Sudden Massive Computer Slowdown

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
Hi there, haven't really had many problems with this computer until now. A few weeks ago, it slowed down markedly and is now difficult to use because it is so painfully slow. I think it's infected with something, but I've run AVG antivirus which we used to use and it hasn't helped. I then uninstalled AVG and installed a new antivirus suite but that doesn't seem to have helped either.

The slowdown affects all of the computer but it is worst when using Firefox.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3037 Mb
Graphics Card: Intel(R) G41 Express Chipset, 1294 Mb
Hard Drives: C: Total - 597989 MB, Free - 400825 MB; D: Total - 12387 MB, Free - 1723 MB;
Motherboard: PEGATRON CORPORATION, EVANS
Antivirus: 360 Total Security, Updated and Enabled

Would be grateful to anyone who can help. Thanks.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Hi Daskill,
If you still need help, please run the following to get started.
-----------------------------------------------
Please download MiniToolBox and run it.
Double click MiniToolBox.exe to launch the program.
Checkmark only the following boxes in the list:
  • Flush DNS
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go to start the scan.
When finished a log Result.txt will open.
Please post the contents of that log in your next reply.

askey127
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
MiniToolBox by Farbar Version: 05-03-2015
Ran by Old Inn (administrator) on 06-03-2015 at 13:23:01
Running from "C:\Users\Old Inn\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


=========================== Installed Programs ============================
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1124 - 360 Security Center)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 16.0.0.245 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG PC TuneUp 2015 (en-GB) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
BT Business Broadband Desktop Help (HKLM-x32\...\BT Business Broadband Desktop Help) (Version: - )
BTBusinessHub (HKLM-x32\...\BTBusinessHub) (Version: - British Telecommunications Plc.)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.33 - Piriform)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) Hidden
GoToMyPC (HKLM\...\{91E91FEC-9AF1-4F45-841A-78B7BF434F8F}) (Version: 8.2.1470 - Citrix Online)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3422 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
InTime Reports (HKLM-x32\...\{E848357D-2F47-465C-8723-4764D18D9B5E}) (Version: 1.0.0 - Excalibur Web Services Ltd)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 36.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
QuickBooks (x32 Version: 25.0.4004.2506 - Intuit Limited) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4003.2506 - Intuit Limited)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Search Protection (HKCU\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TotalTimePlus (HKLM-x32\...\{278C1880-5CA3-400B-849D-9A6A204E86D5}) (Version: 7.00.0000 - Excalibur Web Services Ltd)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Citrix Systems monblanking Citrix Driver (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 3037.24 MB
Available physical RAM: 1148.09 MB
Total Pagefile: 6072.67 MB
Available Pagefile: 2941.3 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.61 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:583.97 GB) (Free:382.49 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.1 GB) (Free:1.68 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.46 GB) FAT
7 Drive i: () (Removable) (Total:7.45 GB) (Free:7.31 GB) FAT32

========================= Users: ========================================

User accounts for \\OLDINN-PC

Administrator ASPNET Guest
Old Inn


**** End of log ****
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Hi Daskill,
Is this a company machine? Some stuff on there is not really for home users.
Your initial post showed a Pegatron motherboard, but the MiniToolbox suggests it is an HP machine. What's up?
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

360 Total Security
AVG PC TuneUp 2015
AVG Web TuneUp
Hardware Diagnostic Tools
McAfee Security Scan Plus
Java 7 Update 67
Search Protection

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Choose "Save As" and Save it to your desktop.
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.

-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

So we are looking for the two logs from FRST, and comments about the machine.
askey127
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
Apologies for taking so long to reply!

We use the computer for some of the tasks in running a small business, yes.

I'm not sure about the motherboard. The computer is definitely an HP machine.

FRST Report:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Old Inn (administrator) on OLDINN-PC on 12-03-2015 18:24:55
Running from C:\Users\Old Inn\Desktop
Loaded Profiles: Old Inn (Available profiles: Old Inn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\dlbkcoms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Spotify Ltd) C:\Users\Old Inn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Intuit Limited.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Intuit Limited.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Dropbox, Inc.) C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe [3451904 2011-11-09] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-09-29] (Intuit Inc. All rights reserved.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Run: [Spotify Web Helper] => C:\Users\Old Inn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\MountPoints2: {7ff16353-81d6-11e3-8c7b-e0cb4e3fddc6} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-05-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Old Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> DefaultScope {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> DefaultScope {CA3118D1-8F3E-4AF5-82A9-ED5928E4885D} URL = https://uk.search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {06EC8B39-9801-4564-B651-D3E0C0469F77} URL = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=a3IvWlsG9iOxqBmOVE-lVUc8KGc?q={searchTerms}
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {CA3118D1-8F3E-4AF5-82A9-ED5928E4885D} URL = https://uk.search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=0&v=6.103.18.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-11-07] (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: https://uk.search.yahoo.com/search?fr=sp_tr_ff&ei=utf-8&ilc=12&type=711278&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-11-09] (Motive, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-05-13] (Apple Inc.)
FF SearchPlugin: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins\avg-secure-search.xml [2014-09-18]
FF SearchPlugin: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins\yahoo_ff.xml [2015-01-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-06]
FF Extension: Adblock Plus - C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-05-12] (Google)
S3 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
S3 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-11-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-18] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 18:24 - 2015-03-12 19:24 - 00020462 _____ () C:\Users\Old Inn\Desktop\FRST.txt
2015-03-12 18:24 - 2015-03-12 19:23 - 00000000 ____D () C:\FRST
2015-03-12 18:24 - 2015-03-12 18:24 - 02095616 _____ (Farbar) C:\Users\Old Inn\Desktop\FRST64.exe
2015-03-12 17:32 - 2015-03-12 17:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-12 17:32 - 2015-03-12 17:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-12 17:31 - 2015-03-12 17:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-12 17:31 - 2015-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-12 17:30 - 2015-03-12 17:32 - 00000000 ____D () C:\947a1146ee9aefcbe7171907de
2015-03-12 17:30 - 2015-03-12 17:30 - 14160536 _____ (Microsoft Corporation) C:\Users\Old Inn\Desktop\mseinstall.exe
2015-03-12 17:25 - 2015-03-12 17:25 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-03-07 13:44 - 2015-03-07 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 13:23 - 2015-03-06 13:23 - 00020115 _____ () C:\Users\Old Inn\Desktop\Result.txt
2015-03-06 13:22 - 2015-03-06 13:22 - 00402432 _____ (Farbar) C:\Users\Old Inn\Desktop\MiniToolBox.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 19:00 - 2013-03-26 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 18:07 - 2009-12-27 18:25 - 01454100 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 17:39 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:39 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:33 - 2009-07-14 05:13 - 00792654 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 17:28 - 2012-07-17 13:25 - 00000000 ___RD () C:\Users\Old Inn\Dropbox
2015-03-12 17:28 - 2012-07-17 13:23 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Dropbox
2015-03-12 17:27 - 2012-11-13 10:50 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Skype
2015-03-12 17:25 - 2015-01-29 15:59 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-12 17:25 - 2015-01-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 17:25 - 2015-01-28 16:56 - 00000560 _____ () C:\Windows\setupact.log
2015-03-12 17:25 - 2012-09-03 16:44 - 00223812 _____ () C:\Windows\PFRO.log
2015-03-12 17:25 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 17:08 - 2009-12-05 07:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-03-12 16:10 - 2014-04-20 21:18 - 00000144 _____ () C:\Windows\ODBC.INI
2015-03-11 12:22 - 2012-07-17 13:25 - 00001028 _____ () C:\Users\Old Inn\Desktop\Dropbox.lnk
2015-03-11 12:22 - 2012-07-17 13:23 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-10 19:14 - 2011-05-12 09:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-10 18:13 - 2011-05-12 09:41 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\HpUpdate
2015-03-03 13:17 - 2010-07-12 12:32 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-11 11:23 - 2012-06-27 19:10 - 00000000 ____D () C:\Users\Old Inn\Documents\Bar
2015-02-10 15:05 - 2013-04-08 13:04 - 00000000 ____D () C:\Users\Old Inn\Desktop\Tips

==================== Files in the root of some directories =======

2011-05-19 17:10 - 2014-12-09 13:18 - 0020732 _____ () C:\Users\Old Inn\AppData\Roaming\wklnhst.dat
2011-02-02 17:35 - 2011-02-02 17:35 - 0000095 _____ () C:\Users\Old Inn\AppData\Local\fusioncache.dat

Files to move or delete:
====================
C:\Users\Old Inn\gosetup.exe


Some content of TEMP:
====================
C:\Users\Old Inn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppyja9r.dll
C:\Users\Old Inn\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Old Inn\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Old Inn\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Old Inn\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Old Inn\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Old Inn\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Old Inn\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 00:06

==================== End Of Log ============================
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Old Inn at 2015-03-12 19:25:12
Running from C:\Users\Old Inn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
BT Business Broadband Desktop Help (HKLM-x32\...\BT Business Broadband Desktop Help) (Version: - )
BTBusinessHub (HKLM-x32\...\BTBusinessHub) (Version: - British Telecommunications Plc.)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.33 - Piriform)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) Hidden
GoToMyPC (HKLM\...\{91E91FEC-9AF1-4F45-841A-78B7BF434F8F}) (Version: 8.2.1470 - Citrix Online)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
InTime Reports (HKLM-x32\...\{E848357D-2F47-465C-8723-4764D18D9B5E}) (Version: 1.0.0 - Excalibur Web Services Ltd)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
QuickBooks (x32 Version: 25.0.4004.2506 - Intuit Limited) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4003.2506 - Intuit Limited)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TotalTimePlus (HKLM-x32\...\{278C1880-5CA3-400B-849D-9A6A204E86D5}) (Version: 7.00.0000 - Excalibur Web Services Ltd)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Citrix Systems monblanking Citrix Driver (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-301408888-2026176037-2421391638-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-02-2015 05:31:45 Windows Update
25-02-2015 05:29:30 Windows Update
03-03-2015 09:25:40 Windows Update
09-03-2015 02:57:31 Windows Update
10-03-2015 18:10:45 HPSF Restore Point
12-03-2015 16:58:10 Removed AVG PC TuneUp 2015
12-03-2015 17:02:27 Removed AVG PC TuneUp 2015 (en-GB)
12-03-2015 17:08:44 Removed Java 7 Update 67
12-03-2015 17:38:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06D9E007-3F0D-4643-872A-F92C5898F69D} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1C725ADC-0A3C-4227-B548-EDB5A576C254} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {22A731CD-4917-4F36-BFE9-167BDF445050} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {53BFDACA-2ED5-4BC5-9917-2DE624FEC6AC} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {5EB91249-6CC9-4479-93C4-0C66E2582D0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-03-05] (Microsoft)
Task: {76D28854-EAF8-4EAE-8376-B0B7FBEA2510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7CEA30AA-4F2B-44D7-8A38-BA5F1EB970F0} - System32\Tasks\Hewlett-Packard\HP Assistant\HP Assistant Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {8A1537C4-933E-44F1-9105-B3329C35F98A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BC554A89-8D16-41C0-BF4C-F4CAA8999B5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-03-05] (Microsoft)
Task: {C0237E4C-17D8-496D-8CF5-B3753AAD8E0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C15B7C3D-60CC-4EBC-9631-91B900E89621} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {C1649EDE-DDAC-4172-BB4B-DE398543F92E} - System32\Tasks\{64969D8A-770E-44C5-A485-68C4C06C3FE1} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {CD4B192F-84C9-408C-9846-EBED4B8067E7} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-16 13:02 - 2007-02-28 07:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-18 17:01 - 2014-09-18 17:00 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2009-09-14 16:17 - 2009-09-14 16:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-18 17:00 - 2014-10-06 14:12 - 02662424 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-09-18 17:01 - 2014-09-18 17:00 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2014-11-08 00:01 - 2014-11-08 00:01 - 00025928 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\validationinterop.dll
2014-11-07 12:26 - 2014-11-07 12:26 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_regex-vc120-mt-1_55.dll
2014-11-08 00:00 - 2014-11-08 00:00 - 00031560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBCompressor.dll
2014-11-08 00:01 - 2014-11-08 00:01 - 00066376 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\zlib1.dll
2014-11-08 00:00 - 2014-11-08 00:00 - 00099144 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBMAPILibrary.dll
2014-11-07 23:58 - 2014-11-07 23:58 - 00245576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\boost_serialization-vc120-mt-1_55.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00655688 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FtuEngine.dll
2014-11-07 23:58 - 2014-11-07 23:58 - 00688968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\BackupLib.dll
2014-11-08 00:00 - 2014-11-08 00:00 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QBProActiveCore.dll
2014-09-29 15:28 - 2014-09-29 15:28 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\libcef.dll
2014-11-08 00:01 - 2014-11-08 00:01 - 00178504 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\UpgradeCenter.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00785736 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\FeaturesBridge.dll
2014-11-08 00:00 - 2014-11-08 00:00 - 00067400 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\mbpopup.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00024392 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\IPDWidgetBridge.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00109896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\IPDWidgetInterop.dll
2014-11-08 00:00 - 2014-11-08 00:00 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\QB2WPFBridge.dll
2014-11-08 00:01 - 2014-11-08 00:01 - 00070984 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\ReportBridge.dll
2014-11-08 00:01 - 2014-11-08 00:01 - 00047944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\Webification.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00149832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\htmlhelper.dll
2014-11-07 23:59 - 2014-11-07 23:59 - 00963912 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2015\HPD.DLL
2015-03-04 22:08 - 2015-03-04 22:08 - 00750080 _____ () C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 17:27 - 2015-03-12 17:27 - 00043008 _____ () c:\Users\Old Inn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppyja9r.dll
2015-03-04 22:08 - 2015-03-04 22:08 - 00047616 _____ () C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:08 - 2015-03-04 22:08 - 00865280 _____ () C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:07 - 2015-03-04 22:07 - 00200704 _____ () C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 19:08 - 2012-12-18 19:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Old Inn\Desktop\grants.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Old Inn\Desktop\grants.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Old Inn\Desktop\HSS Hire Receipt.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Old Inn\Desktop\HSS Hire Receipt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Old Inn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-301408888-2026176037-2421391638-500 - Administrator - Disabled)
ASPNET (S-1-5-21-301408888-2026176037-2421391638-1004 - Limited - Enabled)
Guest (S-1-5-21-301408888-2026176037-2421391638-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-301408888-2026176037-2421391638-1002 - Limited - Enabled)
Old Inn (S-1-5-21-301408888-2026176037-2421391638-1000 - Administrator - Enabled) => C:\Users\Old Inn

==================== Faulty Device Manager Devices =============

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 06:23:31 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (03/12/2015 06:23:31 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\The Old Inn and Waterfront Bunkhouse.QBW;ENG=QB_data_engine_25;DBN=d485e01cdc1c4bd1897519fde8de633e

Error: (03/12/2015 06:23:31 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
Connection Error:Invalid user ID or password

Error: (03/12/2015 05:08:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.

System Error:
The system cannot find the file specified.
.

Error: (03/12/2015 05:08:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary 360AvFlt mini-filter driver.

System Error:
The system cannot find the file specified.
.

Error: (03/12/2015 05:08:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.

System Error:
The system cannot find the file specified.
.

Error: (03/12/2015 05:07:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ScriptHelper.exe version 3.2.0.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4828

Start Time: 01d05ce6dbdfbe3e

Termination Time: 31

Application Path: C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\3.2.0\ScriptHelper.exe

Report Id: 3c33f1bd-c8da-11e4-871f-e0cb4e3fddc6

Error: (03/12/2015 05:06:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ScriptHelper.exe version 3.2.0.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 32ec

Start Time: 01d05ce6b7b6e40a

Termination Time: 0

Application Path: C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\3.2.0\ScriptHelper.exe

Report Id: 0940e436-c8da-11e4-871f-e0cb4e3fddc6

Error: (03/12/2015 05:05:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 36.0.1.5542 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e8c

Start Time: 01d05ce6512732ec

Termination Time: 4914

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: e1633efe-c8d9-11e4-871f-e0cb4e3fddc6

Error: (03/12/2015 05:02:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (03/12/2015 00:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/28/2013 07:38:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3037.24 MB
Available physical RAM: 1834.7 MB
Total Pagefile: 6072.67 MB
Available Pagefile: 3867.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:583.97 GB) (Free:382.03 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.1 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.46 GB) FAT
Drive i: () (Removable) (Total:7.45 GB) (Free:7.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 956 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Let me know if you need anything else!
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Daskill,
Do you use Easybits? It's frequently installed without permission from Skype.
For that matter,do you use Skype?

I would suggest you choose something other than Yahoo for searches/home page, etc.
Google, Bing, Startpage are OK.
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

-------------------------------------------------------------
AdwCleaner Download and Run

Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here.


If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.

So we will be looking for the Fix log from FRST64, and the log from AdwCleaner.
askey127
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
I don't use Easybits. I don't know what it is. I do use Skype occasionally, although it seems to have started starting up at computer start-up and there doesn't seem to be an easy way to stop it doing this.

I don't usually use Yahoo.

Here's the FRST fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Old Inn at 2015-03-16 14:38:52 Run:1
Running from C:\Users\Old Inn\Desktop
Loaded Profiles: Old Inn (Available profiles: Old Inn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
URLSearchHook: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM-x32 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> DefaultScope {CA3118D1-8F3E-4AF5-82A9-ED5928E4885D} URL = https://uk.search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {CA3118D1-8F3E-4AF5-82A9-ED5928E4885D} URL = https://uk.search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=0&v=6.103.18.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://uk.search.yahoo.com/search?f...type=711278&p=
FF SearchPlugin: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins \avg-secure-search.xml [2014-09-18]
FF SearchPlugin: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins \yahoo_ff.xml [2015-01-30]
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-18] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
2015-03-12 17:25 - 2015-03-12 17:25 - 00000000 ____D () C:\ProgramData\AVG Secure Search
C:\Users\Old Inn\AppData\Local\Temp\SearchProtectionSetup.exe
Task: {CD4B192F-84C9-408C-9846-EBED4B8067E7} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: {22A731CD-4917-4F36-BFE9-167BDF445050} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Cmd: ipconfig /flushdns
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-301408888-2026176037-2421391638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA3118D1-8F3E-4AF5-82A9-ED5928E4885D}" => Key deleted successfully.
HKCR\CLSID\{CA3118D1-8F3E-4AF5-82A9-ED5928E4885D} => Key not found.
"HKU\S-1-5-21-301408888-2026176037-2421391638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins \avg-secure-search.xml" => not found.
"C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins \yahoo_ff.xml" => not found.
vToolbarUpdater3.2.0 => Service stopped successfully.
vToolbarUpdater3.2.0 => Service deleted successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
C:\ProgramData\AVG Secure Search => Moved successfully.
C:\Users\Old Inn\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4B192F-84C9-408C-9846-EBED4B8067E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4B192F-84C9-408C-9846-EBED4B8067E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDRScheduledMaintenance => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22A731CD-4917-4F36-BFE9-167BDF445050}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A731CD-4917-4F36-BFE9-167BDF445050}" => Key deleted successfully.
C:\Windows\System32\Tasks\Java(TM) Platform SE Auto Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java(TM) Platform SE Auto Updater" => Key deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 8.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:41:42 ====
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
Here's the AdwCleaner log:

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 15:02:41
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Old Inn - OLDINN-PC
# Running from : C:\Users\Old Inn\Desktop\Security Programs\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Old Inn\AppData\LocalLow\AVG Security Toolbar
File Deleted : C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\searchplugins\yahoo_ff.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v36.0.1 (x86 en-GB)


*************************

AdwCleaner[R0].txt - [1875 bytes] - [16/03/2015 14:58:24]
AdwCleaner[S0].txt - [1724 bytes] - [16/03/2015 15:02:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1783 bytes] ##########
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
daskill,
That went fine.
Now that we got rid of some of it, let's look for, and then remove, any more slowdown hogs that don't belong.
-----------------------------------------------------------
Run a New Scan With the Farbar Scan Tool
  • Double click FRST64.exe on your desktop to launch it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents in your next reply.
(You don't need to use the Quote tag if you don't want to).

askey127
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
Here's a copy of the new FRST report. Would you prefer I didn't use the tags?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Old Inn (administrator) on OLDINN-PC on 17-03-2015 15:02:06
Running from C:\Users\Old Inn\Desktop\Security Programs
Loaded Profiles: Old Inn (Available profiles: Old Inn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\dlbkcoms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Old Inn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Intuit Limited.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Dropbox, Inc.) C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe [3451904 2011-11-09] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-09-29] (Intuit Inc. All rights reserved.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Run: [Spotify Web Helper] => C:\Users\Old Inn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\...\MountPoints2: {7ff16353-81d6-11e3-8c7b-e0cb4e3fddc6} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-05-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Old Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Old Inn\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
HKU\S-1-5-21-301408888-2026176037-2421391638-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {06EC8B39-9801-4564-B651-D3E0C0469F77} URL = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-301408888-2026176037-2421391638-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-11-07] (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-11-09] (Motive, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-05-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-05-13] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Old Inn\AppData\Roaming\Mozilla\Firefox\Profiles\sukw0czc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-05-12] (Google)
S3 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
S3 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-11-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 15:27 - 2015-02-04 03:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-16 15:27 - 2015-02-04 02:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-16 14:58 - 2015-03-16 15:02 - 00000000 ____D () C:\AdwCleaner
2015-03-12 18:24 - 2015-03-17 15:05 - 00000000 ____D () C:\FRST
2015-03-12 17:32 - 2015-03-12 17:32 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-12 17:32 - 2015-03-12 17:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-12 17:31 - 2015-03-12 17:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-12 17:31 - 2015-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-07 13:44 - 2015-03-07 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 13:23 - 2015-03-06 13:23 - 00020115 _____ () C:\Users\Old Inn\Desktop\Result.txt
2015-03-06 13:22 - 2015-03-06 13:22 - 00402432 _____ (Farbar) C:\Users\Old Inn\Desktop\MiniToolBox.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 15:02 - 2015-01-30 17:59 - 00120744 _____ () C:\Users\Old Inn\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 15:00 - 2013-03-26 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 14:15 - 2009-12-27 18:25 - 01746131 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 16:59 - 2011-05-24 14:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 16:20 - 2015-01-15 12:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-16 16:20 - 2012-11-13 10:50 - 00000000 ____D () C:\ProgramData\Skype
2015-03-16 16:09 - 2010-06-10 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-03-16 16:09 - 2010-06-10 15:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-03-16 16:04 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-16 16:03 - 2014-01-20 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-16 15:12 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 15:12 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 15:10 - 2009-07-14 05:13 - 00792654 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 15:06 - 2012-11-13 10:50 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Skype
2015-03-16 15:05 - 2012-07-17 13:25 - 00000000 ___RD () C:\Users\Old Inn\Dropbox
2015-03-16 15:05 - 2012-07-17 13:23 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Dropbox
2015-03-16 15:04 - 2015-01-28 16:56 - 00000672 _____ () C:\Windows\setupact.log
2015-03-16 15:04 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 14:52 - 2010-07-12 12:35 - 00000000 ____D () C:\Users\Old Inn\AppData\Local\Adobe
2015-03-16 14:51 - 2013-03-26 10:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-16 14:51 - 2013-03-26 10:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-16 14:51 - 2011-05-15 11:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 15:42 - 2011-05-12 09:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-13 15:42 - 2011-05-12 09:41 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\HpUpdate
2015-03-12 17:25 - 2015-01-29 15:59 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-12 17:25 - 2015-01-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 17:25 - 2012-09-03 16:44 - 00223812 _____ () C:\Windows\PFRO.log
2015-03-12 17:08 - 2009-12-05 07:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-03-12 16:10 - 2014-04-20 21:18 - 00000144 _____ () C:\Windows\ODBC.INI
2015-03-11 12:22 - 2012-07-17 13:25 - 00001028 _____ () C:\Users\Old Inn\Desktop\Dropbox.lnk
2015-03-11 12:22 - 2012-07-17 13:23 - 00000000 ____D () C:\Users\Old Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-03 13:17 - 2010-07-12 12:32 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-26 21:14 - 2011-05-15 10:55 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-05-19 17:10 - 2014-12-09 13:18 - 0020732 _____ () C:\Users\Old Inn\AppData\Roaming\wklnhst.dat
2011-02-02 17:35 - 2011-02-02 17:35 - 0000095 _____ () C:\Users\Old Inn\AppData\Local\fusioncache.dat

Files to move or delete:
====================
C:\Users\Old Inn\gosetup.exe


Some content of TEMP:
====================
C:\Users\Old Inn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnt0h_3.dll
C:\Users\Old Inn\AppData\Local\Temp\Quarantine.exe
C:\Users\Old Inn\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 00:40

==================== End Of Log ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Daskill,
The tags are OK, just not necessary.
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
-------------------------------------------------------------
Download MyDefrag from here and Install it : http://www.mydefrag.com/
(The download button is on the left).
After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
(Click System Disk Monthly and then check C: drive, click Run)
Wait for it. Go for lunch. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
It will finish quite a bit faster in the ensuing runs.

Tell me how it's running.
askey127
 

Daskill

Thread Starter
Joined
Oct 17, 2007
Messages
295
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Old Inn at 2015-03-19 13:40:50 Run:2
Running from C:\Users\Old Inn\Desktop\Security Programs
Loaded Profiles: Old Inn (Available profiles: Old Inn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
EmptyTemp:
Cmd: ipconfig /flushdns

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Magic Desktop for HP notification => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 641.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:42:52 ====
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top