================== End Of Log ============================
  13. I also tried installing service pack 1 through windows update . it says it was successfully installed in the update history but when running update again it says it still needs to be installed. it has done this multiple times over the last several days. although i'm pretty certain it really was installed at one time.
  14. Hi nasdaq, Done as instructed. Computer doesn't seem to be any better. For instance when i click on the link you provided for updating windows It opened this page http://search.condui...&ctid=CT2790392 SearchScopes: HKU\S-1-5-21-2245364889-2588088723-280986198-1001 -> DefaultScope {A76EAD55-D568-4013-9D00-1B73EBBD655F} URL = http://websearch.ask...AA-B7B10F40DA5A SearchScopes: HKU\S-1-5-21-2245364889-2588088723-280986198-1001 -> {176F5BCE-E427-4695-B8AE-D7DC08D3A683} URL = http://search.fresh-...s={searchTerms} SearchScopes: HKU\S-1-5-21-2245364889-2588088723-280986198-1001 -> {A76EAD55-D568-4013-9D00-1B73EBBD655F} URL = http://search.condui...9761698418&UM=2 BHO: buuyAAndbRowse -> {5939014a-6e9e-4e9e-8bad-a067ce8a0458} -> C:\Program Files (x86)\buuyAAndbRowse\VTyW3FjIHh8xag.x64.dll () BHO: rockkEtdeal -> {6cd48659-75bc-4419-8512-35da7d509c68} -> C:\Program Files (x86)\rockkEtdeal\QjjEAvE4IU3X4I.x64.dll () BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {0974BA1E-64EC-11DE-B2A5-E43756D89593} -> No File BHO-x32: buuyAAndbRowse -> {5939014a-6e9e-4e9e-8bad-a067ce8a0458} -> C:\Program Files (x86)\buuyAAndbRowse\VTyW3FjIHh8xag.dll () BHO-x32: rockkEtdeal -> {6cd48659-75bc-4419-8512-35da7d509c68} -> C:\Program Files (x86)\rockkEtdeal\QjjEAvE4IU3X4I.dll () Toolbar: HKLM-x32 - No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2245364889-2588088723-280986198-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Extension: XULRunner - C:\Users\Samantha\AppData\Local\{DE568789-0166-41A4-9987-DF846C144550} [2011-03-13] FF HKU\S-1-5-21-2245364889-2588088723-280986198-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-02] CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKU\S-1-5-21-2245364889-2588088723-280986198-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] C:\ProgramData\fmcu.exe C:\ProgramData\njse.exe C:\ProgramData\olqd.exe C:\ProgramData\xlxm.exe C:\Users\Samantha\AppData\Local\Temp\0mt9mzdw.dll C:\Windows\SysWOW64\Sendori.dll C:\Program Files (x86)\buuyAAndbRowse C:\Program Files (x86)\rockkEtdeal End ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully. HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. "HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{176F5BCE-E427-4695-B8AE-D7DC08D3A683}" => Key deleted successfully. HKCR\CLSID\{176F5BCE-E427-4695-B8AE-D7DC08D3A683} => Key not found. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A76EAD55-D568-4013-9D00-1B73EBBD655F} => Key not found. HKCR\CLSID\{A76EAD55-D568-4013-9D00-1B73EBBD655F} => Key not found. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5939014a-6e9e-4e9e-8bad-a067ce8a0458}" => Key deleted successfully. "HKCR\CLSID\{5939014a-6e9e-4e9e-8bad-a067ce8a0458}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cd48659-75bc-4419-8512-35da7d509c68}" => Key deleted successfully. "HKCR\CLSID\{6cd48659-75bc-4419-8512-35da7d509c68}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593} => Key not found. HKCR\Wow6432Node\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5939014a-6e9e-4e9e-8bad-a067ce8a0458}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{5939014a-6e9e-4e9e-8bad-a067ce8a0458}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cd48659-75bc-4419-8512-35da7d509c68}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6cd48659-75bc-4419-8512-35da7d509c68}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} => Value not found. HKCR\Wow6432Node\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found. HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. C:\Users\Samantha\AppData\Local\{DE568789-0166-41A4-9987-DF846C144550} => Moved successfully. HKU\S-1-5-21-2245364889-2588088723-280986198-1001\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully. C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => Moved successfully. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. "HKU\S-1-5-21-2245364889-2588088723-280986198-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully. RimUsb => Service deleted successfully. C:\ProgramData\fmcu.exe => Moved successfully. C:\ProgramData\njse.exe => Moved successfully. C:\ProgramData\olqd.exe => Moved successfully. C:\ProgramData\xlxm.exe => Moved successfully. C:\Users\Samantha\AppData\Local\Temp\0mt9mzdw.dll => Moved successfully. C:\Windows\SysWOW64\Sendori.dll => Moved successfully. C:\Program Files (x86)\buuyAAndbRowse => Moved successfully. C:\Program Files (x86)\rockkEtdeal => Moved successfully. The system needed a reboot. ==== End of Fixlog 14:01:06 ====
  15. Good Morning nasdaq, I have run adwcleaner tool. I am ready to do the next step. when running Farbar do i scan first or just hit the fix button? Also how do I update the security check tool? Thanks, rle7