Solved How has Chrome stopped accessing web?

March 5, 2015 at 14:12:49
Specs: Windows 8.1
When I attempt to access any site through Chrome, previously working OK, message appears stating "unable to access network". When more information is clicked, it states "Allow Chrome to access network in firewall or antivirus settings". Please describe how this is done. No obvious place in control panel. I am using Norton 360.

See More: How has Chrome stopped accessing web?

Report •


#1
March 5, 2015 at 14:20:26
✔ Best Answer
I'm not a Chrome user but I am using Chromium and that works OK. I would very much doubt if there is some overall network issue that we haven't heard about.

From what you have said I think you should do at least a couple of basic Malware checks. The following two freebies often uncover and fix many issues:

ADWCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the Scan. You then have options to remove whatever it shows under each heading in the table that appears below, although it is usually safe to run "Cleaning".

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Run the program but before doing the scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits".

If either or both find anything then please copy/paste the logs on here because even if the symptoms are cured you are likely to still have things lurking around that require further cleaning. If nothing is found let us know.

Always pop back and let us know the outcome - thanks


Report •

#2
March 5, 2015 at 14:44:21
Yep, clean ( ADWCleaner ) & quarantine ( Malwarebytes ) then Copy & Paste the contents of the logs in your reply please.

Report •

#3
March 5, 2015 at 15:58:04
Johnny, do other browsers access the network ok? If so, then Chrome is the only one affected by something. Derek's advice will help you root it out.

Report •

Related Solutions

#4
March 6, 2015 at 05:43:32
Hello,

Sorry for the trouble. Is Chrome the only browser affected? Are you able to access the Internet with Chrome when the Norton Firewall is disabled?

Thanks!

Vineeth
Norton Support


Report •

#5
March 6, 2015 at 18:53:38
Thanks for your responses, Derek, Roland, Johnw and Vineeth. Although Google had stopped, Internet Explorer was working OK. I ran ADW cleaner as suggested and this found a lot of things. After I had run it, Chrome worked OK. ALSO Norton 360 now worked OK , although Norton had appeared to be checking websites in the background, I had been unable to access it by double clicking the Norton icon, but now can.

I then ran Malwarebytes as suggested and this found two more items.

Log from ADWCleaner
Folder Deleted : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Deleted : C:\Users\John\AppData\Roaming\dll-files.com
File Deleted : C:\Users\Public\Desktop\Dll-Files Fixer.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : RDReminder
Task Deleted : DLL-Files.Com Fixer_Updates
Task Deleted : DLL-Files.Com Fixer_MONTHLY

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\dll-files.com
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dll-Files Fixer_is1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v41.0.2272.76

[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.dodo.com/none-nav-linked-pages/dodo-search/?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://easthamiltonhillps.wa.edu.au/?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=140&cntnt01searchinput={searchTerms}&submit=Search

*************************

AdwCleaner[R0].txt - [3577 bytes] - [07/03/2015 08:50:21]
AdwCleaner[S0].txt - [3285 bytes] - [07/03/2015 08:54:47]

Files quarantined by Malwarebytes

PUP.Optional.MindSpark.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, , [7930d84a0e7c4fe7c2c65c81f50e0bf5],
PUP.Optional.MindSpark.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, , [aaffa67c05850d29a5e3568713f008f8],



Report •

#6
March 6, 2015 at 18:57:14
We are on the right track johnay, about 5 more steps to go.

Step 3: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#7
March 6, 2015 at 19:16:49
ADW & MWB found a lot. You would be well advised to continue with Johnw who, from past experience, is almost certain to unearth a lot more undesirables.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
March 7, 2015 at 02:49:25
Thanks Johnw, I ran JRT OK, though did not disable Norton because of password difficulties. JRT completed but nothing further was recorded in the JRT log.

Report •

#9
March 7, 2015 at 02:51:28
Step 4: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#10
March 7, 2015 at 03:55:34
Thanks again, Johnw, the following were found by Roguekiller

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3357402910-1210814798-1129728160-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bbc.co.uk/news/uk/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3357402910-1210814798-1129728160-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bbc.co.uk/news/uk/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)


Report •

#11
March 7, 2015 at 03:56:56
Can you stay with me for an hour johnay? If so, we can finish.

message edited by Johnw


Report •

#12
March 7, 2015 at 04:20:42
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#13
March 7, 2015 at 05:41:10
Hi Johnw - A lot of material produced by Farbar (following warning from Norton about new untested software). Content of both files together too big for computing.net, so I will try them separately:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by John (administrator) on THEHP on 07-03-2015 21:05:26
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available profiles: John)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\John\Downloads\RogueKiller.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\John\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [FXAPQLU] => C:\Program Files\Fuji Xerox\Printer Software for AP\FXAPQLUZ.EXE [1111040 2010-09-21] (Fuji Xerox Co., Ltd.)
HKLM\...\Run: [FXSMAPPSP] => C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE [1136128 2010-06-30] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-03-07]

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service...
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service...
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 FXSMAPPWD; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE [150016 2010-05-27] (Fuji Xerox Co., Ltd.) [File not signed]
R2 FXSMAPSDB; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE [338944 2010-05-27] (Fuji Xerox Co., Ltd.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-09] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-05] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150306.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150306.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150306.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:05 - 2015-03-07 21:05 - 00021618 _____ () C:\Users\John\Downloads\FRST.txt
2015-03-07 21:05 - 2015-03-07 21:05 - 00000000 ____D () C:\FRST
2015-03-07 21:04 - 2015-03-07 21:04 - 02092544 _____ (Farbar) C:\Users\John\Downloads\FRST64 (1).exe
2015-03-07 21:00 - 2015-03-07 21:00 - 02092544 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-03-07 19:10 - 2015-03-07 19:10 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-07 19:10 - 2015-03-07 19:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-07 19:08 - 2015-03-07 19:09 - 15568472 _____ () C:\Users\John\Downloads\RogueKiller.exe
2015-03-07 15:26 - 2015-03-07 15:26 - 00000613 _____ () C:\Users\John\Desktop\JRT.txt
2015-03-07 15:17 - 2015-03-07 14:04 - 01388333 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2015-03-07 15:16 - 2015-03-07 15:16 - 00001093 _____ () C:\Users\John\Downloads\JRT - Shortcut.lnk
2015-03-07 14:04 - 2015-03-07 14:04 - 01388333 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2015-03-07 09:45 - 2015-03-07 20:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 09:44 - 2015-03-07 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-07 09:44 - 2015-03-07 09:44 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-07 09:44 - 2015-03-07 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-07 09:44 - 2015-03-07 09:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-07 09:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-07 09:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-07 09:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-07 09:28 - 2015-03-07 09:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-07 08:49 - 2015-03-07 08:54 - 00000000 ____D () C:\AdwCleaner
2015-03-07 08:47 - 2015-03-07 08:47 - 02126848 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2015-03-05 22:32 - 2015-03-05 22:32 - 00001453 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 22:31 - 2015-03-05 22:31 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-03 22:17 - 2015-03-07 16:28 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for THEHP-John TheHP
2015-02-25 10:05 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 10:05 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 10:05 - 2014-10-29 09:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 10:05 - 2014-10-29 09:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 10:05 - 2014-10-29 09:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 10:05 - 2014-10-29 09:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-12 05:47 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 05:47 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:49 - 2015-02-04 07:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 10:49 - 2015-02-04 07:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 10:49 - 2015-02-04 07:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 10:49 - 2015-02-03 07:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 10:49 - 2015-02-03 07:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 10:49 - 2015-02-03 07:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 10:49 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 10:49 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 10:49 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 10:49 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 10:49 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 10:49 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 10:49 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 10:49 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 10:49 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 10:49 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 10:49 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 10:49 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 10:49 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 10:49 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 10:49 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 10:49 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 10:49 - 2014-12-09 07:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 10:49 - 2014-10-29 10:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 10:49 - 2014-10-29 10:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 10:49 - 2014-10-29 10:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 10:49 - 2014-10-29 10:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 10:49 - 2014-10-29 10:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 10:49 - 2014-10-29 10:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 10:49 - 2014-10-29 09:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 10:49 - 2014-10-29 09:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 10:49 - 2014-10-29 09:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 10:49 - 2014-10-29 09:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 10:49 - 2014-10-29 09:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 10:49 - 2014-10-29 09:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 10:49 - 2014-10-29 09:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 10:48 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 10:48 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 10:48 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 10:48 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 10:48 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 10:48 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 10:48 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 10:48 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 10:48 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 10:48 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 10:48 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 10:48 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 10:48 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 10:48 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 10:48 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 10:48 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 10:48 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 10:48 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 10:48 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 10:48 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 10:48 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 10:48 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 10:48 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 10:48 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 10:48 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 10:48 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 10:48 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 10:48 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 10:48 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 10:48 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 10:48 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 10:48 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 10:48 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 10:48 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 10:48 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-07 20:42 - 2013-12-28 03:53 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 20:33 - 2013-12-28 00:55 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD4BFEF2-F955-475E-BDE6-E3B882BBC088}
2015-03-07 20:11 - 2014-01-24 23:59 - 01181791 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-07 19:21 - 2014-06-11 17:57 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-03-07 19:21 - 2014-02-04 06:23 - 00000000 __RDO () C:\Users\John\SkyDrive
2015-03-07 17:47 - 2014-08-08 15:47 - 00000294 _____ () C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-03-07 16:56 - 2013-12-29 00:34 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-07 15:12 - 2014-02-20 09:31 - 00000000 ____D () C:\Users\John\Documents\Johns
2015-03-07 14:45 - 2013-12-28 00:57 - 00000000 ____D () C:\Users\John\Documents\Youcam
2015-03-07 14:44 - 2013-12-28 03:53 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 14:43 - 2013-11-14 12:34 - 00873138 _____ () C:\WINDOWS\PFRO.log
2015-03-07 14:43 - 2013-08-22 22:46 - 00303480 _____ () C:\WINDOWS\setupact.log
2015-03-07 14:43 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-07 14:42 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-07 14:37 - 2013-12-28 01:03 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3357402910-1210814798-1129728160-1001
2015-03-07 09:00 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-06 09:43 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 22:20 - 2013-08-22 23:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-05 06:25 - 2014-02-02 11:16 - 00001323 _____ () C:\Users\John\Desktop\Norton Installation Files.lnk
2015-03-05 06:25 - 2013-11-08 03:05 - 00000000 ____D () C:\ProgramData\Norton
2015-03-04 06:44 - 2013-12-28 03:54 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-03 21:40 - 2014-07-24 17:56 - 00000000 ____D () C:\Users\John\Documents\Lauras
2015-03-03 21:40 - 2014-01-01 05:09 - 00003152 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2015-03-03 21:40 - 2014-01-01 05:09 - 00000340 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2015-02-25 10:23 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 22:08 - 2014-02-03 18:06 - 00000000 ____D () C:\Users\John\Documents\Katherines
2015-02-24 06:31 - 2013-12-28 01:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-18 10:08 - 2013-12-28 00:52 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2015-02-12 11:33 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 11:19 - 2013-11-14 20:45 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 07:23 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 16:24 - 2013-08-22 22:44 - 00381968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 16:08 - 2014-12-22 06:52 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 16:08 - 2014-07-09 16:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 16:07 - 2014-01-24 20:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 16:07 - 2013-11-08 02:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 16:00 - 2014-01-24 20:15 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-07 21:49 - 2013-12-29 00:34 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 15:27

==================== End Of Log ============================


Report •

#14
March 7, 2015 at 05:43:31
******************************************************************************************
******************************************************************************************
Hi Johnw - here is content of Additional file

******************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by John at 2015-03-07 21:06:44
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\...\BeamNG-Techdemo-0.3) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fuji Xerox Printer Software for Asia-Pacific (HKLM-x32\...\{014A135D-76A4-4A0C-A75A-7F769B8AA024}) (Version: 1.000.00.01 - Fuji Xerox)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\...\HPConnectedMusic) (Version: 1.1 (build 77) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-02-2015 22:24:08 Scheduled Checkpoint
25-02-2015 10:22:32 Windows Update
04-03-2015 10:45:58 Scheduled Checkpoint
05-03-2015 06:33:54 HPSF Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E137D02-322B-4D1B-9D06-92D9A8B249E9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3357402910-1210814798-1129728160-1001
Task: {1E565D4F-7415-48E7-9C1B-0372D1F9555A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {34FDE3D1-CD2B-41C5-87C5-6B90D9C6870A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: {40F29F66-49BA-408B-916D-ADC08FF33D58} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {5C8E4F21-5B42-423D-A5CF-3D8947EF7C0A} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {5EE00AA4-2D6C-42E8-918F-9EFD10B5C9C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {67787545-6E79-44A0-A5F3-E06E4B78A4A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {6E95B8B7-2F96-4819-BB27-68294258F697} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {700492BE-21BC-4005-BB11-B90B888E9695} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {7A50E30E-81D6-4FD8-8D27-B03E0833E008} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {8A218AE7-7228-44A5-922D-DAA228441BD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: {93702496-3618-479C-B8CD-2FE84F6F08B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {97AF9DDB-3BCC-4968-BF7B-5152B58D1063} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {9F9EC271-66AD-4A30-A7C9-87C31A2971EB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for THEHP-John TheHP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {A936EE8B-A153-455A-8017-DEA27A3CB12E} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B08810AE-410C-4EBE-9A99-6C7D127CF649} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {BD2870B1-BF51-4EC2-802F-37D35EC24539} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {C7F3A3D3-E141-4D0E-B4DB-B48DB8B4E40F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EA402B80-9E3B-4B4A-8C5E-BE4343F62EE1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {F25C4F7D-7D5C-4403-A4F7-296726531716} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {F9687D05-F591-4C19-843D-1547BED97945} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-05] (Hewlett-Packard Company)
Task: {FB533669-02C0-4D78-80AF-09E5CCC02EC5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-02 13:27 - 2012-09-18 23:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2014-01-02 13:28 - 2012-09-18 23:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-03-20 06:50 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-24 06:30 - 2014-12-24 03:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-07 19:08 - 2015-03-07 19:09 - 15568472 _____ () C:\Users\John\Downloads\RogueKiller.exe
2013-11-08 02:58 - 2013-03-12 22:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 06:53 - 2013-03-13 06:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-08 02:33 - 2013-05-09 05:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-04 06:44 - 2015-02-28 09:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-04 06:44 - 2015-02-28 09:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-04 06:44 - 2015-02-28 09:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
2015-03-04 06:44 - 2015-02-28 09:56 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\John\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\John\Downloads\Bookmarketing clarification.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\No Subject.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3357402910-1210814798-1129728160-500 - Administrator - Disabled)
Guest (S-1-5-21-3357402910-1210814798-1129728160-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3357402910-1210814798-1129728160-1005 - Limited - Enabled)
John (S-1-5-21-3357402910-1210814798-1129728160-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 07:21:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0x36c
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (03/07/2015 06:56:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0x10cc
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (03/07/2015 06:00:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0x1750
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (03/07/2015 04:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0xe28
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (03/07/2015 03:35:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0x36c
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (03/07/2015 03:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea17a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process ID: 0x1504
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5


System errors:
=============
Error: (03/07/2015 07:10:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys


Microsoft Office Sessions:
=========================
Error: (03/07/2015 07:21:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.00000000000000000000000000000000036c01d058c8d7d1450fC:\Windows\System32\skydrive.exeunknown165a7430-c4bc-11e4-beb5-a0d3c155cef0

Error: (03/07/2015 06:56:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.00000000000000000000000000000000010cc01d058c558a9fefbC:\Windows\System32\skydrive.exeunknown9726143c-c4b8-11e4-beb5-a0d3c155cef0

Error: (03/07/2015 06:00:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.000000000000000000000000000000000175001d058bd92041623C:\Windows\System32\skydrive.exeunknownd0aaca68-c4b0-11e4-beb5-a0d3c155cef0

Error: (03/07/2015 04:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.000000000000000000000000000000000e2801d058ade3238674C:\Windows\System32\skydrive.exeunknown21c338ca-c4a1-11e4-beb5-a0d3c155cef0

Error: (03/07/2015 03:35:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.00000000000000000000000000000000036c01d058a93ec911c2C:\Windows\System32\skydrive.exeunknown7d791ac9-c49c-11e4-beb5-a0d3c155cef0

Error: (03/07/2015 03:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea17aunknown0.0.0.000000000000000000000000000000000150401d058a81b1e65c5C:\Windows\System32\skydrive.exeunknown5c4962f3-c49b-11e4-beb5-a0d3c155cef0


CodeIntegrity Errors:
===================================
Date: 2015-01-11 09:25:05.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:05.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:04.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:04.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:04.259
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:03.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:03.603
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:03.275
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:02.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-11 09:25:02.603
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 43%
Total physical RAM: 7962.15 MB
Available physical RAM: 4503.57 MB
Total Pagefile: 9242.15 MB
Available Pagefile: 6264.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.93 GB) (Free:755.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.47 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Hopefully this makes some sense!

Johnay


Report •

#15
March 7, 2015 at 05:44:46
" Content of both files together too big for computing.net, so I will try them separately"
Don't that will work out very well for you johnay, uploading as per my instructions is a lot easier.

message edited by Johnw


Report •

#16
March 7, 2015 at 06:03:29

Report •

#17
March 7, 2015 at 06:24:16
"Hi Johnw - here is content of Additional file.
Running from C:\Users\John\Downloads"
You did not follow instructions here either.

You will need to adjust for the next step.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\John\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\John\Downloads\Bookmarketing clarification.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\No Subject.eml:OECustomProperty
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#18
March 7, 2015 at 06:42:03
I'm going to bed now, been watching the Davis Cup tennis.
I'm here.
http://www.timeanddate.com/worldclo...

Catch you later to finish off, when we are both available.


Report •

#19
March 7, 2015 at 07:09:41
Thanks for your help so far - Here is fixlog.txt contents.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by John at 2015-03-07 22:52:46 Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\John\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\John\Downloads\Bookmarketing clarification.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\New Owner.eml:OECustomProperty
AlternateDataStreams: C:\Users\John\Downloads\No Subject.eml:OECustomProperty
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-2... ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3357402910-1210814798-1129728160-1001 -> {FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} URL = http://www.amazon.co.uk/s/ref=azs_o...
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll
*****************

Processes closed successfully.
"C:\Users\John\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\John\SkyDrive (2).old" => ":ms-properties" ADS not found.
C:\Users\John\Downloads\Bookmarketing clarification.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\John\Downloads\New Owner (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\John\Downloads\New Owner.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\John\Downloads\No Subject.eml => ":OECustomProperty" ADS removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16}" => Key deleted successfully.
HKCR\CLSID\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKU\S-1-5-21-3357402910-1210814798-1129728160-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16}" => Key deleted successfully.
HKCR\CLSID\{FE8AC6E5-2D42-46BC-B4BE-9AEE649D4B16} => Key not found.
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 1.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:54:48 ====


Report •

#20
March 7, 2015 at 15:26:36
Update & run Malwarebytes again. Copy & Paste the contents of the complete/whole log ( even if nothing is found ) please.

message edited by Johnw


Report •

#21
March 7, 2015 at 18:58:37
Good Morning Johnw, Malwarebytes has been run and found nothing. Thanks for all your help on this. For my own peace of mind, please explain simply why fixlist.txt was necessary after all the other "treatments", and also what farbar does, as it seems very recent software. Having identified quite a few issues with this PC which Norton 360 had not prevented, please advise any further action I should take regarding protection of data. Here is Malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/03/2015
Scan Time: 10:07:39
Logfile: malwarebyteslog8March15.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.08.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342126
Time Elapsed: 19 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Thanks, Johnay


Report •

#22
March 7, 2015 at 19:52:37
Morning/afternoon wherever you are, johnay.

" For my own peace of mind, please explain simply why fixlist.txt was necessary after all the other "treatments"
Big question, simply put, it lets me see what the other programs missed.

" as it seems very recent software"
Been used for malware/trojan detection for a long time.
Here are a few other forums that use.
http://www.bleepingcomputer.com/for...
http://www.techspot.com/community/t...
http://forums.malwarebytes.org/inde...
http://techie7.com/index.php?thread...
http://www.spywareinfoforum.com/top...
http://forum.avira.com/wbb/index.ph...
http://discussions.virtualdr.com/sh...
http://www.windowsbbs.com/windows-7...
http://www.pchelpforum.com/xf/threa...
http://maddoktor2.com/forums/index....
http://5starsupport.co.uk/index.php...
http://www.lavasoftsupport.com/inde...
http://www.cybertechhelp.com/forums...

" Having identified quite a few issues with this PC which Norton 360 had not prevented, please advise any further action I should take regarding protection of data"
Will address that at my finish.

"License: Trial"
You have installed the Premium version, which is a very good & can be run in conjunction with your current Anti-Virus ( AV ) If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version
"Rootkits: Enabled"
You can disable that now.

What issues do you have now?

message edited by Johnw


Report •

#23
March 7, 2015 at 22:28:49
Thanks again Johnw - I am pleased that all is now working. I am interested that you can identify what the safeguarding programs can miss. Are you creating your own safeguarding software? Would you advise changing passwords etc if my computer has been vulnerable. After completing malware bytes, I ran Norton, which found some tracking cookies and deleted them.

Johnay


Report •

#24
March 7, 2015 at 22:30:39
Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

Report •

#25
March 8, 2015 at 04:14:49
Hi Johnw - Delfix downloads but Norton immediately objects with the message.shown below. Whilst my faith in Norton has been somewhat shaken, I find this message sufficiently off-putting not to want to use it. I can always get latest versions of the other anti-malware software when I want to use it again.

Filename: unconfirmed 53054.crdownload
Threat name: Suspicious.Cloud.7.EP
Full Path: c:\users\john\desktop\unconfirmed 53054.crdownload

____________________________

Details
Unknown Community Usage,  Unknown Age,  Risk High

Origin
Downloaded from
 Unknown

Activity
Actions performed: Actions performed: 1

____________________________

On computers as of 
Not Available


Last Used 
08/03/2015 at 18:58:57


Startup Item 
No


Launched 
No


____________________________


Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

Source: External Media

____________________________

File Actions

File: c:\users\john\desktop\ unconfirmed 53054.crdownload Removed
____________________________


File Thumbprint - SHA:
46a2de5f81d53422e2c32e035fc6c0709d4b840a985213d88fcc2e4a7c403637
File Thumbprint - MD5:
Not available


Report •

#26
March 8, 2015 at 04:20:32
Get those sort of messages from different AV's all the time, when using special tools. They are called false positives.

This is the problem with Norton, it is too complicated for the average user.

Disable Norton if you have to & Run Delfix.

message edited by Johnw


Report •

#27
March 8, 2015 at 09:09:58
"based on malware heuristics"

Which means that it found something that had "similar characteristic to a virus" but it was not anything known (ie on the AV database). In a general sort of way they are worth checking out in Google but often prove to be perfectly OK. As per Johnw - "False Positives".

Always pop back and let us know the outcome - thanks


Report •

#28
Report •

#29
March 8, 2015 at 14:53:58
Like all regulars on this forum, Johnw never suggests any program unless it is quite safe to use. Norton simply doesn't know what Delfix is because it is a computer tool.

Always pop back and let us know the outcome - thanks


Report •

#30
March 9, 2015 at 05:26:03
OK, thanks for reassuring messages. My next problem is how to disable Norton. I apparently successfully changed my password for it and can access "My Account" OK ... But if I then right click on the Norton icon and select to disable antivirus or firewall, I type in the same password when requested and receive the response "Password is incorrect". This has happened several times and I am currently unable to proceed with running delfix.

Report •

#31
March 9, 2015 at 06:02:54
You now need to uninstall Norton, that leaves you with Windows Defender, which is what I use.

You can always reinstall Norton later.

How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...

Now run Delfix.


Report •

#32
March 10, 2015 at 08:12:45
I have now run Delfix. Here is the log.

# DelFix v10.9 - Logfile created 10/03/2015 at 23:08:10
# Updated 27/02/2015 by Xplode
# Username : John - THEHP
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\John\Desktop\FRST-OlderVersion
Deleted : C:\Users\John\Desktop\Fixlog.txt
Deleted : C:\Users\John\Desktop\FRST64.exe
Deleted : C:\Users\John\Desktop\JRT.exe
Deleted : C:\Users\John\Desktop\JRT.txt
Deleted : C:\Users\John\Downloads\Addition.txt
Deleted : C:\Users\John\Downloads\AdwCleaner.exe
Deleted : C:\Users\John\Downloads\FRST.txt
Deleted : C:\Users\John\Downloads\FRST64 (1).exe
Deleted : C:\Users\John\Downloads\FRST64.exe
Deleted : C:\Users\John\Downloads\JRT - Shortcut.lnk
Deleted : C:\Users\John\Downloads\JRT.exe
Deleted : C:\Users\John\Downloads\RogueKiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #61 [Scheduled Checkpoint | 02/19/2015 14:24:08]
Deleted : RP #62 [Windows Update | 02/25/2015 02:22:32]
Deleted : RP #63 [Scheduled Checkpoint | 03/04/2015 02:45:58]
Deleted : RP #65 [HPSF Restore Point | 03/04/2015 22:33:54]

New restore point created !


Report •

#33
March 10, 2015 at 15:23:44
Very good johnay, that got rid of the nasties in System restore. Now to finish off.

"Are you creating your own safeguarding software?"
No.

"Would you advise changing passwords etc if my computer has been vulnerable"
You have not been violated by that sort of malware.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Extract from your fixlist.
EmptyTemp: => Removed 1.6 GB temporary data.
Way, way too big, even for a gamer.
For normal use.
Set IE temp file setting to 50mb.
Set Java to 100mb ( that's MB not GB )
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

From your Farbar Addition log.
Event log errors: skydrive.exe is giving repeated errors, you may know about it, uninstalling it is probably the way to go, reinstall it later if required.
Microsoft Office Sessions: Ditto.
CodeIntegrity Errors: Silverlight problem, same applies.
Use the 2 step Wise tool to uninstall.
Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

Here is how a USER got these problems, ( Whilst my faith in Norton has been somewhat shaken ) it has nothing to do with Norton, no AV would have prevented USER error.
Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

message edited by Johnw


Report •

Ask Question