Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avira Reports RiceGen3, but will not remove file [Solved]


  • This topic is locked This topic is locked

#1
TomNeedsHelp

TomNeedsHelp

    Member

  • Member
  • PipPip
  • 51 posts

Hello,

 

Our computer has been getting slower and slower recently.  Today, I noticewd that the Avira reports an infected file w/ RiceGen3, Delete file?  I select to delete, it just performs a new scan and reports the same file but does not delete it.

 

I also tried to defragment today, but am told that the required service is disabled (Task Scheduler).  When I try to Start the service, that is not an option. 

 

There seems to be all kinds of wierdness going on, computer extrememly slow to start up, services that are "On Demand" start on startup but take forever to do so (NextPVR in particular), logging into router it tells me that this computer is offline (even though I logged into the router from it???), fair dsl speed, but web pages take forever to load with many time outs, etc.

 

OTL Logs below:

 

OTL logfile created on: 9/13/2014 11:45:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.74 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 24.58% Memory free
7.48 Gb Paging File | 3.14 Gb Available in Paging File | 42.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 20.35 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 341.39 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 122.07 Gb Free Space | 26.21% Space Free | Partition Type: NTFS
Drive L: | 2794.51 Gb Total Space | 2749.48 Gb Free Space | 98.39% Space Free | Partition Type: NTFS
 
Computer Name: BUNTING-LIVRM | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/13 11:40:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/08/21 16:03:26 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/08/21 16:03:26 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/08/19 14:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/08/05 07:59:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/05 07:58:33 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/05 07:58:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/08/04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/07/29 22:23:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/08 11:06:03 | 000,061,512 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
PRC - [2014/05/08 11:06:02 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/04/19 12:46:40 | 003,370,672 | ---- | M] (MiTAC) -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\CmTray.exe
PRC - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2011/04/20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/11 17:51:06 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\2d91f280276699ddb2602e9d020a1cdd\PresentationFramework-SystemXml.ni.dll
MOD - [2014/09/11 17:51:06 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\6b23b10afa0712c819862a4ec0c40757\PresentationFramework-SystemData.ni.dll
MOD - [2014/09/11 17:50:34 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\60e8c3eab577fe8bd21e419085a3c843\System.IdentityModel.ni.dll
MOD - [2014/09/11 17:50:32 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9614efdd4e4b30e71fdee7888135009f\System.ServiceModel.ni.dll
MOD - [2014/09/10 23:06:07 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\1269ba2bee1b8587ae523e6d9abff484\PresentationFramework.ni.dll
MOD - [2014/09/10 23:05:55 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\38fdb5c1bcfbed498ea2db40ef6aa23e\PresentationCore.ni.dll
MOD - [2014/09/10 23:05:52 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\94110ad15c57cfddf356ece3d307d533\System.Xaml.ni.dll
MOD - [2014/09/10 23:05:49 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\936468ae0e65d704cc703aae22697cd9\System.Data.ni.dll
MOD - [2014/09/10 23:05:48 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\057cef93417231d7d4f8ed84841c12f1\WindowsBase.ni.dll
MOD - [2014/09/10 23:05:44 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b51470d7e909c4fab01a25fd1e1c42dc\System.Windows.Forms.ni.dll
MOD - [2014/09/10 23:05:42 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\1e72a8986d831a8071bb103067a8ac87\System.Data.Linq.ni.dll
MOD - [2014/09/10 23:05:38 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\003f540cf55cae8805bb30d8b240ec86\SMDiagnostics.ni.dll
MOD - [2014/09/10 23:05:37 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\c2d1735e9f72e974cd34063a714a309f\System.Runtime.Serialization.ni.dll
MOD - [2014/09/10 23:05:37 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\08fbe280b07b0401b857454aef95ea81\System.ServiceModel.Internals.ni.dll
MOD - [2014/09/10 23:05:33 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3c777eb7042798554bcf10134595273e\System.Xml.ni.dll
MOD - [2014/09/10 23:05:32 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\28684b3f787d06edd1de8b574521d867\System.Core.ni.dll
MOD - [2014/09/10 23:05:29 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5ee6a5fbbf59e1c3ca14631ff12dd6ec\System.Configuration.ni.dll
MOD - [2014/09/10 23:05:28 | 010,061,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9b943fcb3af2101cfb3467161c6ac0ed\System.ni.dll
MOD - [2014/08/04 14:20:40 | 000,139,056 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/08/04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/07/29 22:23:09 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/03/01 18:31:43 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/03/01 18:31:06 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/01 00:51:53 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/03/01 00:51:29 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/01 00:51:22 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/01 00:51:09 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/03/01 00:51:08 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/03/14 18:54:48 | 000,107,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\libgcc_s_dw2-1.dll
MOD - [2013/03/14 18:54:48 | 000,022,086 | ---- | M] () -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\mingwm10.dll
MOD - [2013/02/28 14:56:42 | 003,891,200 | ---- | M] () -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\mapsafe.dll
MOD - [2013/02/28 14:34:06 | 004,875,776 | ---- | M] () -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\libumap_public.dll
MOD - [2013/02/28 14:34:06 | 004,527,104 | ---- | M] () -- C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\cm_sync_standalone.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 12:36:34 | 000,018,432 | ---- | M] (Silicondust USA Inc) [Auto | Running] -- C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe -- (HDHomeRun Service)
SRV:64bit: - [2013/01/31 14:42:06 | 000,302,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/08/21 16:03:26 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/08/05 07:59:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/05 07:58:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/08 11:06:02 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe -- (RadioRage_4jService)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 21:46:10 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/13 15:21:14 | 000,055,808 | ---- | M] (Menten Holdings Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\NPVR\NRecord.exe -- (NPVR Recording Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/21 16:03:38 | 000,536,984 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/07/03 18:44:34 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 15:41:28 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/11/20 19:22:37 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2013/10/07 09:47:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/01/31 14:42:16 | 000,057,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psmounterex.sys -- (PSMounterEx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/24 04:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 22:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2014/08/21 16:03:38 | 000,444,184 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/08/18 17:52:41 | 000,768,184 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys -- (RapportCerberus_80049)
DRV - [2011/10/07 13:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.tb.ask...r={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A EC 3B 0C E1 45 CE 01  [binary data]
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\URLSearchHook: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - No CLSID value found
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\magellangps.com/mgnContentManager: C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\npmgnContentManager.dll (MiTAC Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/23 23:22:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/08/16 11:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/04/19 20:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/04/19 20:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/09/10 17:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8icaa8ni.default\extensions
[2014/09/10 17:19:01 | 000,000,000 | ---D | M] (RadioRage) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8icaa8ni.default\extensions\4jffxtbr@RadioRage_4j.com
[2014/09/05 12:58:50 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8icaa8ni.default\extensions\[email protected]
[2014/05/08 11:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\p2gzsapq.default\extensions
[2014/05/08 11:06:10 | 000,000,000 | ---D | M] (RadioRage) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\p2gzsapq.default\extensions\4jffxtbr@RadioRage_4j.com
[2014/08/11 22:40:57 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\extensions\[email protected]
[2013/05/08 11:26:26 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\extensions\[email protected]
[2014/08/11 22:39:21 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\extensions\[email protected]
[2014/07/23 22:11:22 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/11 22:39:12 | 000,556,916 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2012/02/29 23:31:45 | 000,001,820 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\searchplugins\bing.xml
[2013/11/24 14:36:13 | 000,008,215 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\searchplugins\google-ssl.xml
[2013/05/23 23:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/29 22:23:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/08/28 19:52:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Toolbar BHO) - {48909954-14fb-4971-a7b3-47e7af10b38a} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {5848763c-2668-44ca-adbe-2999a6ee2858} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
O3 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\Toolbar\WebBrowser: (RadioRage) - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RadioRage Home Page Guard 64 bit] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe ( )
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RadioRage EPM Support] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [RadioRage Search Scope Monitor] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe (Mindspark)
O4 - HKLM..\Run: [RadioRage_4j Browser Plugin Loader] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [RadioRage_4j Browser Plugin Loader 64] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000..\Run: [Content Manager Tray App] C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\launchCM.exe ()
O4 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4452249-5C5D-4771-9EF1-A76923A69D15}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/16 18:33:30 | 000,000,040 | -H-- | M] () - L:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/13 11:45:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/09/06 14:22:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{01F2260D-58E8-459A-99BF-0D1D6C4FE9B2}
[2014/09/06 14:18:45 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Pics Sept 14
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/13 11:40:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/09/13 11:24:36 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/13 11:24:36 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/13 11:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/10 23:01:21 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/10 23:01:21 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 23:01:21 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 23:01:15 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/06 14:39:48 | 000,001,553 | ---- | M] () -- C:\Users\user\.recently-used.xbel
[2014/09/06 14:20:48 | 000,289,024 | ---- | M] () -- C:\Users\user\DimLog0.xml
[2014/09/06 14:19:36 | 000,001,777 | ---- | M] () -- C:\Users\user\DIMConfig.xml
[2014/08/29 03:22:08 | 000,419,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/22 20:36:20 | 223,113,216 | ---- | M] () -- C:\Users\Public\Documents\LibreOffice_4.3.0_Win_x86.msi
 
========== Files Created - No Company Name ==========
 
[2014/09/06 14:39:48 | 000,001,553 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2014/08/22 22:59:17 | 223,113,216 | ---- | C] () -- C:\Users\Public\Documents\LibreOffice_4.3.0_Win_x86.msi
[2014/02/02 14:52:00 | 000,000,399 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/11/02 23:51:55 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/12 01:15:43 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/16 10:02:22 | 000,000,051 | ---- | C] () -- C:\Windows\EART730.ini
[2012/03/30 15:28:27 | 000,000,145 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss
[2011/05/16 12:47:36 | 000,001,777 | ---- | C] () -- C:\Users\user\DIMConfig.xml
[2011/05/16 12:46:30 | 000,289,024 | ---- | C] () -- C:\Users\user\DimLog0.xml
[2011/03/04 21:59:50 | 000,000,165 | ---- | C] () -- C:\Users\user\AppData\Roaming\SamsungLiveUpdateConfig.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/22 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ControlCenter4
[2012/12/16 15:40:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Epson
[2011/06/20 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\FrostWire
[2011/04/19 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Thunderbird
[2011/11/15 22:08:46 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ControlCenter4
[2011/12/06 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Dropbox
[2012/12/16 12:37:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Epson
[2011/04/19 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Thunderbird
[2011/11/13 01:04:52 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\Audacity
[2012/12/20 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\BDlot
[2012/02/02 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\calibre
[2011/11/13 01:06:13 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\ControlCenter4
[2012/12/19 00:17:58 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\Epson
[2011/06/20 15:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\FrostWire
[2013/11/03 22:33:06 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\gtk-2.0
[2013/12/15 10:05:42 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\HandBrake
[2011/05/16 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\ImgBurn
[2011/04/19 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\Thunderbird
[2012/03/23 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Dick and Betty\AppData\Roaming\ControlCenter4
[2012/12/19 16:25:01 | 000,000,000 | ---D | M] -- C:\Users\Dick and Betty\AppData\Roaming\Epson
[2011/04/19 21:33:16 | 000,000,000 | ---D | M] -- C:\Users\Dick and Betty\AppData\Roaming\Thunderbird
[2012/01/03 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ControlCenter4
[2013/02/11 19:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Epson
[2011/11/19 12:18:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/01/15 01:15:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BDlot
[2013/10/27 15:18:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\calibre
[2013/02/25 15:35:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\canon
[2013/02/25 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon_Inc_IC
[2014/03/08 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Content Manager
[2011/11/10 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ControlCenter4
[2011/12/07 11:23:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2013/01/15 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDFab
[2011/11/12 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eBookConverter
[2012/12/17 11:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson
[2014/09/06 14:39:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2014/08/09 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake
[2011/05/10 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2012/12/16 10:15:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2011/11/12 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LEAPS
[2013/09/30 17:21:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MiTACCorporation
[2011/11/16 01:06:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MPEG Streamclip
[2011/11/12 00:17:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pegasys Inc
[2012/12/31 13:54:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Silicondust
[2011/04/19 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/10/05 16:17:51 | 099,386,337 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\妊帏Ḽ
[2013/10/05 10:17:51 | 099,386,337 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\妊帏Ḽ
[2013/10/01 15:19:28 | 098,612,549 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ꮁ陎Ḽ
[2013/10/01 09:19:32 | 098,612,549 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ꮁ陎Ḽ
[2013/09/23 05:33:14 | 098,634,808 | ---- | M] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ꝛ찆Ḽr
[2013/09/22 11:33:13 | 098,634,808 | ---- | C] ()(C:\Windows\SysWow64\???r) -- C:\Windows\SysWow64\Ꝛ찆Ḽr
[2013/09/15 15:30:42 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???!) -- C:\Windows\SysWow64\왓Ḽ!
[2013/09/15 15:30:42 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???!) -- C:\Windows\SysWow64\왓Ḽ!
[2013/09/12 21:18:09 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???Q) -- C:\Windows\SysWow64\쳍ḼQ
[2013/09/12 21:18:09 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???Q) -- C:\Windows\SysWow64\쳍ḼQ
[2013/09/12 15:18:08 | 097,373,152 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㛄ᢡḼ
[2013/09/12 15:18:08 | 097,373,152 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㛄ᢡḼ
[2013/09/10 14:34:35 | 096,985,259 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䵚഑Ḽ
[2013/09/10 14:34:35 | 096,985,259 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䵚഑Ḽ
[2013/09/05 18:45:24 | 096,269,118 | ---- | M] ()(C:\Windows\SysWow64\???©) -- C:\Windows\SysWow64\⌦ṟḼ©
[2013/09/05 18:45:24 | 096,269,118 | ---- | C] ()(C:\Windows\SysWow64\???©) -- C:\Windows\SysWow64\⌦ṟḼ©

< End of report >
 

 

Extras Log file:

 

OTL Extras logfile created on: 9/13/2014 11:45:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.74 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 24.58% Memory free
7.48 Gb Paging File | 3.14 Gb Available in Paging File | 42.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 20.35 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 341.39 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 122.07 Gb Free Space | 26.21% Space Free | Partition Type: NTFS
Drive L: | 2794.51 Gb Total Space | 2749.48 Gb Free Space | 98.39% Space Free | Partition Type: NTFS
 
Computer Name: BUNTING-LIVRM | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071533B5-AC0D-42B2-BAD6-FFBDB64C5304}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10F6992A-E771-42FD-AC41-B8C34A21E736}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{172EADC8-C7F6-4074-A8B1-9D6F6CD8702D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2031502E-8261-49E0-87CB-7D27A799A6DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{297C4524-B656-4E35-AD2F-4368F92CDC94}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A047F17-8761-43CB-B7D7-F574C1303D23}" = rport=138 | protocol=17 | dir=out | app=system |
"{313BE0C5-13EC-45D0-90C6-EBAB2E40EA00}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{428F78E1-5595-4E44-B766-442DF8C37455}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48668B31-0B7B-414B-81A0-8D586D9E02A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D472505-C4B2-490A-ABF9-DA0880EB6A61}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{4DF4547D-5C90-4BAB-B15F-A5977405CF5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63845FCE-AE8B-4544-A1BD-1B4B42536C24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72954D07-AD8A-4F6D-9381-017BB0C98DA6}" = lport=138 | protocol=17 | dir=in | app=system |
"{73A4837F-40AC-4684-8F89-2BD39F7D8ACA}" = rport=137 | protocol=17 | dir=out | app=system |
"{790C335A-7FE8-474D-8904-714EC5E54E8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82F5EBE6-5EDF-4A23-A924-D50E821AAE8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1B6B6BE-6588-489C-8290-D0758F4B5085}" = rport=445 | protocol=6 | dir=out | app=system |
"{B687D7AA-D73A-452E-B972-75734C34CE6E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CDF16A43-7874-43BA-8C15-4CCBAC5F9B78}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D50E21EC-56C8-480D-8B0B-44FCBE85E3F8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D5A7229C-33B6-4F62-A417-DDD887A1A989}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E384DE28-FE62-477E-A823-EDF916DE5664}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{ECE3C96B-C985-4BD5-89FD-454C5745DE05}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F01BC7DC-F4BC-48C4-A2CD-B81BF44866D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0CFD703-BE6E-45D0-BC7E-B1778C6BC5AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA653CD6-55A8-4FC1-99CB-8882DDCEC62B}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B61BCE6-3B48-46B9-A618-D9F14AEB215F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0BFBC7F4-D41F-4D3C-A2B2-989158EB78E5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{0C2AADE3-7A29-48D3-A4E2-36E7B20180B1}" = protocol=17 | dir=in | app=k:\documents\downloads\frostwire\frostwire.exe |
"{0E73B4DE-8F36-4E0F-B645-CBAE4380082C}" = protocol=58 | dir=in | [email protected],-28545 |
"{129981CE-777E-44C3-BD0C-85D1D0091271}" = dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_setup.exe |
"{18B19DA5-E16D-46B7-BBC7-2840B4A5E76A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\content manager\cmtray.exe |
"{1FDA3AF0-715C-4081-9988-A4080DEA675A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26655F64-A802-443E-B13D-72B5299325F6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2EAC78BA-1BF3-4196-9B3E-C4C9955B133C}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\content manager\cmtray.exe |
"{30D17AC5-979F-4C49-A7F5-A2B64EA77151}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{31A2C411-53E1-4141-94B8-C2C3AA6831E5}" = protocol=17 | dir=in | app=c:\program files (x86)\makemkv\makemkvcon64.exe |
"{36ED6445-6228-4423-9049-6F6CB8E25AE2}" = dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config.exe |
"{37451073-4166-418C-BBAC-E5978F032B9A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{44D82CBB-F10F-4061-B989-231610299AC6}" = dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_quicktv.exe |
"{49DF2427-13D2-4E0C-8254-1403FE03B62D}" = protocol=6 | dir=in | app=c:\program files (x86)\npvr\nrecord.exe |
"{4C4C705B-84F3-4E59-A638-7FF4E0BCD39D}" = protocol=17 | dir=in | app=c:\program files (x86)\npvr\ndigitalhost.exe |
"{5114150B-7796-4BB7-A853-B71E0EA52197}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{52A33519-756D-410A-8061-A00E39038018}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EA1A74B-9385-43D4-8D9C-F2342B59DD82}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{5F6141D6-7163-4260-9CB4-AF0C617872B4}" = protocol=6 | dir=in | app=k:\documents\downloads\frostwire\frostwire.exe |
"{632CB93F-6657-4271-B8E9-9BE731E6934B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F8A1A0-A3DC-46B3-AFB5-6C759BD617C3}" = protocol=6 | dir=in | app=c:\program files (x86)\npvr\ndigitalhost.exe |
"{6AD0CA8F-A3F6-46CC-9FB8-5B177BD2CB61}" = protocol=17 | dir=in | app=c:\program files (x86)\npvr\nextpvr.exe |
"{756E9F1F-DE7D-48D6-82E2-662CB8E847E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EC7301F-E8DF-485B-8EC4-F1D55DB52B10}" = dir=in | app=c:\program files\silicondust\hdhomerun\hdhomerun_config_gui.exe |
"{7EF9111F-D499-4397-97AF-64F52B9048DA}" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{837A3319-A57D-43F0-B986-8C177FAC8108}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{85B3F6B2-D3AB-406B-ACF2-A4B1F725FB5D}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{885F836A-82A4-4107-9303-CD0B759064DC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{889F6EB0-5736-4E1D-9481-8890B75AEA53}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8E19DB25-9792-4425-AC6A-E0DA94B34ADE}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{92E9C505-0B23-41B5-8211-3CE8B203A03E}" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{995CD0D4-7061-4281-BFA1-3D4434E00D28}" = protocol=1 | dir=in | [email protected],-28543 |
"{A9481623-F170-443E-AF17-DF4C083BF44C}" = protocol=1 | dir=out | [email protected],-28544 |
"{AF641652-7C5A-4E1B-AEF9-223F3793CAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{B7112E20-5051-45DB-961C-7DBD3A4FFE1A}" = protocol=6 | dir=in | app=c:\program files (x86)\makemkv\makemkvcon64.exe |
"{BEBCCC88-20BC-42EE-81B0-9B27BA15711F}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{CA5EA7EC-933E-480D-87C1-A24DC6797BE6}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{CF1CA0EC-DBA3-4F4B-92D1-C4233C2A188E}" = protocol=6 | dir=in | app=c:\program files (x86)\npvr\nextpvr.exe |
"{D0B6714D-3540-4FDC-8DAA-B505768E998F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D28F27DA-D222-490B-803F-90BF53EAD24B}" = protocol=58 | dir=out | [email protected],-28546 |
"{DBC4267B-E230-4681-9AA4-155316671B5B}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{DD788027-F259-4EF4-892C-CA53C0D8F81E}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{F073937E-03AE-4513-BE22-0546A4D3071B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{FAFF9E75-53D2-4628-A0E2-6DED90A5EEBB}" = protocol=17 | dir=in | app=c:\program files (x86)\npvr\nrecord.exe |
"{FF370D45-8F0F-4552-9D98-60D13A7773DE}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0BBB43BC-6935-4E61-AF70-B9ACFC424063}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{4DE5D675-90A6-4058-B367-420E792D1559}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{C2AE03CE-D5E8-43E1-87BF-A11FCAD14E08}C:\program files (x86)\makemkv\makemkvcon64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\makemkv\makemkvcon64.exe |
"UDP Query User{31975986-CB97-48E4-9B53-75BA8CD6E9F8}C:\program files (x86)\makemkv\makemkvcon64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\makemkv\makemkvcon64.exe |
"UDP Query User{430A4C66-9418-4D71-A0BB-C4EDD1715262}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{DB3EFDA4-76F5-41EF-A3C9-8E0E9594410B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DCA0803-0890-4631-94BA-17DE31C49C40}" = Microsoft Camera Codec Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}" = Oracle VM VirtualBox 4.3.12
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{CD886EE3-07DE-76F1-79DA-0D2C31551559}" = ccc-utility64
"{DBB4E17D-09D8-47A6-96B9-876093092284}" = HDHomeRun
"{E9220B1F-33C4-4A89-B34D-38374CFBE2CF}" = Macrium Reflect Free Edition
"EPSON Artisan 730 Series" = EPSON Artisan 730 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.6.10
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0879415B-4038-A4ED-276C-80E2C24502E8}" = CCC Help Polish
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}" = Avira
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{23114BAB-A7F2-160F-4CF8-20F5917C5063}" = CCC Help Dutch
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AAB420-4E30-4496-9739-3E216F3DE6AE}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2D290157-1B44-1620-073B-F91546386AEF}" = CCC Help German
"{3331E34D-38D0-49CE-A395-B30B05FCCE6C}" = calibre
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3356F59C-C5F3-4EC5-9262-C2EBE89C2A36}" = TurboTax 2013 wohiper
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7460DN
"{3B183D60-41F1-4513-BF25-761A70654452}" = TMPGEnc Authoring Works 4
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4599E55A-9861-AA8D-AD77-A62649FB1B88}" = Catalyst Control Center Graphics Full New
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{599556F6-88AA-D1B4-BBEE-E6DBEB69E958}" = CCC Help Thai
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61E455F8-99A8-D65F-B6E3-06B998B7F26F}" = CCC Help Greek
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{67E6A5BC-CA30-46DE-2A8E-C17BD52D3A60}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{772E433B-907F-D183-9521-4FB6C6126E24}" = CCC Help Danish
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{796DDBD5-999C-EE26-EB08-AD16FF82B620}" = CCC Help Italian
"{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy
"{7C3D2C23-FF8C-DF11-1110-220FD024E94B}" = CCC Help Spanish
"{80DB9145-FFA6-A9EA-0684-6F09BCEE5324}" = CCC Help Swedish
"{8303FC1B-3B58-19D3-DBCD-DF63144463DB}" = CCC Help Hungarian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8B37A414-1480-607C-8A06-3C6DAC20CA87}" = Catalyst Control Center Graphics Light
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC37670-CFF6-851D-F6F4-D730E2DCF827}" = CCC Help Norwegian
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94FF7296-8022-FFB5-2B31-3B72524DDF2A}" = Catalyst Control Center Graphics Previews Vista
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F5B8E0-1935-0CE0-08B3-7128820A7B08}" = CCC Help Portuguese
"{AA35FD9B-BD64-2229-371C-5217D43F3829}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AFF3DA5E-9426-57DA-3B59-9E67A426214B}" = CCC Help Turkish
"{B0754949-EBFC-4870-B7B5-99B5193D8C28}" = Browser 2 Device Plug-in
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B31F6A27-F7B6-EA98-2168-B256A929F49B}" = Catalyst Control Center Localization All
"{B82285B9-60A7-85E6-2AFF-F7CC65530EA1}" = CCC Help Russian
"{BAC15A55-B97D-AD8C-54AF-5E6B681BC839}" = CCC Help Chinese Standard
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF73A77C-55FD-4F59-928C-DBFDEC52E623}" = Catalyst Control Center Core Implementation
"{C5177FC1-B7C4-41DE-129F-54B273EBCD09}" = Catalyst Control Center Graphics Previews Common
"{C7C05C54-21D1-4DA7-9473-C47CB13D6A40}" = CCC Help Czech
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9F3DB27-447C-8569-9E5A-F2DB69C5BE4D}" = ccc-core-static
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D584C0DD-5994-8AC4-FC21-ED1E5F3B3B95}" = CCC Help English
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD794783-8313-CEFC-0A34-B9F596B09F76}" = CCC Help French
"{DFC3AA0C-E8F1-2DCB-4EA2-073E20131FC5}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{e67154a7-9cc5-4167-b782-f3982bc6c70d}" = Avira
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{f885d547-71dc-4614-92c3-6722f5e9457c}" = Nero 9 Essentials
"{FA2AD46D-06FB-8883-6CE5-349EC371D173}" = CCC Help Finnish
"{FB3E4248-8793-6A02-7862-4D56FABC814B}" = CCC Help Chinese Traditional
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"BDlot DVD ISO Master_is1" = BDlot DVD ISO Master 3.0.2
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.5 (14/12/2012) Qt
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"Fitbit Connect" = Fitbit Connect
"HandBrake" = HandBrake 0.9.9.1
"ImgBurn" = ImgBurn
"Kurlo 1.3" = Kurlo 1.3
"LinuxLive USB Creator" = LinuxLive USB Creator
"MakeMKV" = MakeMKV v1.8.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MD5Check_is1" = MD5Check 3.0
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US)
"NextPVR" = NextPVR
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RadioRage_4jbar Uninstall Internet Explorer" = RadioRage Internet Explorer Toolbar
"Rapport_msi" = Trusteer Endpoint Protection
"SABnzbd" = SABnzbd 0.7.16
"TurboTax 2013" = TurboTax 2013
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.1.0
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"Amazon Kindle" = Amazon Kindle
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/25/2014 7:31:04 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 31.0.0.5310,
 time stamp: 0x53c75e91  Faulting module name: mozalloc.dll, version: 31.0.0.5310,
 time stamp: 0x53c72e91  Exception code: 0x80000003  Fault offset: 0x0000141b  Faulting
 process id: 0x11f8  Faulting application start time: 0x01cfc0bc982250e4  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: e14a9f34-2caf-11e4-9b44-6c626daf807e
 
Error - 8/26/2014 9:13:45 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: RapportService.exe, version: 3.5.1403.67,
 time stamp: 0x53da38f1  Faulting module name: RapportUtil.dll, version: 3.5.1403.67,
 time stamp: 0x53da361e  Exception code: 0xc0000005  Fault offset: 0x00152d99  Faulting
 process id: 0x55c  Faulting application start time: 0x01cfc193bbad82f1  Faulting application
 path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe  Faulting module
 path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll  Report Id: 62f46efa-2d87-11e4-9128-6c626daf807e
 
Error - 8/29/2014 1:43:13 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x0000795b  Faulting process id: 0x16c4  Faulting application
 start time: 0x01cfc39fef11a32b  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: f2b2b4f4-2fa3-11e4-a109-6c626daf807e
 
Error - 9/1/2014 5:40:19 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: RapportMgmtService.exe, version: 3.5.1403.67,
 time stamp: 0x53da38c9  Faulting module name: RapportUtil.dll, version: 3.5.1403.67,
 time stamp: 0x53da361e  Exception code: 0xc0000005  Fault offset: 0x00152d99  Faulting
 process id: 0x3b4  Faulting application start time: 0x01cfc62d076d4a8f  Faulting application
 path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe  Faulting
 module path: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll  Report
Id: 9174b15a-3220-11e4-ba06-6c626daf807e
 
Error - 9/5/2014 12:45:22 PM | Computer Name = Bunting-LivRm | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: db0    Start
 Time: 01cfc927e56a264a    Termination Time: 840    Application Path: C:\Program Files\Internet
 Explorer\IEXPLORE.EXE    Report Id: b553548b-351b-11e4-b3d1-6c626daf807e  
 
Error - 9/5/2014 2:38:42 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x00007a69  Faulting process id: 0x698  Faulting application
 start time: 0x01cfc927da12177e  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: dbd702cb-352b-11e4-b3d1-6c626daf807e
 
Error - 9/5/2014 6:38:45 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x00007a4c  Faulting process id: 0x1120  Faulting application
 start time: 0x01cfc94960f34997  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: 64d701e8-354d-11e4-b3d1-6c626daf807e
 
Error - 9/8/2014 10:24:10 AM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x0000795b  Faulting process id: 0x137c  Faulting application
 start time: 0x01cfcb5fc8165f6e  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: cc246368-3763-11e4-b5dc-6c626daf807e
 
Error - 9/8/2014 12:24:08 PM | Computer Name = Bunting-LivRm | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x0000795b  Faulting process id: 0xe34  Faulting application
 start time: 0x01cfcb708c923fd0  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: 8eb43b1e-3774-11e4-b5dc-6c626daf807e
 
Error - 9/8/2014 9:11:50 PM | Computer Name = Bunting-LivRm | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 570    Start
 Time: 01cfcbc98a89f5c8    Termination Time: 31    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:   
 
[ Media Center Events ]
Error - 6/28/2013 1:21:41 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 1:21:41 PM - Error connecting to the internet.  1:21:41 PM -     Unable
 to contact server..  
 
Error - 6/28/2013 2:24:21 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 2:24:21 PM - Failed to retrieve Directory (Error: The operation has
 timed out)  
 
Error - 7/2/2013 12:38:40 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 12:38:30 PM - Error connecting to the internet.  12:38:30 PM -     Unable
 to contact server..  
 
Error - 7/4/2013 12:00:45 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 12:00:44 PM - Error connecting to the internet.  12:00:44 PM -     Unable
 to contact server..  
 
Error - 7/4/2013 12:01:36 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 12:01:23 PM - Error connecting to the internet.  12:01:23 PM -     Unable
 to contact server..  
 
Error - 7/13/2013 12:46:38 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 12:46:26 PM - Failed to retrieve SportsSchedule (Error: The operation
 has timed out)  
 
Error - 7/30/2013 12:27:16 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 12:27:01 PM - Error connecting to the internet.  12:27:01 PM -     Unable
 to contact server..  
 
Error - 8/4/2013 11:26:30 AM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 11:26:30 AM - Error connecting to the internet.  11:26:30 AM -     Unable
 to contact server..  
 
Error - 8/4/2013 11:28:07 AM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 11:27:17 AM - Error connecting to the internet.  11:27:17 AM -     Unable
 to contact server..  
 
Error - 8/8/2013 5:47:15 PM | Computer Name = Bunting-LivRm | Source = MCUpdate | ID = 0
Description = 5:47:03 PM - Failed to retrieve SportsSchedule (Error: The underlying
 connection was closed: An unexpected error occurred on a receive.)  
 
[ System Events ]
Error - 9/8/2014 12:12:05 AM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/8/2014 10:04:32 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/10/2014 10:42:24 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/11/2014 10:23:55 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/12/2014 1:47:56 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/12/2014 3:52:36 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/13/2014 11:14:23 AM | Computer Name = Bunting-LivRm | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error - 9/13/2014 11:14:34 AM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10010
Description =
 
Error - 9/13/2014 11:14:54 AM | Computer Name = Bunting-LivRm | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error - 9/13/2014 11:26:16 AM | Computer Name = Bunting-LivRm | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 70. The internal error state
 is 105.
 
 
< End of report >
 

 

I do not know how you want logs posted, times I have used you before has just pasted into topic, but see now people are attaching instead.  Which is preferred?

 

Thank you for any assistance,

 

Tom

 

 

Attached Files


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Tom and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

Posting logs within the thread is the preferred method unless we specifically mention otherwise.
I have requested new logs from you as the ones we will be using are more current than OTL.

Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.
The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

First...

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below
    • Drivers MD5
    • Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Next...

ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswmbr.png aswMBR.exe to run it

aswMBR1.png

Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well

msgbox.png

On completion of the scan click Save Log, save it to your desktop and post in your next reply

aswMBR2.png

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file, it will be removed in our cleanup at the end.

Items I need to see in your next post:

  • FRST and Addition Log
  • ASWmbr Log

  • 0

#3
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Thank you for your assistance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on BUNTING-LIVRM on 15-09-2014 21:52:11
Running from C:\Users\user\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(MiTAC) C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\CmTray.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485960 2014-05-08] ( )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RadioRage EPM Support] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe [12872 2014-05-08] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2014-05-08] (Mindspark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe [61512 2014-05-08] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader 64] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe [71752 2014-05-08] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [Content Manager Tray App] => C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\launchCM.exe [94208 2013-03-14] ()
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [.tluafed** <*>] => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe [830344 2013-12-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2062905526-1712026431-3041011506-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1002\...\Run: [CmTray] => "C:\Program Files (x86)\Content Manager\launchCM.exe"
HKU\S-1-5-21-2062905526-1712026431-3041011506-1002\...\MountPoints2: {9a18d92b-3e2e-11e0-9af2-6c626daf807e} - F:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8AEC3B0CE145CE01
URLSearchHook: HKCU - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {48909954-14fb-4971-a7b3-47e7af10b38a} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
BHO-x32: Search Assistant BHO -> {5848763c-2668-44ca-adbe-2999a6ee2858} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
Toolbar: HKCU - No Name - {78BA36C9-6036-482B-B48D-ECCA6F964B84} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: magellangps.com/mgnContentManager -> C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\npmgnContentManager.dll (MiTAC Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\searchplugins\google-ssl.xml
FF Extension: RadioRage - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\4jffxtbr@RadioRage_4j.com [2014-09-10]
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-09-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2013-05-08]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21]
FF Extension: Adblock Edge - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-08-11]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [55808 2013-10-13] (Menten Holdings Ltd) [File not signed]
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2014-05-08] (COMPANYVERS_NAME)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-11-20] (Digiarty Software, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [57976 2013-01-31] ()
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-08-18] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-08-21] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-08-21] (IBM Corp.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\61883.sys E0A8525A951ADDB4655BC2068566407D
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ahcix64s.sys AF53917D9741A84627FA689EA622558A
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\System32\DRIVERS\atikmpag.sys 6B4E9261B613B047A9A145F328889968
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\System32\DRIVERS\avc.sys 16FABE84916623D0607E4A975544032C
C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D
C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys 79B9D7643C9E3AD10B89DF8EF0A9D2FE
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\libusb0.sys B280C4608AC389DA9515A35AC4CAB0FD
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msdv.sys 72949A24D37A20A54B3D4D3DADBB55E9
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\psmounterex.sys A551F9A6BB2C9B7021A3A9DCE9DAB614
C:\Windows\System32\Drivers\PxHlpa64.sys F2EECF8977BD3FE4E38743DDCFBECD20
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys AC26E6992C7931220B2FF74B4BD5D5E8
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 1E0861908ED14977A69951713823711F
C:\Windows\System32\Drivers\RapportKE64.sys 0D7BA4369BE0DF5DA9E6E6FB16F94EEA
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\sscdbus.sys ED161B91FDF7EAA39469D72D463D5F4E
C:\Windows\System32\DRIVERS\sscdmdfl.sys 4CB09E77593DBD8D7AF33B37375CA715
C:\Windows\System32\DRIVERS\sscdmdm.sys C7B4CF53497A6E5363F3439427663882
C:\Windows\System32\DRIVERS\sscdserd.sys 05FFA552F578E27AB2D41B6828DB477F
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\VBoxDrv.sys CDA796F41C2B64CEEC143B3A86904CFB
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 8CD776EB77695524CCE594AAC3A71569
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 39D80811EB7E87CD7F682A3124693CBA
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 248C6ADD9467AF319D1882A5E8B12966
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 21:52 - 2014-09-15 21:53 - 00040195 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-15 21:51 - 2014-09-15 21:52 - 00000000 ____D () C:\FRST
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-15 18:49 - 2014-09-15 18:49 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-14 15:20 - 2014-09-14 15:20 - 00000300 _____ () C:\Windows\Tasks\wxs.job
2014-09-14 15:20 - 2014-09-14 15:20 - 00000252 _____ () C:\Windows\Tasks\wsx.job
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:38 - 2014-05-16 14:21 - 64770048 _____ () C:\Users\Bunting\Desktop\VBoxGuestAdditions.iso
2014-09-13 12:34 - 2014-09-13 12:35 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-13 11:45 - 2014-09-13 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-10 23:02 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:02 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:02 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:02 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:02 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:02 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:02 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:02 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:02 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:02 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:02 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:02 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:02 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:02 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:43 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:43 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:26 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:26 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:22 - 2014-09-06 14:22 - 00000000 ____D () C:\Users\user\AppData\Local\{01F2260D-58E8-459A-99BF-0D1D6C4FE9B2}
2014-09-06 14:18 - 2014-09-06 14:20 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-08-28 07:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 03:08 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:08 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:08 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:08 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:08 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:08 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:06 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:06 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 21:53 - 2014-09-15 21:52 - 00040195 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-15 21:52 - 2014-09-15 21:51 - 00000000 ____D () C:\FRST
2014-09-15 19:25 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 19:25 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-15 18:52 - 2011-02-08 13:36 - 01978938 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 18:49 - 2014-09-15 18:49 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-15 18:49 - 2013-04-22 17:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-15 18:43 - 2008-09-19 04:55 - 00014577 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-09-15 18:40 - 2013-04-17 09:05 - 00038089 _____ () C:\Windows\setupact.log
2014-09-14 15:20 - 2014-09-14 15:20 - 00000300 _____ () C:\Windows\Tasks\wxs.job
2014-09-14 15:20 - 2014-09-14 15:20 - 00000252 _____ () C:\Windows\Tasks\wsx.job
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 20:48 - 2014-01-07 12:12 - 00067550 _____ () C:\Users\user\Desktop\Expenses by month-2014.xlsx
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:42 - 2011-04-24 22:37 - 00000000 ____D () C:\Users\Bunting\.VirtualBox
2014-09-13 17:29 - 2012-03-29 20:01 - 00000000 ____D () C:\Users\Bunting\VirtualBox VMs
2014-09-13 17:02 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 12:35 - 2014-09-13 12:34 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-13 11:40 - 2014-09-13 11:45 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-12 14:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 23:01 - 2013-11-02 23:51 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-09-09 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:44 - 2011-02-12 18:47 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:43 - 2014-05-06 23:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-08 21:27 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-06 14:40 - 2011-08-09 23:30 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:39 - 2011-03-25 12:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\gtk-2.0
2014-09-06 14:23 - 2014-05-11 14:30 - 00000000 ____D () C:\Users\user\Desktop\House-Spring 2
2014-09-06 14:22 - 2014-09-06 14:22 - 00000000 ____D () C:\Users\user\AppData\Local\{01F2260D-58E8-459A-99BF-0D1D6C4FE9B2}
2014-09-06 14:20 - 2014-09-06 14:18 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-09-06 14:20 - 2011-05-16 12:46 - 00289024 _____ () C:\Users\user\DimLog0.xml
2014-09-06 14:19 - 2011-05-16 12:47 - 00001777 _____ () C:\Users\user\DIMConfig.xml
2014-09-04 22:10 - 2014-09-10 14:25 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 14:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 03:22 - 2009-07-14 00:45 - 00419568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-28 07:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 07:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 07:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:03 - 2013-09-03 23:17 - 00536984 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-08-19 14:05 - 2014-09-10 23:02 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-10 23:02 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-10 23:02 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-10 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-10 23:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-10 23:02 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-10 23:02 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-10 23:02 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-10 23:02 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-10 23:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-10 23:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-10 23:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:05 - 2014-09-10 23:02 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-10 23:02 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-10 23:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-10 23:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-10 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-10 23:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-10 23:02 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-10 23:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-10 23:02 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-10 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-10 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-10 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-10 23:02 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-10 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-10 23:02 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-10 23:02 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-10 23:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-10 23:02 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-10 23:02 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-10 23:02 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-10 23:02 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-10 23:02 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:23 - 2014-09-10 23:02 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-09-10 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-10 23:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-10 23:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-10 23:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-10 23:02 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-10 23:02 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-10 23:02 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-10 23:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-10 23:02 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-10 23:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-10 23:02 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-10 23:02 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-10 23:02 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:38 - 2014-09-10 23:02 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:36 - 2014-09-10 23:02 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 04:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Bunting\AppData\Local\Temp\7z.dll
C:\Users\Bunting\AppData\Local\Temp\avgnt.exe
C:\Users\Bunting\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bunting\AppData\Local\Temp\Setup.x64.en-US_ProPlusRetail_RNBVG-JQD4Y-QXWHF-BK9PR-KBQ63_TX_PR_act_1_.exe
C:\Users\Bunting\AppData\Local\Temp\sevnz.exe
C:\Users\Dick and Betty\AppData\Local\Temp\avgnt.exe
C:\Users\Mom\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\_is510E.exe
C:\Users\user\AppData\Local\Temp\_isBFBA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-02 21:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by user at 2014-09-15 21:54:29
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BDlot DVD ISO Master 3.0.2 (HKLM-x32\...\BDlot DVD ISO Master_is1) (Version:  - LotSoft)
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Browser 2 Device Plug-in (HKLM-x32\...\{B0754949-EBFC-4870-B7B5-99B5193D8C28}) (Version: 1.70.0.0 - MiTAC Corporation)
calibre (HKLM-x32\...\{3331E34D-38D0-49CE-A395-B30B05FCCE6C}) (Version: 1.11.0 - Kovid Goyal)
CanoScan Toolbox Ver4.1 (HKLM-x32\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
Content Manager (HKCU\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDFab 8.2.2.5 (14/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
FW LiveUpdate (HKLM-x32\...\{11F5D779-7BD9-465A-BBC4-10701386BCB9}) (Version: 2.0.6.2 - SAMSUNG)
GIMP 2.6.10 (HKLM\...\GIMP-2_is1) (Version: 2.6.10 - The GIMP Team)
GTK+ 2.10.13 runtime environment (HKLM-x32\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HDHomeRun (HKLM\...\{DBB4E17D-09D8-47A6-96B9-876093092284}) (Version: 1.0.12225.0 - Silicondust)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kurlo 1.3 (HKLM-x32\...\Kurlo 1.3) (Version:  - Retied Software, Inc.)
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LightScribe Template Designs - Sports Pack 1 (HKLM-x32\...\{725F0ABA-808A-4256-885C-1E60245521D0}) (Version: 1.10.16.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{83721450-E604-4C37-ABEB-CE7F18C587C8}) (Version: 1.18.24.1 - LightScribe)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Macrium Reflect Free Edition (HKLM\...\{E9220B1F-33C4-4A89-B34D-38374CFBE2CF}) (Version: 5.1.5603 - Paramount Software (UK) Ltd.)
MakeMKV v1.8.8 (HKLM-x32\...\MakeMKV) (Version: v1.8.8 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MD5Check 3.0 (HKLM-x32\...\MD5Check_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{f885d547-71dc-4614-92c3-6722f5e9457c}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.24.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NextPVR (HKLM-x32\...\NextPVR) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Python 2.6.2 (HKLM-x32\...\{24AAB420-4E30-4496-9739-3E216F3DE6AE}) (Version: 2.6.2150 - Python Software Foundation)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RadioRage Internet Explorer Toolbar (HKLM-x32\...\RadioRage_4jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
RAIDXpert (x32 Version: 2.4.1540.26 - AMD) Hidden
Rapport (x32 Version: 3.5.1403.78 - Trusteer) Hidden
Raw Therapee V4.0.7.1 x64 (HKLM\...\{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}) (Version: 4.0.701 - Raw Therapee Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
SABnzbd 0.7.16 (HKLM-x32\...\SABnzbd) (Version: 0.7.16 - The SABnzbd Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TMPGEnc Authoring Works 4 (HKLM-x32\...\{3B183D60-41F1-4513-BF25-761A70654452}) (Version: 4.1.2.49 - Pegasys Inc.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1790 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wohiper (x32 Version: 013.000.1218 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}) (Version: 1.11.1001 - SAMSUNG)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2062905526-1712026431-3041011506-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2062905526-1712026431-3041011506-1000_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)

==================== Restore Points  =========================

29-08-2014 07:00:14 Windows Update
03-09-2014 11:08:30 Installed Rapport
11-09-2014 02:42:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-27 20:03 - 2013-08-28 19:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {587688BC-F792-4E4C-9F74-301F96C85935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-04] (Adobe Systems Incorporated)
Task: {DB2D4411-FD17-4668-9FB9-A00B790F14AC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CA4FC3EF-6192-4C70-8315-0156B86821A5}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\wsx.job => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe
Task: C:\Windows\Tasks\wxs.job => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe

==================== Loaded Modules (whitelisted) =============

2009-03-16 01:47 - 2009-03-16 01:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2013-01-31 14:42 - 2013-01-31 14:42 - 00302200 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2011-11-10 16:43 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-04-04 02:09 - 2013-04-04 02:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-03-16 01:47 - 2009-03-16 01:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 01:47 - 2009-03-16 01:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2011-02-08 10:48 - 2011-02-08 10:48 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 13:35 - 2009-08-20 13:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-11-10 16:43 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-08-26 23:06 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Bunting\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-07-07 15:50 - 2014-07-29 22:23 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-04 21:46 - 2014-03-04 21:46 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-03-14 18:54 - 2013-03-14 18:54 - 00107520 _____ () C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\libgcc_s_dw2-1.dll
2013-03-14 18:54 - 2013-03-14 18:54 - 00022086 _____ () C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\mingwm10.dll
2013-02-28 14:34 - 2013-02-28 14:34 - 04527104 _____ () C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\cm_sync_standalone.dll
2013-02-28 14:34 - 2013-02-28 14:34 - 04875776 _____ () C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\libumap_public.dll
2013-02-28 14:56 - 2013-02-28 14:56 - 03891200 _____ () C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\mapsafe.dll
2014-08-12 20:16 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dick and Betty\Desktop\Travel Document - Tampa 1_21_12.eml:OECustomProperty
AlternateDataStreams: C:\Users\Dick and Betty\Desktop\Your reservation confirmation PBORB6320628974.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 04:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc00000fd
Fault offset: 0x00322179
Faulting process id: 0x1624
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/08/2014 09:11:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 570

Start Time: 01cfcbc98a89f5c8

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/08/2014 00:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception code: 0xc0000005
Fault offset: 0x0000795b
Faulting process id: 0xe34
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3

Error: (09/08/2014 10:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception code: 0xc0000005
Fault offset: 0x0000795b
Faulting process id: 0x137c
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3

Error: (09/05/2014 06:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception code: 0xc0000005
Fault offset: 0x00007a4c
Faulting process id: 0x1120
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3

Error: (09/05/2014 02:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception code: 0xc0000005
Fault offset: 0x00007a69
Faulting process id: 0x698
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3

Error: (09/05/2014 00:45:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db0

Start Time: 01cfc927e56a264a

Termination Time: 840

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: b553548b-351b-11e4-b3d1-6c626daf807e

Error: (09/01/2014 05:40:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RapportMgmtService.exe, version: 3.5.1403.67, time stamp: 0x53da38c9
Faulting module name: RapportUtil.dll, version: 3.5.1403.67, time stamp: 0x53da361e
Exception code: 0xc0000005
Fault offset: 0x00152d99
Faulting process id: 0x3b4
Faulting application start time: 0xRapportMgmtService.exe0
Faulting application path: RapportMgmtService.exe1
Faulting module path: RapportMgmtService.exe2
Report Id: RapportMgmtService.exe3

Error: (08/29/2014 01:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception code: 0xc0000005
Fault offset: 0x0000795b
Faulting process id: 0x16c4
Faulting application start time: 0xipmGui.exe0
Faulting application path: ipmGui.exe1
Faulting module path: ipmGui.exe2
Report Id: ipmGui.exe3

Error: (08/26/2014 09:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RapportService.exe, version: 3.5.1403.67, time stamp: 0x53da38f1
Faulting module name: RapportUtil.dll, version: 3.5.1403.67, time stamp: 0x53da361e
Exception code: 0xc0000005
Fault offset: 0x00152d99
Faulting process id: 0x55c
Faulting application start time: 0xRapportService.exe0
Faulting application path: RapportService.exe1
Faulting module path: RapportService.exe2
Report Id: RapportService.exe3


System errors:
=============
Error: (09/15/2014 08:11:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/15/2014 06:48:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/15/2014 06:44:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (09/15/2014 06:43:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (09/14/2014 10:16:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (09/14/2014 10:15:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/14/2014 08:27:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/14/2014 11:51:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/13/2014 11:43:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (09/13/2014 11:42:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (09/14/2014 04:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c00000fd00322179162401cfd0597edb836cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle33b2964-3c4d-11e4-a5e7-6c626daf807e

Error: (09/08/2014 09:11:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1723957001cfcbc98a89f5c831C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/08/2014 00:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795be3401cfcb708c923fd0C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe8eb43b1e-3774-11e4-b5dc-6c626daf807e

Error: (09/08/2014 10:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b137c01cfcb5fc8165f6eC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.execc246368-3763-11e4-b5dc-6c626daf807e

Error: (09/05/2014 06:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4c112001cfc94960f34997C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe64d701e8-354d-11e4-b3d1-6c626daf807e

Error: (09/05/2014 02:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a6969801cfc927da12177eC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exedbd702cb-352b-11e4-b3d1-6c626daf807e

Error: (09/05/2014 00:45:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239db001cfc927e56a264a840C:\Program Files\Internet Explorer\IEXPLORE.EXEb553548b-351b-11e4-b3d1-6c626daf807e

Error: (09/01/2014 05:40:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RapportMgmtService.exe3.5.1403.6753da38c9RapportUtil.dll3.5.1403.6753da361ec000000500152d993b401cfc62d076d4a8fC:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll9174b15a-3220-11e4-ba06-6c626daf807e

Error: (08/29/2014 01:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b16c401cfc39fef11a32bC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exef2b2b4f4-2fa3-11e4-a109-6c626daf807e

Error: (08/26/2014 09:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RapportService.exe3.5.1403.6753da38f1RapportUtil.dll3.5.1403.6753da361ec000000500152d9955c01cfc193bbad82f1C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll62f46efa-2d87-11e4-9128-6c626daf807e


CodeIntegrity Errors:
===================================
  Date: 2013-08-28 19:49:59.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 19:49:59.393
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-23 22:33:49.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-23 22:33:49.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 260 Processor
Percentage of memory in use: 66%
Total physical RAM: 3831.76 MB
Available physical RAM: 1265.84 MB
Total Pagefile: 7661.7 MB
Available Pagefile: 3478.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:15.74 GB) NTFS
Drive e: () (Fixed) (Total:931.32 GB) (Free:340.5 GB) NTFS
Drive g: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive j: (My Book) (Fixed) (Total:465.76 GB) (Free:122.1 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2749.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 866856A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.3 GB) (Disk ID: 2CC1EA09)
Partition 1: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 962 MB) (Disk ID: A096E989)
Partition 1: (Not Active) - (Size=962 MB) - (Type=06)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: 78357339)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-15 22:46:22
-----------------------------
22:46:22.698    OS Version: Windows x64 6.1.7601 Service Pack 1
22:46:22.698    Number of processors: 2 586 0x603
22:46:22.699    ComputerName: BUNTING-LIVRM  UserName: user
22:46:25.176    Initialize success
22:46:25.177    VM: initialized successfully
22:46:25.182    VM: Amd CPU supported
22:46:27.074    VM: supported disk I/O storport.sys
22:46:30.709    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
22:46:30.712    Disk 0 Vendor: Seagate_ CC38 Size: 152627MB BusType: 8
22:46:30.715    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000006e
22:46:30.718    Disk 1 Vendor: AMD_____ 1.10 Size: 953674MB BusType: 8
22:46:30.837    Disk 0 MBR read successfully
22:46:30.845    Disk 0 MBR scan
22:46:30.853    Disk 0 Windows 7 default MBR code
22:46:30.863    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:46:30.871    Disk 0 default boot code
22:46:30.881    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
22:46:31.014    Disk 0 scanning C:\Windows\system32\drivers
22:46:43.692    Service scanning
22:47:21.510    Modules scanning
22:47:21.515    Disk 0 trace - called modules:
22:47:21.539    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
22:47:21.550    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e5e760]
22:47:21.554    3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80045987e0]
22:47:21.565    Scan finished successfully
22:47:39.306    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:47:39.312    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-15 22:46:22
-----------------------------
22:46:22.698    OS Version: Windows x64 6.1.7601 Service Pack 1
22:46:22.698    Number of processors: 2 586 0x603
22:46:22.699    ComputerName: BUNTING-LIVRM  UserName: user
22:46:25.176    Initialize success
22:46:25.177    VM: initialized successfully
22:46:25.182    VM: Amd CPU supported
22:46:27.074    VM: supported disk I/O storport.sys
22:46:30.709    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
22:46:30.712    Disk 0 Vendor: Seagate_ CC38 Size: 152627MB BusType: 8
22:46:30.715    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000006e
22:46:30.718    Disk 1 Vendor: AMD_____ 1.10 Size: 953674MB BusType: 8
22:46:30.837    Disk 0 MBR read successfully
22:46:30.845    Disk 0 MBR scan
22:46:30.853    Disk 0 Windows 7 default MBR code
22:46:30.863    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:46:30.871    Disk 0 default boot code
22:46:30.881    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
22:46:31.014    Disk 0 scanning C:\Windows\system32\drivers
22:46:43.692    Service scanning
22:47:21.510    Modules scanning
22:47:21.515    Disk 0 trace - called modules:
22:47:21.539    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
22:47:21.550    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e5e760]
22:47:21.554    3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80045987e0]
22:47:21.565    Scan finished successfully
22:47:39.306    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:47:39.312    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
22:49:48.778    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:49:48.784    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


Thanks again,

 

Tom


  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi and thanks for the logs. You have a few infections going on here so let's get on with the clean :geek:

Step 1

FRST Fix
If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached and save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 2

Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlog
  • JRT Log
  • ADWcleaner Scan Log

  • 0

#5
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

My wife has noticed that this is also affecting our email.  Long time to download, and she is unable to forward items.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by user at 2014-09-16 19:56:51 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Fitbit Connect
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe
C:\Program Files (x86)\RadioRage_4j
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485960 2014-05-08] ( )
HKLM-x32\...\Run: [RadioRage EPM Support] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe [12872 2014-05-08] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2014-05-08] (Mindspark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe [61512 2014-05-08] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader 64] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe [71752 2014-05-08] (VER_COMPANY_NAME)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [.tluafed** <*>] => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
URLSearchHook: HKCU - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...r={searchTerms}
BHO-x32: Toolbar BHO -> {48909954-14fb-4971-a7b3-47e7af10b38a} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
BHO-x32: Search Assistant BHO -> {5848763c-2668-44ca-adbe-2999a6ee2858} -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
Toolbar: HKCU - No Name - {78BA36C9-6036-482B-B48D-ECCA6F964B84} -  No File
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: RadioRage - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\4jffxtbr@RadioRage_4j.com [2014-09-10]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2014-05-08] (COMPANYVERS_NAME)
CustomCLSID: HKU\S-1-5-21-2062905526-1712026431-3041011506-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: C:\Windows\Tasks\wsx.job => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe
Task: C:\Windows\Tasks\wxs.job => C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe
C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe
end
*****************

[1896] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe => Process closed successfully.
C:\Program Files (x86)\Fitbit Connect => Moved successfully.
[1512] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe => Process closed successfully.
[3016] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe => Process closed successfully.
[4428] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe => Process closed successfully.
[4348] C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe => Process closed successfully.
C:\Program Files (x86)\RadioRage_4j => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RadioRage Home Page Guard 64 bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadioRage EPM Support => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadioRage Search Scope Monitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadioRage_4j Browser Plugin Loader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadioRage_4j Browser Plugin Loader 64 => value deleted successfully.
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value Deleted Successfully.
"HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
"HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14fb-4971-a7b3-47e7af10b38a}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{48909954-14fb-4971-a7b3-47e7af10b38a}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763c-2668-44ca-adbe-2999a6ee2858}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5848763c-2668-44ca-adbe-2999a6ee2858}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{78ba36c9-6036-482b-b48d-ecca6f964b84} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{78ba36c9-6036-482b-b48d-ecca6f964b84}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{78BA36C9-6036-482B-B48D-ECCA6F964B84} => value deleted successfully.
"HKCR\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@RadioRage_4j.com/Plugin" => Key deleted successfully.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\4jffxtbr@RadioRage_4j.com => Moved successfully.
Fitbit Connect => Service deleted successfully.
RadioRage_4jService => Service deleted successfully.
"HKU\S-1-5-21-2062905526-1712026431-3041011506-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows\Tasks\wsx.job => Moved successfully.
C:\Windows\Tasks\wxs.job => Moved successfully.
C:\Users\user\Application Data\{00004A32-0ED0-70EC-E583-BEBAEC55D030}.exe => Moved successfully.

==== End of Fixlog ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Professional x64
Ran by user on Tue 09/16/2014 at 19:59:18.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] radiorage_4jservice
Successfully deleted: [Service] radiorage_4jservice



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\radiorage_4j
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\radiorage_4j
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\radiorage_4j
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.toolbarprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\radiorage_4j.toolbarprotector.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\radiorage_4jbar uninstall firefox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\radiorage_4jbar uninstall internet explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\radiorage_4j"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{01F2260D-58E8-459A-99BF-0D1D6C4FE9B2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BB36DD2-1607-4607-87AB-B005C75B640E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{48656884-0C8B-4AB9-9769-D2943F125618}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{76990855-2842-4671-9A93-57B1584C1449}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A8149BE1-5ABB-4137-B273-6DF73DD53299}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A99798B6-4B54-41F6-91A5-5B0A91D66DEE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AA719692-80B7-4F77-9BA0-BFCA6F6811AA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C26350E7-A784-45A6-88FE-1371D9E4DE47}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3E075EE-A2BB-4A13-833D-AC32C61C36BC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C7E1E326-68E7-4862-A565-A426AC50E48D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D1B77557-0370-4F67-9E0B-68F964EAC3B7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF72E8F8-4C51-4F9F-9DD7-0714561CC1C9}



~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\8icaa8ni.default\minidumps [549 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/16/2014 at 20:09:21.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.310 - Report created 16/09/2014 at 22:56:48
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : user - BUNTING-LIVRM
# Running from : C:\Users\user\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\users\user\AppData\Local\iac
Folder Found : C:\users\user\AppData\Local\RadioRage_4j
Folder Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p2gzsapq.default\Extensions\4jffxtbr@RadioRage_4j.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2284 octets] - [16/09/2014 22:56:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2344 octets] ##########
 

 

Thank you,


  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, hopefully the steps we will go through will sort most of your problems out, we will keep an eye on them as we go along and check out all your services etc to see what is going on.

First we will let adwcleaner remove the items it found and then take another look under the hood and check out what your security status is.

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the adwcleaner.pngAdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Then...

Please run FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Then...

Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click securitycheck.png SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Items I need to see in your next post:

  • ADWcleaner Clean report
  • Fresh FRST Log
  • Security Check Log

  • 0

#7
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Thanks.

 

# AdwCleaner v3.310 - Report created 17/09/2014 at 22:31:01
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : user - BUNTING-LIVRM
# Running from : C:\Users\user\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\users\user\AppData\Local\iac
Folder Deleted : C:\users\user\AppData\Local\RadioRage_4j
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p2gzsapq.default\Extensions\4jffxtbr@RadioRage_4j.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [2436 octets] - [17/09/2014 22:28:17]
AdwCleaner[S0].txt - [2379 octets] - [17/09/2014 22:31:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2439 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on BUNTING-LIVRM on 17-09-2014 22:40:34
Running from C:\Users\user\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(MiTAC) C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\CmTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [Content Manager Tray App] => C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\launchCM.exe [94208 2013-03-14] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8AEC3B0CE145CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: magellangps.com/mgnContentManager -> C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\npmgnContentManager.dll (MiTAC Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\searchplugins\google-ssl.xml
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-09-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2013-05-08]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21]
FF Extension: Adblock Edge - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-08-11]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [55808 2013-10-13] (Menten Holdings Ltd) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-11-20] (Digiarty Software, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [57976 2013-01-31] ()
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-08-18] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-08-21] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-08-21] (IBM Corp.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 22:40 - 2014-09-17 22:40 - 00014929 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-17 22:31 - 2014-09-17 22:31 - 00002531 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-17 22:28 - 2014-09-17 22:29 - 00002436 _____ () C:\Users\user\Desktop\AdwCleaner[R1].txt
2014-09-17 22:27 - 2014-09-17 22:27 - 00854417 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-09-16 22:56 - 2014-09-17 22:39 - 00000000 ____D () C:\AdwCleaner
2014-09-16 19:59 - 2014-09-16 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 19:42 - 2014-09-16 19:42 - 01373475 _____ () C:\Users\user\Desktop\adwcleaner_3.310.exe
2014-09-16 19:42 - 2014-09-16 19:42 - 01016035 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-09-15 23:09 - 2014-09-15 23:09 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-09-15 21:51 - 2014-09-17 22:40 - 00000000 ____D () C:\FRST
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:38 - 2014-05-16 14:21 - 64770048 _____ () C:\Users\Bunting\Desktop\VBoxGuestAdditions.iso
2014-09-13 12:34 - 2014-09-16 23:20 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-13 11:45 - 2014-09-13 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-10 23:02 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:02 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:02 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:02 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:02 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:02 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:02 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:02 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:02 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:02 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:02 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:02 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:02 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:02 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:43 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:43 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:26 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:26 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:18 - 2014-09-06 14:20 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-08-28 07:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 22:41 - 2014-09-17 22:40 - 00014929 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-17 22:40 - 2014-09-15 21:51 - 00000000 ____D () C:\FRST
2014-09-17 22:39 - 2014-09-16 22:56 - 00000000 ____D () C:\AdwCleaner
2014-09-17 22:35 - 2008-09-19 04:55 - 00014577 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-09-17 22:33 - 2013-04-17 09:05 - 00038313 _____ () C:\Windows\setupact.log
2014-09-17 22:33 - 2011-02-12 22:57 - 00408712 _____ () C:\Windows\PFRO.log
2014-09-17 22:31 - 2014-09-17 22:31 - 00002531 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-17 22:31 - 2011-02-08 13:36 - 02079443 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 22:29 - 2014-09-17 22:28 - 00002436 _____ () C:\Users\user\Desktop\AdwCleaner[R1].txt
2014-09-17 22:27 - 2014-09-17 22:27 - 00854417 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-09-17 20:09 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 20:09 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 23:20 - 2014-09-13 12:34 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-16 19:59 - 2014-09-16 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 19:42 - 2014-09-16 19:42 - 01373475 _____ () C:\Users\user\Desktop\adwcleaner_3.310.exe
2014-09-16 19:42 - 2014-09-16 19:42 - 01016035 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-09-15 23:09 - 2014-09-15 23:09 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-09-15 22:57 - 2011-02-12 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-15 18:49 - 2013-04-22 17:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 20:48 - 2014-01-07 12:12 - 00067550 _____ () C:\Users\user\Desktop\Expenses by month-2014.xlsx
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:42 - 2011-04-24 22:37 - 00000000 ____D () C:\Users\Bunting\.VirtualBox
2014-09-13 17:29 - 2012-03-29 20:01 - 00000000 ____D () C:\Users\Bunting\VirtualBox VMs
2014-09-13 17:02 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 11:40 - 2014-09-13 11:45 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-12 14:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 23:01 - 2013-11-02 23:51 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-09-09 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:44 - 2011-02-12 18:47 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:43 - 2014-05-06 23:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-08 21:27 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-06 14:40 - 2011-08-09 23:30 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:39 - 2011-03-25 12:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\gtk-2.0
2014-09-06 14:23 - 2014-05-11 14:30 - 00000000 ____D () C:\Users\user\Desktop\House-Spring 2
2014-09-06 14:20 - 2014-09-06 14:18 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-09-06 14:20 - 2011-05-16 12:46 - 00289024 _____ () C:\Users\user\DimLog0.xml
2014-09-06 14:19 - 2011-05-16 12:47 - 00001777 _____ () C:\Users\user\DIMConfig.xml
2014-09-04 22:10 - 2014-09-10 14:25 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 14:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 03:22 - 2009-07-14 00:45 - 00419568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-28 07:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 07:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 07:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:03 - 2013-09-03 23:17 - 00536984 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-08-19 14:05 - 2014-09-10 23:02 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-10 23:02 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-10 23:02 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-10 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-10 23:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-10 23:02 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-10 23:02 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-10 23:02 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-10 23:02 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-10 23:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-10 23:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-10 23:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-10 23:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:05 - 2014-09-10 23:02 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-10 23:02 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-10 23:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-10 23:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-10 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-10 23:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-10 23:02 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-10 23:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-10 23:02 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-10 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-10 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-10 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-10 23:02 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-10 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-10 23:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-10 23:02 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-10 23:02 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-10 23:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-10 23:02 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-10 23:02 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-10 23:02 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-10 23:02 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-10 23:02 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:23 - 2014-09-10 23:02 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-09-10 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-10 23:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-10 23:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-10 23:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-10 23:02 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-10 23:02 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-10 23:02 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-10 23:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-10 23:02 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-10 23:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-10 23:02 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-10 23:02 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-10 23:02 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:38 - 2014-09-10 23:02 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:36 - 2014-09-10 23:02 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Bunting\AppData\Local\Temp\7z.dll
C:\Users\Bunting\AppData\Local\Temp\avgnt.exe
C:\Users\Bunting\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bunting\AppData\Local\Temp\Setup.x64.en-US_ProPlusRetail_RNBVG-JQD4Y-QXWHF-BK9PR-KBQ63_TX_PR_act_1_.exe
C:\Users\Bunting\AppData\Local\Temp\sevnz.exe
C:\Users\Dick and Betty\AppData\Local\Temp\avgnt.exe
C:\Users\Mom\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\_is510E.exe
C:\Users\user\AppData\Local\Temp\_isBFBA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-02 21:09

==================== End Of Log ============================

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 7 Update 5  
 Java version out of Date!
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (32.0.1)
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
 


  • 0

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

The logs are looking pretty good right now but I think that rapport might be causing some of your slowness issues so I would like you to remove it please. You may reinstall it if your online banking requires you to do so when you next log in.

It would be best if you could disable Avira for the duration of the following items.

First...

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.

  • Rapport

Then...

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Then...

Please run a free online scan with the ESET Online Scanner

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: [url=http://Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: %5Burl=http://www.bleepingc...lware-programs/

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\Eset\\EsetOnlineScanner\[b]log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#9
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

OK.  Don't know what happened, but for

 

Step 1, RAPPORT was not listed as an installed program, so I could not remove it.

 

Step 2, Program said it worked, quarantined many, many programs, but the log when viewed through the program shows nothing.  It does show me the Protection Log has lots in it, but whenever I try to "Export" a .txt file, MBAM crashes.

 

Step 3 OK.  Log below

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5bf76c920156364a8a9c55db31b777be
# engine=20226
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-19 12:30:29
# local_time=2014-09-19 08:30:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 155574007 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 36703511 162673279 0 0
# scanned=511463
# found=61
# cleaned=0
# scan_time=33356
sh=08EEA8C5839D81CF4FE8C4D7C304F84757C4B99B ft=1 fh=41dc015150d2b8d9 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jauxstb.dll"
sh=8872824DA370A893AF27EDA5914C81B016FDE10D ft=1 fh=7df6b6eaf73c436e vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jauxstb64.dll"
sh=352E15324D870431C6A80AEFA1B3826AF5F8AD7B ft=1 fh=d498158229edd61d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll"
sh=2DB76E64C44398F284BB9607477FFAB286C822A5 ft=1 fh=a15fd42821542f57 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe"
sh=3E702CCA69804CDADE4A916C4666099B252CEC46 ft=1 fh=3ff9f90724b61074 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbprtct.dll"
sh=242016E4DB00A6326CB726E517BD8C44C0D9AF4F ft=1 fh=5585cde8f9518639 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe"
sh=BD3BA77A76482B8432E852B6C12718DFD8A805E8 ft=1 fh=d0f2a63db6645c6c vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe"
sh=43057F202484834CAED5265AF9ADBD5C1C00C47C ft=1 fh=cbe7b8075d97fef6 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll"
sh=E22F1101BCDB847DDA207076C20847EE7BA14783 ft=1 fh=6dacd07894aac7d3 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub64.dll"
sh=6F8E675C0259BDB7CEEADA861381E8655E3882FD ft=1 fh=0c2cde178f5cb3ea vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll"
sh=D14FF0D978C0818F3219AB303258B61961E24B5B ft=1 fh=95d16e31093cddf4 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdlghk.dll"
sh=BFF74D4CF269E36527CE43A484298A7797D85DDB ft=1 fh=e0568f6273d6b1f6 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdlghk64.dll"
sh=4B8694F7BFF75DDF2A99D67136B9FCAA8BCBF818 ft=1 fh=54e43688a7d5acff vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jfeedmg.dll"
sh=8000F7F069170BA3962B6D1DE97641CB8E8795E6 ft=1 fh=41956871b2c6a631 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll"
sh=56E4F2B4EC1A6E8836C2541D66E710DABCA48FB3 ft=1 fh=bc873fb5e0ff5b6a vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhttpct.dll"
sh=7318474377B8A97C09E8B4E76BC84CD967F41425 ft=1 fh=2cc6ec5e6a8fb481 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jidle.dll"
sh=B17E3F03EDE4F7710DD0678C170FEFC0457ACF7D ft=1 fh=03d8ea72626c5942 vn="Win32/Toolbar.MyWebSearch.AG potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jieovr.dll"
sh=0BFBBF33F74B6E9187D80CDD84DD49997DE10DBC ft=1 fh=7e5ba4990ad2843d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmlbtn.dll"
sh=AD9FAD90CC49091BBEA91AA9829BA7C7DE57A080 ft=1 fh=333fc276c8268012 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll"
sh=E591A3DBC8B508F86149B610BDD39DF799C101FA ft=1 fh=e63430e62a50e4d1 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jradio.dll"
sh=08B86C2A2D83758DC2A2737519E99B6409BFCE4A ft=1 fh=aae2e643a8115a99 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jregfft.dll"
sh=5A7521CEEC575EF85C8E191C4331DF8888B3A22B ft=1 fh=890daf73d694e35c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jregiet.dll"
sh=80650AAB853B1ACEBE666EC834BE9AE519116254 ft=1 fh=88f6e6dcc31aacd1 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jscript.dll"
sh=1A401BBE5BA7C679A6B56A2F335D8AF67A063C4A ft=1 fh=22f921539bef2c08 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll"
sh=C2989D1054DEF8375543745EB246AC09139DBB99 ft=1 fh=9502a7177dbba1c1 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll"
sh=DF8005C51D4EE75E9C3CEE21A96FDCA75EF2E71B ft=1 fh=24159591b5465636 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jsrchmr.dll"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jtpinst.dll"
sh=F76EBFB49A14135188A858A9A19ADE33D841FAD9 ft=1 fh=fd6523e46258979f vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe"
sh=385877E899E02E0F9C551D5B3293270C5FEB9D6B ft=1 fh=fc49323ed3498cd9 vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegratorStub64.dll"
sh=3C2251BC6DBC556B960D82FC7211B6005A613A8A ft=1 fh=e2babb33b836a3b5 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR.DLL"
sh=E9C0F7642BFDCA4F304679F44A2351765D25D7E3 ft=1 fh=df272951a00ae964 vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR64.DLL"
sh=5B52C97808B05C61C42C660EF788C6E30E9956D1 ft=1 fh=3bd8668ff345b3ba vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CREXT.DLL"
sh=C0F1C1AD7E3E71F00D10961BF88368998314C8B5 ft=1 fh=1104306037fac477 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CrExtP4j.exe"
sh=1B7027E34F895FA1E93C6CEDD86EB8415F086E5C ft=1 fh=0f1abfa76a5eafd1 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\DPNMNGR.DLL"
sh=FA366450E70C686F15807DAD7D890CA19C739EE4 ft=1 fh=c3b0d1b55e33b10b vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\EXEMANAGER.DLL"
sh=ED7CCFFE86134DB07B0BEE73EC86B99C7243897A ft=1 fh=30bb44c368d084a2 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\FF-NativeMessagingDispatcher.dll"
sh=2C88C56E84FB90C27DA50DF87011A98C77362B19 ft=1 fh=054dd36e0a8ce909 vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\Hpg64.dll"
sh=06EED086BAE0127ADC62E9547F07396B0B32EBA7 ft=1 fh=245e9c2b06b4128f vn="Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll"
sh=AFDF3F69BEB1CDE4A5AA1D9EE5BEFD8A5DE808D7 ft=1 fh=6f20f9ce0b4866ad vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EPMSUP.DLL"
sh=ACBBE4D6CB48DD5CF142D79FDFEECBD7F9E9854E ft=1 fh=c0c375ff197f91b8 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTEX.DLL"
sh=BB1DF373EBE307C63271B72B7905E86FBF58D2CB ft=1 fh=16b6d8b2476550db vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL"
sh=0C27996F6F6194AA4EE5DA4031A78B9E304B05E3 ft=1 fh=44a79e41ea9fa8ee vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8HTML.DLL"
sh=88A01244271EF4EE3E78DDCEAF4287D4B053ED9A ft=1 fh=6b89c95ed44a94f1 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8TICKER.DLL"
sh=2AEDCD54BB567C79B20C8A20A6C061F71E919629 ft=1 fh=7f81933bb4629a22 vn="Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\TPIMANAGERCONSOLE.EXE"
sh=AB85089131865A0535CD21A15D60C00AA7C425A2 ft=1 fh=13b78041014ac185 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\VERIFY.DLL"
sh=AC297627AB9AB7AD194EC4E3CDE50D2A42F9A4FA ft=1 fh=609aefa527ec4346 vn="Win32/Toolbar.MyWebSearch.AF potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=AE41E07C243722E754E77B17372A60C03E6EC6C4 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Program Files (x86)\Calibre2\Tools\.tsuarch"
sh=D3B8D725DCFC7360C597408CCF2B56A4D4E6F865 ft=1 fh=5a26f58005703774 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Andrew\Downloads\GraboidVideoSetup-3.11.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=AE41E07C243722E754E77B17372A60C03E6EC6C4 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\Mom and Dad\Downloads\tools%20v6.0.8\.tsuarch"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Shared\My Documents.tar.gz"
sh=B51642AFF56379C0A649C242C960BF102F0157CB ft=1 fh=3535796f1a0d48ee vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Shared\Pictures\New folder\avira_free_antivirus_en(2).exe"
sh=0808A9E84F38E19112DECEBA0897486F66568B40 ft=1 fh=85960dd2f02dcc61 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\New Comp Needs\disk-defrag-setup.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\New Comp Needs\SetupImgBurn_2.5.5.0.exe"
 


  • 0

#10
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi. Sorry I dont have access to my computer until tomorrow.
But for now canyou try the trusteer rapport uninstall utility. You will need to supply an email address to download the tool but it should remove all instances of rapport for you.
http://www.trusteer....troubleshooting
  • 0

Advertisements


#11
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

I tried downloading the uninstaller, but no joy.  I received the email telling me where to download from, but when I tried to dl it, it popped a window telling me that my security settings do not allow download of this file.  I then disabled the Avira, and tried again but received the same message.

 

What nneds to be changed to get this file downloaded?

 

Also, we were gone for 2 days.  When starting the computer tonight, it took forever again.

 

Tom


  • 0

#12
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Update, I think I got it.  Appears to have worked.  Still takes forever to start up.


  • 0

#13
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, let's clear up some temp folders and take another look at what is going on. There may be some startup entries we can trim down to speed things up for you.

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please right click TFC.exe tfc.png and select Run as Administrator.. (Note: If you are running on XP, just double click the file.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Then...

Please run FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

  • 0

#14
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Seemed to restart a little quicker.  1 thing I have noticed before is the NextPVR service.  I have it set to only start when called, but it seems to be one of the items that will always flash on the taskbar when the computer is started.  It is always the last item I notice, and it takes forever.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on BUNTING-LIVRM on 22-09-2014 19:25:20
Running from C:\Users\user\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(MiTAC) C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\CmTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\...\Run: [Content Manager Tray App] => C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\launchCM.exe [94208 2013-03-14] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8AEC3B0CE145CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: magellangps.com/mgnContentManager -> C:\Users\user\AppData\Roaming\MiTACCorporation\mgnContentManager\1.70.0.0\npmgnContentManager.dll (MiTAC Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\searchplugins\google-ssl.xml
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-09-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Add to Amazon Wish List Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2013-05-08]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\[email protected] [2014-08-11]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21]
FF Extension: Adblock Edge - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-08-11]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [55808 2013-10-13] (Menten Holdings Ltd) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-11-20] (Digiarty Software, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [57976 2013-01-31] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 19:25 - 2014-09-22 19:25 - 00014523 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-22 18:17 - 2014-09-22 18:16 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2014-09-21 21:20 - 2014-09-21 21:19 - 00764184 _____ () C:\Users\Bunting\Desktop\RapportSafeUninstall.exe
2014-09-21 21:19 - 2014-09-21 21:19 - 00764184 _____ () C:\Users\user\Desktop\RapportSafeUninstall.exe
2014-09-18 23:07 - 2014-09-18 23:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 23:05 - 2014-09-18 23:05 - 02347384 _____ (ESET) C:\Users\user\Desktop\esetsmartinstaller_enu.exe
2014-09-18 17:54 - 2014-09-19 10:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 17:54 - 2014-09-18 17:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 17:54 - 2014-09-18 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 17:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 17:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 17:52 - 2014-09-18 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 22:27 - 2014-09-17 22:27 - 00854417 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-09-16 22:56 - 2014-09-17 22:39 - 00000000 ____D () C:\AdwCleaner
2014-09-16 19:59 - 2014-09-16 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 19:42 - 2014-09-16 19:42 - 01373475 _____ () C:\Users\user\Desktop\adwcleaner_3.310.exe
2014-09-16 19:42 - 2014-09-16 19:42 - 01016035 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-09-15 23:09 - 2014-09-15 23:09 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-09-15 21:51 - 2014-09-22 19:25 - 00000000 ____D () C:\FRST
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:38 - 2014-05-16 14:21 - 64770048 _____ () C:\Users\Bunting\Desktop\VBoxGuestAdditions.iso
2014-09-13 12:34 - 2014-09-22 19:22 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-13 11:45 - 2014-09-13 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-10 23:02 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:02 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:02 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:02 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:02 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:02 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:02 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:02 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:02 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:02 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:02 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:02 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:02 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:02 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:02 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:02 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:02 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:02 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:02 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:02 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:02 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:02 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:02 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:02 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:02 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:02 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:02 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:02 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:02 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:02 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:43 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:43 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:26 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:26 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:26 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:26 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:26 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:26 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:26 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:25 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:25 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:18 - 2014-09-06 14:20 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-08-28 07:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 19:28 - 2014-09-22 19:25 - 00014523 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-22 19:25 - 2014-09-15 21:51 - 00000000 ____D () C:\FRST
2014-09-22 19:23 - 2008-09-19 04:55 - 00014577 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-09-22 19:22 - 2014-09-13 12:34 - 00000000 ____D () C:\Users\user\Desktop\OTL Sept14
2014-09-22 19:21 - 2013-04-17 09:05 - 00038649 _____ () C:\Windows\setupact.log
2014-09-22 19:19 - 2011-02-08 13:36 - 01219997 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 18:16 - 2014-09-22 18:17 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2014-09-22 12:42 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 12:42 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 21:24 - 2011-02-12 22:57 - 00434022 _____ () C:\Windows\PFRO.log
2014-09-21 21:24 - 2011-02-12 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 21:19 - 2014-09-21 21:20 - 00764184 _____ () C:\Users\Bunting\Desktop\RapportSafeUninstall.exe
2014-09-21 21:19 - 2014-09-21 21:19 - 00764184 _____ () C:\Users\user\Desktop\RapportSafeUninstall.exe
2014-09-19 10:56 - 2014-09-18 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 23:07 - 2014-09-18 23:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 23:05 - 2014-09-18 23:05 - 02347384 _____ (ESET) C:\Users\user\Desktop\esetsmartinstaller_enu.exe
2014-09-18 17:54 - 2014-09-18 17:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 17:54 - 2014-09-18 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 17:54 - 2013-09-03 23:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-09-18 17:52 - 2014-09-18 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 22:39 - 2014-09-16 22:56 - 00000000 ____D () C:\AdwCleaner
2014-09-17 22:27 - 2014-09-17 22:27 - 00854417 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-09-16 19:59 - 2014-09-16 19:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 19:42 - 2014-09-16 19:42 - 01373475 _____ () C:\Users\user\Desktop\adwcleaner_3.310.exe
2014-09-16 19:42 - 2014-09-16 19:42 - 01016035 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-09-15 23:09 - 2014-09-15 23:09 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-09-15 19:21 - 2014-09-15 19:21 - 05185536 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-09-15 19:21 - 2014-09-15 19:21 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-15 18:49 - 2013-04-22 17:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 20:54 - 2014-09-13 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-09-13 20:48 - 2014-01-07 12:12 - 00067550 _____ () C:\Users\user\Desktop\Expenses by month-2014.xlsx
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-09-13 19:52 - 2014-09-13 19:52 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-09-13 17:42 - 2011-04-24 22:37 - 00000000 ____D () C:\Users\Bunting\.VirtualBox
2014-09-13 17:29 - 2012-03-29 20:01 - 00000000 ____D () C:\Users\Bunting\VirtualBox VMs
2014-09-13 17:02 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 11:40 - 2014-09-13 11:45 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-09-12 14:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 23:01 - 2013-11-02 23:51 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:00 - 2013-09-09 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:44 - 2011-02-12 18:47 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:43 - 2014-05-06 23:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-08 21:27 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-06 14:40 - 2011-08-09 23:30 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-09-06 14:39 - 2014-09-06 14:39 - 00001553 _____ () C:\Users\user\.recently-used.xbel
2014-09-06 14:39 - 2011-03-25 12:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\gtk-2.0
2014-09-06 14:23 - 2014-05-11 14:30 - 00000000 ____D () C:\Users\user\Desktop\House-Spring 2
2014-09-06 14:20 - 2014-09-06 14:18 - 00000000 ____D () C:\Users\user\Desktop\Pics Sept 14
2014-09-06 14:20 - 2011-05-16 12:46 - 00289024 _____ () C:\Users\user\DimLog0.xml
2014-09-06 14:19 - 2011-05-16 12:47 - 00001777 _____ () C:\Users\user\DIMConfig.xml
2014-09-04 22:10 - 2014-09-10 14:25 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 14:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 03:22 - 2009-07-14 00:45 - 00419568 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-02 21:09

==================== End Of Log ============================


  • 0

#15
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Another question.  I needed to download a DirecTV equipment manual tonight, and when I try to download the manual this pops up:  "Your current security settings do not allow this file to be downloaded"

 

 

Why?  I have never had a problem before downloading files, why suddenly now?  This is the same message I got last night when I tried to download the Rapport Uninstaller.  Is this a new setting?  I did not change any security settings that I know of.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP