Vista

Started by Ghost, August 04, 2016, 01:19:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

Ghost

August 04, 2016, 01:19:34 AM
A friend of my wifes asked if i would look at her pc because it wouldnt boot up.
I ran adwcleaner but no log file.
Ran, Security Analtsis, JRT and Farbar Recovery Scan Tool.
Here are the logs and they are not in order;-(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows (TM) Vista Home Premium x64
Ran by Owner (Limited) on Wed 08/03/2016 at 19:19:50.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GO09YNZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8153FQC9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRQG5ZUI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GO09YNZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8153FQC9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRQG5ZUI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)



Registry: 13

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A3704FA3-DBF6-46B5-B95E-0677DFD39577} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A053CDEE-6027-4DCF-A778-C8C5B71E7E1D} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C690EADE-4EED-4AE6-B614-B533FB2F4FFA} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbea8524-8c72-4208-9d12-7fb73e9926eb} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbea8524-8c72-4208-9d12-7fb73e9926eb} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A3704FA3-DBF6-46B5-B95E-0677DFD39577} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/03/2016 at 19:21:09.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Owner (2016-08-03 20:56:32)
Running from C:\Users\Owner\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) (2008-12-05 09:23:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3862196275-3360126361-1193061951-500 - Administrator - Disabled)
Guest (S-1-5-21-3862196275-3360126361-1193061951-501 - Limited - Disabled)
Owner (S-1-5-21-3862196275-3360126361-1193061951-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 2.2.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
AOL Email Toolbar (HKLM-x32\...\AOL Email Toolbar) (Version:  - )
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{318AD65D-4A2D-108F-CC1A-F57F5CD3A0D5}) (Version: 3.0.694.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.6.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM-x32\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2008.0910.2138.36940 - ATI) Hidden
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_ProductContext (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
GPBaseService (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
MarketResearch (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKLM-x32\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.59 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.18 - AMD)
RAIDXpert (x32 Version: 2.4.1540.18 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5772 - Realtek Semiconductor Corp.)
Scan (x32 Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (x32 Version: 2008.0910.2138.36940 - ATI) Hidden
SmartWebPrinting (x32 Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3DA60542-D076-498B-98D7-D0AC71542579} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8A829B31-0746-4D0A-A93B-82816E088883} - \avabvexvac -> No File <==== ATTENTION
Task: {8CF249C1-9A2D-4DE1-86DF-82EFE2B9E0FF} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {D729C804-77CD-48CE-95A5-B8D7115D532C} - System32\Tasks\PersonalAV => C:\Program Files (x86)\PersonalAV\pav.exe
Task: {E3D8643F-73AB-4F44-9E4E-3239CEDC70FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {E833A8D5-03F0-4F3E-8099-B60903B65ADC} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PersonalAV.job => C:\Program Files (x86)\PersonalAV\pav.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{269615AB-C287-4A5D-9E1D-E8162D640571}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-11-13 04:19 - 2008-09-10 18:18 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-09-04 08:14 - 2008-09-04 08:14 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2008-11-13 04:20 - 2008-11-13 04:20 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2007-07-18 14:42 - 2007-07-18 14:42 - 00020480 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-09-24 08:39 - 2008-09-24 08:39 - 00118784 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2008-09-24 08:40 - 2008-09-24 08:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2008-09-04 08:14 - 2008-09-04 08:14 - 00049152 _____ () C:\Windows\SysWOW64\BeepApp.exe
2008-10-17 20:57 - 2008-10-17 20:57 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\Alaska '13\2013-09-04 Alaska 2013\Alaska 2013 133.JPG
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpsysdrv => c:\hp\support\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{99AD7928-4634-49E8-B3C8-3F3AD32C38A5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C6F3FCE8-E500-4B70-A5DA-ED4CEB166224}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{57971AB5-2CAA-4E43-B3E1-132E2C90CC8F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{E7ADB57E-75AC-4A86-A953-F540F66A3958}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{E49A4C17-CC4B-43B4-B0F2-0699334EEB4D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{38C8B491-2341-4D98-892A-BE6A8A3C16C0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{12D859A4-34B3-47D3-A9CE-180F4193E9E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F0DF9C78-4A78-4549-8909-7E972F8A9558}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{370A7E88-DE54-46DD-9F75-DF8D5BAFDC13}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{A754636A-7629-41A4-A670-0CA075CE36A0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E873FB94-F6DC-448E-98E8-8057F49A85BD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F151234B-5127-4F25-8D86-C024BEC475B6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{C633C786-32B8-4A2B-AF14-CDBA81EBDF89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{010CBDAC-811B-48AF-997C-02CD7B97B3B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{89E11236-4E69-4CEF-8BFB-1AB0B5767079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{670DA672-65E7-415A-A530-4066FF95CD70}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D6E201E4-F708-41B6-9E3C-BA75C8192A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{52F43E63-D9C8-437A-904B-79358BDB4224}] => (Allow) C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{DAEF6620-D587-4959-91F3-F328FAB1EA34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E4DC8163-6A98-487E-92F6-239B3EFBB78C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{CAA6E903-AE4B-42A6-A364-A923CAB8956D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{33410ADA-3238-4B1C-9C73-2DD8E7710272}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{68E3028F-EDBD-439B-9057-6ACE3964A4AB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{09A12BDB-01EB-4A4B-8D04-0FC438BE7FC1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{92870828-0ABE-4AE4-A080-938127BBECE5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B0AD56AA-75F7-467E-B5D8-C11032510128}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{79BCE14B-3DF3-4A5A-A203-6FC8846B95DE}] => (Allow) LPort=80
FirewallRules: [{FDBE602C-477E-4956-B382-D75FA06D6323}] => (Allow) LPort=80
FirewallRules: [{342791A8-2B94-47A9-BA5D-2B87EFCF23F4}] => (Allow) LPort=80
FirewallRules: [{FE989C99-1BB1-44B6-9EE5-8ED817EA80DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7B49D89-A571-434E-9A26-15FFBE365EC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37FE3ADF-0123-4F42-93F0-971CCDF68CD0}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6DBDB4C3-DC54-4CF9-B15E-5A1251CDA5AD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{E99BCF72-BC5E-48DC-AF52-2F960C5F6F3D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8A344B9-75CE-463A-BFC7-4E0E66513A96}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D864D4D2-4B6E-435D-B390-33E079693C5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4007AA50-F735-4A7B-A50F-EFC1A0FFF0E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C840E665-0AF8-4CBD-8209-5E01506A2185}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{107769B7-6B5A-480D-BB17-AE13FDDEA924}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90C58129-C2A1-4A06-B517-32BC61ACE79E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{51A79372-F6CC-43FD-9909-B688FAE5445F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe

==================== Restore Points =========================

20-07-2016 00:17:47 Scheduled Checkpoint
20-07-2016 03:00:11 Windows Update
21-07-2016 00:26:00 Scheduled Checkpoint
21-07-2016 03:00:11 Windows Update
22-07-2016 00:51:27 Windows Update
22-07-2016 03:00:11 Windows Update
23-07-2016 00:00:01 Scheduled Checkpoint
23-07-2016 03:00:10 Windows Update
24-07-2016 00:13:08 Scheduled Checkpoint
24-07-2016 03:00:10 Windows Update
25-07-2016 00:18:33 Scheduled Checkpoint
25-07-2016 03:00:25 Windows Update
26-07-2016 01:47:31 Scheduled Checkpoint
26-07-2016 01:50:21 Windows Update
26-07-2016 03:00:10 Windows Update
27-07-2016 00:50:43 Scheduled Checkpoint
27-07-2016 03:00:11 Windows Update
28-07-2016 03:00:10 Windows Update
29-07-2016 00:33:57 Scheduled Checkpoint
29-07-2016 01:50:23 Windows Update
29-07-2016 03:00:10 Windows Update
30-07-2016 00:00:01 Scheduled Checkpoint
30-07-2016 03:00:10 Windows Update
31-07-2016 00:15:06 Scheduled Checkpoint
31-07-2016 03:00:10 Windows Update
01-08-2016 03:00:10 Windows Update
01-08-2016 21:43:23 Scheduled Checkpoint
02-08-2016 01:23:42 Windows Update
02-08-2016 03:00:10 Windows Update
03-08-2016 00:00:00 Scheduled Checkpoint
03-08-2016 03:00:11 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2016 08:37:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2016 08:35:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 08:30:35 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/03/2016 08:19:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2016 08:17:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 08:10:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2016 08:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 08:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 08:01:04 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/03/2016 07:19:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\Owner\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Descripton = JRT Pre-Junkware Removal; Hr = 0x8007043c).


System errors:
=============
Error: (08/03/2016 08:57:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:57:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:57:00 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:56:50 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:55:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:55:02 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:54:43 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:54:28 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/03/2016 08:37:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (08/03/2016 08:37:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service


CodeIntegrity:
===================================
  Date: 2016-08-03 20:56:05.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:05.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:05.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:05.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:04.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:04.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:04.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:56:04.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-23 08:21:43.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-23 08:21:43.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom(tm) 9650 Quad-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 7927.2 MB
Available physical RAM: 5794.51 MB
Total Virtual: 15916.96 MB
Available Virtual: 13631.71 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:685.08 GB) (Free:517.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.41 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (TDrive) (Removable) (Total:3.82 GB) (Free:1.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=685.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 0003A17E)
Partition 1: (Active) - (Size=3.8 GB) - (Type=83)

==================== End of Addition.txt ============================

Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July 2016
Running from:C:\Users\Owner\Desktop (20:53:46 - 08/03/2016)
***---------------------------------------------------------***
Microsoft® Windows Vistaâ,,¢ Home Premium X64 Service Pack 1 *Service Pack is out of Date*UAC is Enabled!
Internet Explorer  Internet Explorer is out of Date!
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
Avira Antivirus (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java is not installed
CCleaner -- An older version than (5.20) is installed.
Microsoft Silverlight (version 5)
Mozilla Firefox (version 47)
CCleaner (remove only) (version ) is *out of Date*
Mozilla Firefox 45.0.1 (x86 en-US) (version 45.0.1) is *out of Date*

***----------------Analysis Complete-------------------------***

Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July 2016
Running from:C:\Users\Owner\Desktop (20:53:46 - 08/03/2016)
***---------------------------------------------------------***
Microsoft® Windows Vistaâ,,¢ Home Premium X64 Service Pack 1 *Service Pack is out of Date*UAC is Enabled!
Internet Explorer  Internet Explorer is out of Date!
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
Avira Antivirus (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java is not installed
CCleaner -- An older version than (5.20) is installed.
Microsoft Silverlight (version 5)
Mozilla Firefox (version 47)
CCleaner (remove only) (version ) is *out of Date*
Mozilla Firefox 45.0.1 (x86 en-US) (version 45.0.1) is *out of Date*

***----------------Analysis Complete-------------------------***

Corrine

#1
August 04, 2016, 01:47:29 PM
Hi, Ghost.

First, some comments and additional instructions:

  • Without the AdwCleaner log, I may be including items shown in FRST that were already removed but will include in the script "just in case".
  • The FRST log shows two versions of Firefox installed.  Please uninstall the older version, Mozilla Firefox 45.0.1.
  • Curiously, the "Security Analysis" log shows "Java is not installed", yet the FRST log shows Java(TM) 6 Update 7 as installed.  Please uninstall Java. 
  • Numerous items are in MSCONFIG, including Java scheduled update.  Please re-enable the disabled items. (For instructions on Windows Vista, see How to use MSCONFIG in Windows Vista: NetSquirrel.com reversing the disabled items by UNchecking each item that has been disabled and clicking "Enable" and restart the computer ).
Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code Select

start
CreateRestorePoint:
CloseProcesses:
CouponBar (HKLM-x32\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Task: {8A829B31-0746-4D0A-A93B-82816E088883} - \avabvexvac -> No File <==== ATTENTION
Task: {8CF249C1-9A2D-4DE1-86DF-82EFE2B9E0FF} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#2
August 04, 2016, 05:16:12 PM
Hi Corrine,
I have enabled all that was unchecked in msconfig.
I uninstalled the old version of Firefox and Java.
From the beginning i have been getting a warning about AMD Raidexpert that it is timing out. Do you want me to post the text in the warning here or post it in Computer Problems, Questions and Solutions?
FRST log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Owner (2016-08-04 12:56:08) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CouponBar (HKLM-x32\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Task: {8A829B31-0746-4D0A-A93B-82816E088883} - \avabvexvac -> No File <==== ATTENTION
Task: {8CF249C1-9A2D-4DE1-86DF-82EFE2B9E0FF} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
CouponBar (HKLM-x32\...\TTB000001.TTB000001Toolbar) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A829B31-0746-4D0A-A93B-82816E088883}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A829B31-0746-4D0A-A93B-82816E088883}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvexvac" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CF249C1-9A2D-4DE1-86DF-82EFE2B9E0FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CF249C1-9A2D-4DE1-86DF-82EFE2B9E0FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key removed successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3672707653 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 15537 B
Edge => 0 B
Chrome => 287004 B
Firefox => 15460093 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 129197 B
systemprofile32 => 230901 B
LocalService => 692 B
LocalService => 0 B
NetworkService => 1936158 B
NetworkService => 0 B
Owner => 1180739 B

RecycleBin => 657272 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:57:33 ====

Thanks.

Corrine

#3
August 04, 2016, 06:47:05 PM
Yes, go ahead and post the text about AMD Raidexpert timing out. If I don't see something, a separate topic can always be created.

In the meantime, please see if you can uninstall the following:

Coupon Printer for Windows
CouponBar
CouponPrinterPlugin

After that, please run both AdwCleaner and JRT again, posting both logs.  Following a shutdown/restart, please also post fresh FRST logs, being sure to check the box next to Addition.txt under the "Optional Scan" section


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

#4
August 04, 2016, 06:56:51 PM
In addition to posting the contents of the RAIDXpert warning, do you notice any pattern of disk timeouts with the panel open?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Ghost

#5
August 04, 2016, 09:36:45 PM
Hi Corrine and winchester73,
Amd RaidExpert text:
AMD RAIDEXPERT task20 timeout on disk (port1 target id1) at lba 0x03eff (length 0x7
Thats all to the text and nothing else on the windows panel.
I uninstalled: Coupon Printer for Windows, CouponBar and CouponPrinterPlugin.
# AdwCleaner v5.201 - Logfile created 04/08/2016 at 16:47:52
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-04.3 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [31689 bytes] - [03/08/2016 19:14:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [31912 bytes] - [03/08/2016 19:12:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [798 bytes] - [04/08/2016 16:47:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [870 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows (TM) Vista Home Premium x64
Ran by Owner (Administrator) on Thu 08/04/2016 at 16:51:43.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/04/2016 at 16:53:25.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Owner (administrator) on OWNER-PC (04-08-2016 17:15:32)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\SysWOW64\BeepApp.exe
(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [MSDRV] => NetFilter.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831064 2016-07-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-04-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-02-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2008-11-13]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{4C6875B5-B67C-40AF-A67B-764DA640E3AC}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
URLSearchHook: HKLM-x32 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKLM-x32 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A053CDEE-6027-4DCF-A778-C8C5B71E7E1D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A053CDEE-6027-4DCF-A778-C8C5B71E7E1D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s577im92.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-04] (Logitech Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-02-04] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3862196275-3360126361-1193061951-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-01-26] ( )
FF Plugin HKU\S-1-5-21-3862196275-3360126361-1193061951-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-02-26] ( )
FF Plugin HKU\S-1-5-21-3862196275-3360126361-1193061951-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3862196275-3360126361-1193061951-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-02-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin => not found
FF HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2008-09-04] (AMD) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [970632 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1251840 2016-07-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [934176 2011-06-07] (Apple Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [70144 2008-02-28] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88576 2008-02-28] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S1 ahxmuxla; \??\C:\Windows\system32\drivers\ahxmuxla.sys [X]
S1 euigqdbe; \??\C:\Windows\system32\drivers\euigqdbe.sys [X]
S1 gfdbwrmk; \??\C:\Windows\system32\drivers\gfdbwrmk.sys [X]
S1 gmnisfov; \??\C:\Windows\system32\drivers\gmnisfov.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jariggak; \??\C:\Windows\system32\drivers\jariggak.sys [X]
S1 kncvwufq; \??\C:\Windows\system32\drivers\kncvwufq.sys [X]
S1 mukofezi; \??\C:\Windows\system32\drivers\mukofezi.sys [X]
S1 nacniwqm; \??\C:\Windows\system32\drivers\nacniwqm.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S1 svbxzmik; \??\C:\Windows\system32\drivers\svbxzmik.sys [X]
S1 vermzvkd; \??\C:\Windows\system32\drivers\vermzvkd.sys [X]
S1 xxzqhjnz; \??\C:\Windows\system32\drivers\xxzqhjnz.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 16:50 - 2016-08-04 16:50 - 00000948 _____ C:\Users\Owner\Desktop\AdwCleaner[S2].txt
2016-08-04 13:42 - 2016-08-04 13:42 - 00000083 _____ C:\Users\Owner\Pictures\Charleston,SC 4-06\Raid.txt
2016-08-04 13:42 - 2016-08-04 13:42 - 00000083 _____ C:\Users\Owner\Desktop\Raid.txt
2016-08-04 12:56 - 2016-08-04 12:57 - 00002916 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-08-04 12:16 - 2016-08-04 12:16 - 00001061 _____ C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2016-08-04 12:16 - 2016-08-04 12:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-04 12:16 - 2016-08-04 12:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-08-03 22:12 - 2016-08-03 22:12 - 00032832 _____ C:\Windows\SysWOW64\rnd_chunk.bin
2016-08-03 20:56 - 2016-08-03 21:00 - 00037190 _____ C:\Users\Owner\Desktop\Addition.txt
2016-08-03 20:54 - 2016-08-04 17:16 - 00021188 _____ C:\Users\Owner\Desktop\FRST.txt
2016-08-03 20:54 - 2016-08-04 17:15 - 00000000 ____D C:\FRST
2016-08-03 20:53 - 2016-08-03 21:39 - 00001082 _____ C:\Users\Owner\Desktop\SALog.txt
2016-08-03 20:52 - 2016-08-03 20:50 - 02393600 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-08-03 20:52 - 2016-08-03 20:47 - 00898560 _____ C:\Users\Owner\Desktop\RGSA.exe
2016-08-03 20:27 - 2016-08-03 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-03 19:21 - 2016-08-04 16:53 - 00000571 _____ C:\Users\Owner\Desktop\JRT.txt
2016-08-03 19:17 - 2016-08-03 20:01 - 00100046 _____ C:\Windows\ntbtlog.txt
2016-08-03 19:12 - 2016-08-04 16:47 - 00000000 ____D C:\AdwCleaner
2016-08-03 19:08 - 2016-08-03 19:08 - 00001686 _____ C:\Users\Owner\Desktop\CCleaner.lnk
2016-08-03 19:08 - 2016-08-03 19:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-03 19:08 - 2016-08-03 19:08 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-08-03 19:08 - 2016-08-02 21:26 - 03712064 _____ C:\Users\Owner\Desktop\adwcleaner.exe
2016-08-03 19:08 - 2016-08-02 21:25 - 01610560 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-08-03 19:07 - 2009-10-10 11:00 - 00271872 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2016-08-03 19:07 - 2007-04-24 12:19 - 00050688 _____ (Atribune.org) C:\Users\Owner\Desktop\ATF-Cleaner.exe
2016-07-19 19:28 - 2016-07-19 19:28 - 00000000 ____D C:\Users\Owner\Desktop\Old Firefox Data

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 17:17 - 2009-06-15 21:23 - 00000434 ____H C:\Windows\Tasks\User_Feed_Synchronization-{269615AB-C287-4A5D-9E1D-E8162D640571}.job
2016-08-04 17:07 - 2008-09-19 07:55 - 00014466 _____ C:\Windows\SysWOW64\NapaSet.txt
2016-08-04 17:05 - 2009-07-22 22:29 - 00000238 _____ C:\Windows\Tasks\PersonalAV.job
2016-08-04 17:05 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-04 17:05 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-04 17:04 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-04 16:54 - 2006-11-02 11:42 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-04 16:38 - 2012-06-07 18:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-04 12:39 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-08-04 12:39 - 2006-11-02 08:46 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-04 12:38 - 2016-04-12 21:07 - 00000680 _____ C:\Users\Owner\AppData\Local\d3d9caps.dat
2016-08-04 12:25 - 2009-02-06 09:21 - 00000000 ____D C:\Windows\pss
2016-08-03 20:32 - 2012-05-03 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-03 19:16 - 2010-07-17 10:49 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Yahoo!
2016-08-03 19:16 - 2009-02-15 00:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yahoo!
2016-08-03 19:16 - 2009-02-15 00:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-03 19:10 - 2013-05-29 17:19 - 00000000 ____D C:\Windows\Minidump
2016-08-03 19:10 - 2009-02-07 19:12 - 00000000 ____D C:\Users\Owner\AppData\Temp
2016-07-26 14:24 - 2009-10-03 01:34 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 12:36 - 2013-03-03 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-26 12:34 - 2013-03-31 10:00 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-26 12:34 - 2013-03-31 10:00 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-25 09:39 - 2015-09-06 23:02 - 00000959 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-25 09:39 - 2014-08-05 18:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-17 23:32 - 2009-02-06 08:30 - 00000000 ____D C:\Users\Owner
2016-07-15 05:39 - 2012-06-07 18:48 - 00003684 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 05:39 - 2012-06-07 18:46 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 05:39 - 2011-07-29 22:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 03:09 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 03:02 - 2006-11-02 08:35 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-07-13 02:38 - 2011-11-27 15:14 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 02:38 - 2008-11-13 04:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2009-02-08 11:37 - 2009-05-21 22:26 - 0031049 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2009-02-21 16:43 - 2013-12-12 20:39 - 0001288 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2016-04-12 21:07 - 2016-08-04 12:38 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-02-08 11:42 - 2012-03-23 08:07 - 0011264 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-23 23:14 - 2009-07-23 23:15 - 0417236 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI04E7.txt
2011-08-06 19:24 - 2011-08-06 19:24 - 0369372 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI67BF.txt
2009-07-23 23:14 - 2009-07-23 23:15 - 0011430 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI04E7.txt
2011-08-06 19:24 - 2011-08-06 19:24 - 0039828 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI67BF.txt
2014-07-06 12:56 - 2014-07-06 12:56 - 0469099 _____ () C:\Users\Owner\AppData\Local\tmpSCAN0006.JPG
2009-02-07 18:21 - 2010-12-26 10:10 - 0001556 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-04 17:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Owner (2016-08-04 17:17:09)
Running from C:\Users\Owner\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) (2008-12-05 09:23:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3862196275-3360126361-1193061951-500 - Administrator - Disabled)
Guest (S-1-5-21-3862196275-3360126361-1193061951-501 - Limited - Disabled)
Owner (S-1-5-21-3862196275-3360126361-1193061951-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 2.2.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
AOL Email Toolbar (HKLM-x32\...\AOL Email Toolbar) (Version:  - )
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{318AD65D-4A2D-108F-CC1A-F57F5CD3A0D5}) (Version: 3.0.694.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.6.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM-x32\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2008.0910.2138.36940 - ATI) Hidden
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_ProductContext (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (x32 Version: 110.0.206.000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version:  - )
GPBaseService (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
MarketResearch (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKLM-x32\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.59 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.18 - AMD)
RAIDXpert (x32 Version: 2.4.1540.18 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5772 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 11.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skins (x32 Version: 2008.0910.2138.36940 - ATI) Hidden
SmartWebPrinting (x32 Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3DA60542-D076-498B-98D7-D0AC71542579} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D729C804-77CD-48CE-95A5-B8D7115D532C} - System32\Tasks\PersonalAV => C:\Program Files (x86)\PersonalAV\pav.exe
Task: {E3D8643F-73AB-4F44-9E4E-3239CEDC70FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {E833A8D5-03F0-4F3E-8099-B60903B65ADC} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PersonalAV.job => C:\Program Files (x86)\PersonalAV\pav.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{269615AB-C287-4A5D-9E1D-E8162D640571}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-11-13 04:19 - 2008-09-10 18:18 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-09-04 08:14 - 2008-09-04 08:14 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2008-11-13 04:20 - 2008-11-13 04:20 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2007-07-18 14:42 - 2007-07-18 14:42 - 00020480 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-09-24 08:39 - 2008-09-24 08:39 - 00118784 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2008-09-24 08:40 - 2008-09-24 08:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2008-09-04 08:14 - 2008-09-04 08:14 - 00049152 _____ () C:\Windows\SysWOW64\BeepApp.exe
2008-10-17 20:57 - 2008-10-17 20:57 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2008-11-13 04:36 - 2008-09-15 10:14 - 00028672 _____ () c:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\Alaska '13\2013-09-04 Alaska 2013\Alaska 2013 133.JPG
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HP Health Check Service => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{99AD7928-4634-49E8-B3C8-3F3AD32C38A5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C6F3FCE8-E500-4B70-A5DA-ED4CEB166224}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{57971AB5-2CAA-4E43-B3E1-132E2C90CC8F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{E7ADB57E-75AC-4A86-A953-F540F66A3958}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{E49A4C17-CC4B-43B4-B0F2-0699334EEB4D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{38C8B491-2341-4D98-892A-BE6A8A3C16C0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{12D859A4-34B3-47D3-A9CE-180F4193E9E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F0DF9C78-4A78-4549-8909-7E972F8A9558}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{370A7E88-DE54-46DD-9F75-DF8D5BAFDC13}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{A754636A-7629-41A4-A670-0CA075CE36A0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E873FB94-F6DC-448E-98E8-8057F49A85BD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F151234B-5127-4F25-8D86-C024BEC475B6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{C633C786-32B8-4A2B-AF14-CDBA81EBDF89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{010CBDAC-811B-48AF-997C-02CD7B97B3B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{89E11236-4E69-4CEF-8BFB-1AB0B5767079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{670DA672-65E7-415A-A530-4066FF95CD70}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D6E201E4-F708-41B6-9E3C-BA75C8192A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{52F43E63-D9C8-437A-904B-79358BDB4224}] => (Allow) C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{DAEF6620-D587-4959-91F3-F328FAB1EA34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E4DC8163-6A98-487E-92F6-239B3EFBB78C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{CAA6E903-AE4B-42A6-A364-A923CAB8956D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{33410ADA-3238-4B1C-9C73-2DD8E7710272}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{68E3028F-EDBD-439B-9057-6ACE3964A4AB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{09A12BDB-01EB-4A4B-8D04-0FC438BE7FC1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{92870828-0ABE-4AE4-A080-938127BBECE5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B0AD56AA-75F7-467E-B5D8-C11032510128}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{79BCE14B-3DF3-4A5A-A203-6FC8846B95DE}] => (Allow) LPort=80
FirewallRules: [{FDBE602C-477E-4956-B382-D75FA06D6323}] => (Allow) LPort=80
FirewallRules: [{342791A8-2B94-47A9-BA5D-2B87EFCF23F4}] => (Allow) LPort=80
FirewallRules: [{FE989C99-1BB1-44B6-9EE5-8ED817EA80DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7B49D89-A571-434E-9A26-15FFBE365EC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37FE3ADF-0123-4F42-93F0-971CCDF68CD0}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6DBDB4C3-DC54-4CF9-B15E-5A1251CDA5AD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{E99BCF72-BC5E-48DC-AF52-2F960C5F6F3D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8A344B9-75CE-463A-BFC7-4E0E66513A96}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D864D4D2-4B6E-435D-B390-33E079693C5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4007AA50-F735-4A7B-A50F-EFC1A0FFF0E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C840E665-0AF8-4CBD-8209-5E01506A2185}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{107769B7-6B5A-480D-BB17-AE13FDDEA924}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90C58129-C2A1-4A06-B517-32BC61ACE79E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{51A79372-F6CC-43FD-9909-B688FAE5445F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe

==================== Restore Points =========================

20-07-2016 00:17:47 Scheduled Checkpoint
20-07-2016 03:00:11 Windows Update
21-07-2016 00:26:00 Scheduled Checkpoint
21-07-2016 03:00:11 Windows Update
22-07-2016 00:51:27 Windows Update
22-07-2016 03:00:11 Windows Update
23-07-2016 00:00:01 Scheduled Checkpoint
23-07-2016 03:00:10 Windows Update
24-07-2016 00:13:08 Scheduled Checkpoint
24-07-2016 03:00:10 Windows Update
25-07-2016 00:18:33 Scheduled Checkpoint
25-07-2016 03:00:25 Windows Update
26-07-2016 01:47:31 Scheduled Checkpoint
26-07-2016 01:50:21 Windows Update
26-07-2016 03:00:10 Windows Update
27-07-2016 00:50:43 Scheduled Checkpoint
27-07-2016 03:00:11 Windows Update
28-07-2016 03:00:10 Windows Update
29-07-2016 00:33:57 Scheduled Checkpoint
29-07-2016 01:50:23 Windows Update
29-07-2016 03:00:10 Windows Update
30-07-2016 00:00:01 Scheduled Checkpoint
30-07-2016 03:00:10 Windows Update
31-07-2016 00:15:06 Scheduled Checkpoint
31-07-2016 03:00:10 Windows Update
01-08-2016 03:00:10 Windows Update
01-08-2016 21:43:23 Scheduled Checkpoint
02-08-2016 01:23:42 Windows Update
02-08-2016 03:00:10 Windows Update
03-08-2016 00:00:00 Scheduled Checkpoint
03-08-2016 03:00:11 Windows Update
04-08-2016 12:15:00 Windows Update
04-08-2016 12:44:25 Revo Uninstaller's restore point - Java(TM) 6 Update 7
04-08-2016 12:48:38 Revo Uninstaller's restore point - Driver Support
04-08-2016 12:56:09 Restore Point Created by FRST
04-08-2016 16:40:28 Revo Uninstaller's restore point - Coupon Printer for Windows
04-08-2016 16:41:57 Revo Uninstaller's restore point - CouponBar
04-08-2016 16:42:42 Revo Uninstaller's restore point - CouponPrinterPlugin
04-08-2016 16:51:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2016 05:08:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2016 05:06:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 04:37:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2016 04:35:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 01:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2016 01:52:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 01:08:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in the hash map cannot be updated.

Context:  Application, SystemIn

winchester73

#6
August 04, 2016, 09:59:44 PM
You mentioned in the first post that the computer was having trouble booting, sounds related to the error ...

Not going to be much help diagnosing the timeout, best I can offer is the user manual: https://www2.ati.com/relnotes/AMD_RAIDXpert_User_v2.1.pdf
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Ghost

#7
August 04, 2016, 10:17:18 PM
Hi winchester73,
After this cleanup was in progress it boots just fine however i did some research and it seems the disk is failing even thiough check disk shows volume is clean.

Corrine

#8
August 04, 2016, 10:34:36 PM
1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code Select

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin => not found
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
C:\Program Files (x86)\Norton Internet Security
S1 ahxmuxla; \??\C:\Windows\system32\drivers\ahxmuxla.sys [X]
S1 euigqdbe; \??\C:\Windows\system32\drivers\euigqdbe.sys [X]
S1 gfdbwrmk; \??\C:\Windows\system32\drivers\gfdbwrmk.sys [X]
S1 gmnisfov; \??\C:\Windows\system32\drivers\gmnisfov.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jariggak; \??\C:\Windows\system32\drivers\jariggak.sys [X]
S1 kncvwufq; \??\C:\Windows\system32\drivers\kncvwufq.sys [X]
S1 mukofezi; \??\C:\Windows\system32\drivers\mukofezi.sys [X]
S1 nacniwqm; \??\C:\Windows\system32\drivers\nacniwqm.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S1 svbxzmik; \??\C:\Windows\system32\drivers\svbxzmik.sys [X]
S1 vermzvkd; \??\C:\Windows\system32\drivers\vermzvkd.sys [X]
S1 xxzqhjnz; \??\C:\Windows\system32\drivers\xxzqhjnz.sys [X]
2016-08-04 17:05 - 2009-07-22 22:29 - 00000238 _____ C:\Windows\Tasks\PersonalAV.job
Task: {D729C804-77CD-48CE-95A5-B8D7115D532C} - System32\Tasks\PersonalAV => C:\Program Files (x86)\PersonalAV\pav.exe
C:\Program Files (x86)\PersonalAV
Task: C:\Windows\Tasks\PersonalAV.job => C:\Program Files (x86)\PersonalAV\pav.exe
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
2.  Regarding the disk failing, according to the log:
QuoteError: (08/03/2016 08:57:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Please do the following: (please note: this may take a while to complete)

  • Click on Start > Run and type in cmd
  • Press Enter
  • In the Command Prompt window type chkdsk c:/r and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>

  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.

  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply and let me know how your computer is now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#9
August 05, 2016, 12:04:21 PM
Hi Corrine,
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Owner (2016-08-04 18:43:10) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} -  No File
URLSearchHook: HKU\S-1-5-21-3862196275-3360126361-1193061951-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin => not found
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
C:\Program Files (x86)\Norton Internet Security
S1 ahxmuxla; \??\C:\Windows\system32\drivers\ahxmuxla.sys [X]
S1 euigqdbe; \??\C:\Windows\system32\drivers\euigqdbe.sys [X]
S1 gfdbwrmk; \??\C:\Windows\system32\drivers\gfdbwrmk.sys [X]
S1 gmnisfov; \??\C:\Windows\system32\drivers\gmnisfov.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 jariggak; \??\C:\Windows\system32\drivers\jariggak.sys [X]
S1 kncvwufq; \??\C:\Windows\system32\drivers\kncvwufq.sys [X]
S1 mukofezi; \??\C:\Windows\system32\drivers\mukofezi.sys [X]
S1 nacniwqm; \??\C:\Windows\system32\drivers\nacniwqm.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S1 svbxzmik; \??\C:\Windows\system32\drivers\svbxzmik.sys [X]
S1 vermzvkd; \??\C:\Windows\system32\drivers\vermzvkd.sys [X]
S1 xxzqhjnz; \??\C:\Windows\system32\drivers\xxzqhjnz.sys [X]
2016-08-04 17:05 - 2009-07-22 22:29 - 00000238 _____ C:\Windows\Tasks\PersonalAV.job
Task: {D729C804-77CD-48CE-95A5-B8D7115D532C} - System32\Tasks\PersonalAV => C:\Program Files (x86)\PersonalAV\pav.exe
C:\Program Files (x86)\PersonalAV
Task: C:\Windows\Tasks\PersonalAV.job => C:\Program Files (x86)\PersonalAV\pav.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{98572e47-b5fe-43de-9aea-492a1d3064cd} => value removed successfully
"HKCR\CLSID\{98572e47-b5fe-43de-9aea-492a1d3064cd}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{98572e47-b5fe-43de-9aea-492a1d3064cd}" => key removed successfully
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{98572e47-b5fe-43de-9aea-492a1d3064cd} => value removed successfully
HKU\S-1-5-21-3862196275-3360126361-1193061951-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} => value removed successfully
"HKCR\Wow6432Node\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}" => key removed successfully
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com => value removed successfully
Norton Internet Security => service removed successfully
"C:\Program Files (x86)\Norton Internet Security" => not found.
ahxmuxla => service removed successfully
euigqdbe => service removed successfully
gfdbwrmk => service removed successfully
gmnisfov => service removed successfully
IpInIp => service removed successfully
jariggak => service removed successfully
kncvwufq => service removed successfully
mukofezi => service removed successfully
nacniwqm => service removed successfully
NAVENG => service removed successfully
NAVEX15 => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
SRTSP => service removed successfully
SRTSPX => service removed successfully
svbxzmik => service removed successfully
vermzvkd => service removed successfully
xxzqhjnz => service removed successfully
C:\Windows\Tasks\PersonalAV.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D729C804-77CD-48CE-95A5-B8D7115D532C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D729C804-77CD-48CE-95A5-B8D7115D532C}" => key removed successfully
C:\Windows\System32\Tasks\PersonalAV => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PersonalAV" => key removed successfully
C:\Program Files (x86)\PersonalAV => moved successfully
C:\Windows\Tasks\PersonalAV.job => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5901814 B
Java, Flash, Steam htmlcache => 643 B
Windows/system/drivers => 24756 B
Edge => 0 B
Chrome => 0 B
Firefox => 11833283 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 692 B
LocalService => 0 B
NetworkService => 66228 B
NetworkService => 0 B
Owner => 695312 B

RecycleBin => 0 B
EmptyTemp: => 25.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:44:10 ====

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 8/5/2016 7:55:49 AM >------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 79608
Source Name: Microsoft-Windows-Wininit
Time Written: 08-05-2016 @ 04:16:52
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up instance tags for file 0x2c831.
  448128 file records processed.                                 

  4615 large file records processed.                           

  0 bad file records processed.                             

  0 EA records processed.                                   

  41 reparse records processed.                               

  522068 index entries processed.                                 

  0 unindexed files processed.                               

  448128 security descriptors processed.                         

Cleaning up 301 unused index entries from index $SII of file 0x9.
Cleaning up 301 unused index entries from index $SDH of file 0x9.
Cleaning up 301 unused security descriptors.
  36971 data files processed.                                   

CHKDSK is verifying Usn Journal...
  34479832 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x7d8000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x7d8000 for 0x1000 bytes.
Windows replaced bad clusters in file 55163
of name \Windows\System32\en-US\lsm.exe.mui.
  448112 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  161416529 free clusters processed.                                 

Free space verification is complete.
Adding 78 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

718362508 KB total disk space.
  72015444 KB in 164139 files.
    102720 KB in 36972 indexes.
       312 KB in bad sectors.
    578224 KB in use by the system.
     65536 KB occupied by the log file.
645665808 KB available on disk.

      4096 bytes in each allocation unit.
179590627 total allocation units on disk.
161416452 allocation units available on disk.

Internal Info:
80 d6 06 00 a3 11 03 00 ae 8e 05 00 00 00 00 00  ................
b6 1f 00 00 29 00 00 00 00 00 00 00 00 00 00 00  ....)...........
e0 64 c9 77 00 00 00 00 50 23 38 ff 00 00 00 00  .d.w....P#8.....

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
NO Raid error message this morning and yes i see where check disk repaired a few clusters;-)))))))
PC booting and running much much better;-)
Thanks;-)

winchester73

#10
August 05, 2016, 01:05:19 PM
Hopefully the error messages are gone for good  ;D
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Ghost

#11
August 05, 2016, 01:22:51 PM
Hi winchester73,
I sure hope so. It had me worried for sure.

winchester73

#12
August 05, 2016, 01:51:58 PM
Might be worth downloading and running the diagnostic tool from the hard drive manufacturer website, just to be sure
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Ghost

#13
August 05, 2016, 01:57:41 PM
Hi winchester73,
An excellent idea which i will do.
Thanks;-)

Corrine

#14
August 05, 2016, 02:41:24 PM
There are a couple of other things that need to be done as well: 

1.  SP2 need to be installed!  Mainstream support has ended but extended support is good till 4/11/17 if SP2 is installed.  Install Windows Vista Service Pack 2 (SP2)

2. Even though IE is not the person's primary browser, it still need to be updated to IE9.   Download Internet Explorer 9.

After installation of both, I suspect that there will be a number of additional updates that need to be installed.





Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1 2
User actions