Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome.exe *32 Tried solutions to previous threads. [Solved]

Started by squier133 , Oct 27 2014 03:14 PM

  • This topic is locked This topic is locked

#1
squier133
Posted 27 October 2014 - 03:14 PM

squier133

    Member

  • Member
  • PipPip
  • 10 posts

Hi, i have tried the solutions to a few different threads on this site for multiple chrome.exe *32 processes open at a time. http://www.geekstogo...e-chromeexe-32/ is the one I tried most recently, and still when i open my task manager, i have between 8-10 chrome.exe *32 processes. I am also being redirected to other sites (sometimes opening new tabs) and saying my java/adobe is out of date. Malwarebytes and Avira haven't been able to get rid of it. Here is my OTL quick scan log. I am brand new to OTL, so if you need something else, let me know.

 

OTL logfile created on: 10/27/2014 1:58:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ryan\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 38.43% Memory free
28.22 Gb Paging File | 25.48 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): c:\pagefile.sys 25000 40000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 158.87 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.83 Gb Free Space | 96.00% Space Free | Partition Type: NTFS
Drive F: | 567.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: RYANSPC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/20 18:06:54 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/10/20 18:06:33 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/10/20 18:06:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/10/09 17:52:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/23 14:47:54 | 000,165,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/09/23 14:47:50 | 000,160,560 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/31 08:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/07/31 08:38:20 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/10/08 16:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2011/09/02 14:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/03/03 13:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 13:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/02 15:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/22 21:07:05 | 000,331,592 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/22 21:07:04 | 014,891,848 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
MOD - [2014/09/22 21:07:02 | 008,577,864 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/22 21:06:58 | 001,098,056 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/22 21:06:56 | 000,174,408 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/22 21:06:55 | 001,660,232 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2013/09/04 22:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/24 13:45:53 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013/02/24 13:45:48 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll
MOD - [2013/02/13 09:37:53 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/02/13 09:35:21 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/02/13 01:14:47 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/11 00:48:38 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013/01/10 21:54:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 21:54:18 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 21:54:07 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/10 21:54:03 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/10 21:53:59 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 21:53:58 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 21:53:54 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2013/01/10 10:14:35 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/10 10:13:52 | 001,078,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013/01/10 09:52:12 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/01/10 09:52:11 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/10 09:52:10 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/10 09:52:09 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 09:52:05 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 07:52:52 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/10 07:52:37 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/10 07:52:35 | 002,517,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b262c22be9cf2b20e3186bcf191f2b97\System.Data.Linq.ni.dll
MOD - [2013/01/10 07:52:34 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013/01/10 07:52:24 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/10 07:52:21 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/10 07:52:17 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/10 07:52:15 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/10 07:52:11 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 07:52:10 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/10 07:52:09 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 07:52:03 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/10 07:52:03 | 000,145,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 19:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 19:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2009/09/26 07:39:54 | 000,360,448 | ---- | M] () -- C:\Windows\system\BisonC07.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/21 15:30:09 | 000,635,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV:64bit: - [2011/04/11 13:02:34 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/22 11:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 07:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/10/20 18:06:54 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/10/20 18:06:38 | 000,994,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/10/20 18:06:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/27 13:22:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/23 14:47:50 | 000,160,560 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/31 08:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 14:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 13:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/15 20:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 07:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 07:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/27 13:43:36 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/20 18:06:34 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/10/20 18:06:33 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/17 09:13:37 | 000,095,032 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2014/03/17 09:13:37 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2014/03/17 09:13:36 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013/11/25 13:18:02 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/13 10:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 10:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 19:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/06/10 04:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/07 01:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/08 10:39:36 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/07/08 10:39:36 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/04/22 05:19:34 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CC3.sys -- (SaiK0CC3)
DRV:64bit: - [2010/04/22 05:19:34 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CC3.sys -- (SaiU0CC3)
DRV:64bit: - [2010/04/01 04:29:16 | 000,319,536 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/31 00:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/11 20:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 12:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 15:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 02:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 22:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 04:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 20:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22365F49-1338-4FDD-A2F3-F5D16E84662F}: "URL" = http://search.condui...7802042832&UM=2
IE - HKCU\..\SearchScopes\{86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{8FAC5445-12DB-4902-33D1-0F2DF045E3F1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - default_search_provider: 51786348FFFF3427917A4BEA4D260EAA30ABE29366BA1322F3A8E45ABF30F6BA (Enabled)
CHR - default_search_provider: search_url = 7F8F45E783144FA96B49E9157E9C7BA888925FC3327CE844AEE1DA082FEEA9EC
CHR - default_search_provider: suggest_url = 
CHR - homepage: 571BE4507F31AF8F26B7B0488D882F3379C90538AE2C2B935BCD87C3A143D49E
CHR - Extension: Better Pirate Bay = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg\134\
CHR - Extension: Avira Browser Safety = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.1_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Video Library] C:\windows\system32\rundll32.exe  File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC6600D9-8F70-429B-AAAC-F616AFB6D12F}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/11 12:54:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2003/02/13 08:33:06 | 000,034,304 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/01/29 14:19:52 | 000,000,055 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{03971de2-1fd1-11e0-bd43-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03971de2-1fd1-11e0-bd43-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2003/02/13 08:33:06 | 000,034,304 | R--- | M] ()
O33 - MountPoints2\{139dcd04-cab5-11e2-a30f-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{139dcd04-cab5-11e2-a30f-1c7508608da8}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{315dc05c-1936-11e2-bdfa-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{315dc05c-1936-11e2-bdfa-1c7508608da8}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\AutoRun\command - "" = E:\aoesetup.exe
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\dxsetup\command - "" = E:\directx\dxsetup.exe
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\ie30\command - "" = E:\goodies\ie30295.exe
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\ie30nt\command - "" = E:\goodies\ie302nt.exe
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\msinfo\command - "" = E:\goodies\msinfo\msinfo32.exe
O33 - MountPoints2\{410134da-2be0-11e4-87c2-1c7508608da8}\Shell\setup\command - "" = E:\aoesetup.exe
O33 - MountPoints2\{79c2e79e-cc4a-11e1-9603-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{79c2e79e-cc4a-11e1-9603-1c7508608da8}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{815b0da2-bd67-11e3-b1a6-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{815b0da2-bd67-11e3-b1a6-1c7508608da8}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{9d1b9138-6423-11e1-9170-f9d78ab8f98c}\Shell - "" = AutoRun
O33 - MountPoints2\{9d1b9138-6423-11e1-9170-f9d78ab8f98c}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{a2e512e5-9739-11e3-b458-1c7508608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e512e5-9739-11e3-b458-1c7508608da8}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/27 13:13:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/19 17:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BeteteeRPriccECheecc
[2014/10/19 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/19 17:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/19 17:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/09 17:53:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/06 07:12:59 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/06 07:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/06 07:12:45 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/06 07:12:45 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/06 07:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/27 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\87d4b42f5aa6b768
[2011/09/04 05:29:51 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Ryan\taskmgr.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/27 13:48:54 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 13:48:54 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 13:43:36 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/27 13:38:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/27 13:38:44 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/27 13:28:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job
[2014/10/27 13:22:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/27 08:01:57 | 000,740,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/27 08:01:57 | 000,633,326 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/27 08:01:57 | 000,110,928 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/26 17:28:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job
[2014/10/26 09:54:08 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/21 22:04:32 | 121,862,569 | ---- | M] () -- C:\Users\Ryan\Desktop\The.Big.Bang.Theory.S08E06.HDTV.x264-LOL.mp4
[2014/10/20 21:47:22 | 000,000,004 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\appdataFr2.bin
[2014/10/20 18:36:45 | 004,972,048 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/20 18:06:34 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2014/10/20 18:06:34 | 000,043,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2014/10/20 18:06:33 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2014/10/19 17:25:09 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/10/07 16:13:02 | 000,337,570 | ---- | M] () -- C:\Users\Ryan\Desktop\kd-stanton-aaaaa-20.jpg
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/10/21 21:59:11 | 121,862,569 | ---- | C] () -- C:\Users\Ryan\Desktop\The.Big.Bang.Theory.S08E06.HDTV.x264-LOL.mp4
[2014/10/07 16:13:01 | 000,337,570 | ---- | C] () -- C:\Users\Ryan\Desktop\kd-stanton-aaaaa-20.jpg
[2014/10/06 16:52:27 | 000,000,004 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\appdataFr2.bin
[2014/08/23 16:40:14 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2014/04/10 13:28:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/04/10 13:18:12 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2013/12/03 15:42:09 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2013/09/11 15:24:51 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013/06/29 18:43:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/06/01 05:22:45 | 000,008,192 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\records_db
[2012/11/20 07:05:00 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2012/11/14 10:59:56 | 000,119,296 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2012/11/14 10:59:56 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ADsSecurity.dll
[2012/11/14 10:59:56 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dxinputdll.dll
[2012/05/04 18:59:19 | 000,000,092 | ---- | C] () -- C:\Users\Ryan\AppData\Local\fusioncache.dat
[2011/08/12 03:16:17 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/01/14 04:56:10 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/19 20:41:14 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Acreon
[2013/09/11 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AnvSoft
[2013/10/19 08:08:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AppClient
[2011/04/11 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Autodesk
[2014/01/11 12:45:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Awesomium
[2014/10/22 21:53:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Azureus
[2014/10/19 17:16:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Battle.net
[2011/03/07 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/04/10 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Curse Advertising
[2012/11/13 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2013/06/29 17:43:40 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Dropbox
[2013/09/29 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Guild Wars 2
[2013/09/12 04:16:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\HandBrake
[2013/12/30 10:12:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2013/09/11 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leawo
[2012/11/09 09:39:22 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Motorola
[2013/11/03 20:00:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Motorola Mobility
[2013/03/25 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mumble
[2011/02/12 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2014/01/25 06:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Oracle
[2012/11/08 20:20:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PowerISO
[2012/11/14 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PowerUp Software
[2011/06/03 17:37:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\RIFT
[2014/07/28 19:48:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SimulationCraft
[2012/02/13 16:17:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SoftGrid Client
[2012/10/18 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/10/21 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2014/02/15 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2012/09/17 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\The Hobbit
[2013/09/11 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\tiger-k
[2011/03/09 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TP
[2011/06/27 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Unity
[2012/04/03 23:57:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\VBA-M
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/24 09:18:34 | 105,952,601 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\䀕ⴱ
[2013/11/23 09:39:59 | 105,952,601 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\䀕ⴱ
[2013/11/18 05:13:48 | 104,927,322 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ꌳ蛒
[2013/11/18 05:13:48 | 104,927,322 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ꌳ蛒
[2013/11/17 15:37:50 | 104,760,117 | ---- | M] ()(C:\windows\SysWow64\???¢) -- C:\windows\SysWow64\⣨째¢
[2013/11/17 15:37:50 | 104,760,117 | ---- | C] ()(C:\windows\SysWow64\???¢) -- C:\windows\SysWow64\⣨째¢
[2013/11/15 16:41:40 | 104,513,208 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\詻
[2013/11/14 15:13:27 | 104,513,208 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\詻
[2013/10/30 14:18:06 | 104,229,082 | ---- | M] ()(C:\windows\SysWow64\???®) -- C:\windows\SysWow64\晆ଟ®
[2013/10/30 14:18:06 | 104,229,082 | ---- | C] ()(C:\windows\SysWow64\???®) -- C:\windows\SysWow64\晆ଟ®
[2013/10/27 10:06:58 | 103,533,600 | ---- | M] ()(C:\windows\SysWow64\???2) -- C:\windows\SysWow64\掎⟹2
[2013/10/26 04:31:52 | 103,533,600 | ---- | C] ()(C:\windows\SysWow64\???2) -- C:\windows\SysWow64\掎⟹2
[2013/10/25 14:20:30 | 103,054,676 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\涵˹
[2013/10/24 22:08:53 | 103,054,676 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\涵˹
[2013/10/23 14:37:10 | 102,749,940 | ---- | M] ()(C:\windows\SysWow64\???°) -- C:\windows\SysWow64\濸°
[2013/10/23 14:37:10 | 102,749,940 | ---- | C] ()(C:\windows\SysWow64\???°) -- C:\windows\SysWow64\濸°
[2013/10/22 14:48:46 | 102,488,124 | ---- | M] ()(C:\windows\SysWow64\???]) -- C:\windows\SysWow64\ඊ怮]
[2013/10/22 14:48:46 | 102,488,124 | ---- | C] ()(C:\windows\SysWow64\???]) -- C:\windows\SysWow64\ඊ怮]
[2013/10/21 15:51:49 | 102,211,354 | ---- | M] ()(C:\windows\SysWow64\???¡) -- C:\windows\SysWow64\❜¡
[2013/10/21 15:51:49 | 102,211,354 | ---- | C] ()(C:\windows\SysWow64\???¡) -- C:\windows\SysWow64\❜¡
[2013/10/10 15:00:10 | 100,413,408 | ---- | M] ()(C:\windows\SysWow64\???¡) -- C:\windows\SysWow64\쨴蛃¡
[2013/10/06 19:59:10 | 100,413,408 | ---- | C] ()(C:\windows\SysWow64\???¡) -- C:\windows\SysWow64\쨴蛃¡
[2013/10/02 15:26:05 | 098,878,632 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\Ⱨ
[2013/10/01 04:21:01 | 098,878,632 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\Ⱨ
[2013/09/19 14:43:19 | 098,428,185 | ---- | M] ()(C:\windows\SysWow64\???v) -- C:\windows\SysWow64\v
[2013/09/15 09:36:18 | 098,428,185 | ---- | C] ()(C:\windows\SysWow64\???v) -- C:\windows\SysWow64\v
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:DocumentSummaryInformation
 
< End of report >
 

  • 0

Advertisements

#2
Essexboy
Posted 02 November 2014 - 10:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay in getting to you

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
squier133
Posted 02 November 2014 - 11:46 PM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

 Your timing was actually perfect, so no worries on that. Just got back from a vacation. I am running the scan now, although i'm missing the checkbox for KnownDLLs. Below are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYANSPC on 02-11-2014 21:43:53
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & Mcx1-RYANSPC & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Curse) C:\Users\Ryan\AppData\Local\Apps\2.0\WBCLXJM0.23T\1EOTO3G8.QYH\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2108200 2010-04-01] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-07] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-07] (Saitek)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-15] (Google Inc.)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Video Library] => C:\windows\system32\rundll32.exe  [ ] ()
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: F - F:\install.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {03971de2-1fd1-11e0-bd43-806e6f6e6963} - F:\AUTORUN.EXE
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {139dcd04-cab5-11e2-a30f-1c7508608da8} - H:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {315dc05c-1936-11e2-bdfa-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {410134da-2be0-11e4-87c2-1c7508608da8} - E:\aoesetup.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {79c2e79e-cc4a-11e1-9603-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {815b0da2-bd67-11e3-b1a6-1c7508608da8} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {9d1b9138-6423-11e1-9170-f9d78ab8f98c} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {a2e512e5-9739-11e3-b458-1c7508608da8} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {22365F49-1338-4FDD-A2F3-F5D16E84662F} URL = http://search.condui...7802042832&UM=2
SearchScopes: HKCU - {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {8FAC5445-12DB-4902-33D1-0F2DF045E3F1} URL = http://www.bing.com/...UGO&form=ZGAIDF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (No Name) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Better Pirate Bay) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]
CHR Extension: (No Name) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 SaiK0CC3; C:\Windows\System32\DRIVERS\SaiK0CC3.sys [171016 2010-04-22] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
S3 SaiU0CC3; C:\Windows\System32\DRIVERS\SaiU0CC3.sys [41096 2010-04-22] (Saitek)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 iscFlash; \??\C:\Users\Ryan\AppData\Local\Temp\7zSD3F1.tmp\iscflashx64.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 21:43 - 2014-11-02 21:44 - 00022929 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 21:43 - 2014-11-02 21:43 - 00000000 ____D () C:\FRST
2014-11-02 21:42 - 2014-11-02 21:42 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-10-29 12:43 - 2014-10-29 12:43 - 00008838 _____ () C:\Users\Ryan\Downloads\[kickass.to]22.jump.street.2014.720p.brrip.x264.yify.torrent
2014-10-29 12:43 - 2014-10-29 12:43 - 00000000 ____D () C:\Users\Ryan\Desktop\Sons of Anarchy S07E08 WEB-DL x264-FUM[ettv]
2014-10-29 12:40 - 2014-10-29 12:41 - 00030799 _____ () C:\Users\Ryan\Downloads\[kickass.to]sons.of.anarchy.s07e08.web.dl.x264.fum.ettv.torrent
2014-10-27 12:20 - 2014-10-27 12:20 - 00157996 _____ () C:\Users\Ryan\Downloads\Extras.Txt
2014-10-27 12:18 - 2014-10-27 13:12 - 00121434 _____ () C:\Users\Ryan\Downloads\OTL.Txt
2014-10-27 12:13 - 2014-10-27 12:37 - 00000000 ____D () C:\AdwCleaner
2014-10-27 12:12 - 2014-10-27 12:12 - 01998336 _____ () C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-10-27 11:50 - 2014-10-27 11:50 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL (1).exe
2014-10-21 20:59 - 2014-10-21 21:04 - 121862569 _____ () C:\Users\Ryan\Desktop\The.Big.Bang.Theory.S08E06.HDTV.x264-LOL.mp4
2014-10-19 16:38 - 2014-10-26 09:31 - 00000000 ____D () C:\ProgramData\BeteteeRPriccECheecc
2014-10-19 16:30 - 2014-09-14 16:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-19 16:29 - 2014-10-19 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 16:29 - 2014-10-19 16:28 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 16:28 - 2014-10-19 16:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 17:13 - 2014-10-17 17:13 - 03341420 _____ () C:\Users\Ryan\Downloads\elvui-7.10.zip
2014-10-09 16:53 - 2014-10-09 16:53 - 00000000 ____D () C:\_OTL
2014-10-09 16:52 - 2014-10-09 16:52 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-10-07 15:31 - 2014-10-07 15:31 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (4).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (3).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (2).application
2014-10-07 15:29 - 2014-10-07 15:29 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (1).application
2014-10-07 15:28 - 2014-10-07 15:28 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter.application
2014-10-06 15:52 - 2014-10-20 20:47 - 00000004 _____ () C:\Users\Ryan\AppData\Roaming\appdataFr2.bin
2014-10-06 06:12 - 2014-11-02 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-06 06:12 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 21:42 - 2011-03-19 10:34 - 01751096 _____ () C:\windows\WindowsUpdate.log
2014-11-02 21:40 - 2012-12-31 14:05 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-11-02 21:39 - 2009-07-13 21:13 - 00740354 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-02 21:37 - 2011-07-04 18:33 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6DCB9FB4-4263-44B5-9D53-49DDCF6BD29F}
2014-11-02 21:35 - 2011-02-16 18:48 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Deployment
2014-11-02 21:34 - 2011-01-14 03:44 - 00000000 ____D () C:\temp
2014-11-02 21:32 - 2014-01-02 07:27 - 00008417 _____ () C:\windows\setupact.log
2014-11-02 21:32 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-29 16:22 - 2012-04-25 20:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 15:29 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 15:29 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 15:28 - 2011-02-15 12:16 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job
2014-10-29 12:57 - 2011-02-12 13:45 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-29 12:57 - 2011-02-12 13:44 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Azureus
2014-10-29 12:35 - 2011-02-15 12:16 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job
2014-10-27 12:38 - 2014-01-11 22:58 - 00019956 _____ () C:\windows\PFRO.log
2014-10-27 11:48 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Battle.net
2014-10-26 18:22 - 2014-09-27 15:14 - 00000000 ____D () C:\ProgramData\87d4b42f5aa6b768
2014-10-26 08:54 - 2013-02-13 08:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 11:46 - 2013-10-17 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-10-24 11:37 - 2013-10-15 19:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-24 11:37 - 2013-10-15 15:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-24 11:30 - 2013-01-16 09:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-10-20 18:17 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan
2014-10-20 17:36 - 2009-07-13 20:45 - 04972048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-20 17:19 - 2012-02-13 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 17:18 - 2013-08-08 16:15 - 00000000 ____D () C:\windows\system32\MRT
2014-10-20 17:07 - 2011-03-02 12:40 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-20 17:06 - 2013-05-07 01:06 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-10-19 16:42 - 2012-12-14 16:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-19 16:31 - 2014-02-15 06:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 16:29 - 2013-10-20 05:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 16:25 - 2014-09-27 11:02 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-19 16:25 - 2014-08-12 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 16:25 - 2012-12-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-19 16:25 - 2012-12-22 08:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-19 16:18 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest
2014-10-19 16:16 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-10-19 16:16 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-19 16:15 - 2011-02-12 13:26 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2012-09-24 09:17 - 00000000 ____D () C:\Users\hedev
2014-10-19 16:14 - 2011-09-15 18:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-10-19 16:14 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-09 16:57 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-07 15:34 - 2011-02-12 13:29 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\vlc
2014-10-06 06:40 - 2013-08-27 15:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CRE
2014-10-06 06:38 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC
2014-10-06 06:12 - 2013-02-13 08:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
Files to move or delete:
====================
C:\Users\Ryan\taskmgr.exe
 
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\avgnt.exe
C:\Users\Ryan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 10:16
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-02 21:44:55
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Backburner 2011.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2011.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2010 R1 (64-bit) (HKLM\...\{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}) (Version: 4.0.296.0 - Autodesk)
Autodesk MatchMover 2011 64-bit (HKLM\...\{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
Autodesk Maya 2011 English Documentation 64-bit (HKLM\...\{47374ACF-9023-40e7-9830-ECED0DCBC3DC}) (Version: 13.0 - Autodesk)
Autodesk SketchBookExpress 2010 R1 (HKLM-x32\...\{426187BC-F500-4208-B3C1-96876EE7FA31}) (Version: 4.12.0001 - Autodesk)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6) (Version: 3.106 - Nik Software, Inc.)
Composite 2011 (64-bit) (HKLM\...\{DBF6B4E9-CD43-476A-895D-4D688D41CE63}) (Version: 6.0.0 - Autodesk)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
Corel Painter 12 (HKLM\...\_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}) (Version: 12.0.0.502 - Corel Corporation)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Emulator Starter (HKCU\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - Undiscovered Realms (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Galactic Civilizations (HKLM-x32\...\Galactic Civilizations) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo Smile Dock (HKLM-x32\...\Lenovo Smile Dock) (Version: 2.0.200.1 - DDNi)
Lenovo Smile Dock (x32 Version: 2.0.200.1 - DDNi) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Master of Orion 3 (HKLM-x32\...\Master of Orion 3) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
Painter 12 - Content (Version: 12.0.0 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.0.0 - Corel Corporation) Hidden
Painter 12 - Corex64 (Version: 12.0.0 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.0.0 - Corel Corporation) Hidden
Painter 12 - IPM (Version: 12.0 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.0 - Corel Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.1.12 (HKLM\...\{C745CDDF-A4EA-4448-87ED-D17F83B0EE39}) (Version: 7.0.1.12 - Mad Catz)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.15.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
ZBrush 4 (HKLM-x32\...\InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}) (Version: 4.0 - Pixologic)
ZBrush 4 (x32 Version: 4.0 - Pixologic) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{5668de64-5b04-4bf0-99e6-b9bce4cbff7e}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{a2025bf8-1900-442c-9647-e85aebdebde6}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
21-10-2014 01:06:34 Windows Update
21-10-2014 01:06:48 Scheduled Checkpoint
21-10-2014 01:18:01 Windows Modules Installer
27-10-2014 19:52:46 OTL Restore Point - 10/27/2014 12:52:41 PM
27-10-2014 20:22:21 OTL Restore Point - 10/27/2014 1:22:17 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14DD9C05-F59C-4812-936E-8D5DBA70B6CE} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {22EB044D-4BBD-4091-B9D6-E03ED1E636EC} - System32\Tasks\AdobeAAMUpdater-1.0-RyansPC-Ryan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {24817FBD-24D3-4B28-9570-CA128C1F33B8} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {29462DC6-9240-4AC1-BC54-2FAA75383669} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {5672CFB8-8083-441C-97FB-D5285BBCE64C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {68E84986-C258-4C45-B140-5C18E2B5984F} - System32\Tasks\KMS Activation for Office => C:\windows\KMSAct.exe
Task: {6D72819F-7EAD-42BC-91E8-DBE1F224C110} - System32\Tasks\{186C5B70-3EB9-4623-9F27-67AADA7220D6} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DotNetFX\dotnetfx35setup.exe
Task: {92B000D4-AD7C-4396-B4A8-89575C9E4DA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9D2A7CC7-851E-4196-AE91-746BFBEE19B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: {BABD4046-0101-4FC7-9BC8-A554819BD209} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RYANSPC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {BF0588DA-917D-4FEE-9D97-0CF37FB21454} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: {F131EB88-E55B-4F5B-A804-08E9875F1F30} - System32\Tasks\{F413285A-BF1F-4177-9C90-BF2C885BD48F} => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DotNetFX\dotnetfx35setup.exe
Task: {FF9C361D-F4CF-4C20-BE79-1A173319A9C7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-14 03:59 - 2009-12-18 18:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-01-14 03:59 - 2009-12-18 18:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-04 21:17 - 2013-09-04 21:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-12 09:41 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-01-14 03:59 - 2009-12-18 18:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-10-19 16:22 - 2014-10-19 16:22 - 00016384 ____N () C:\Users\Ryan\AppData\Local\Apps\2.0\WBCLXJM0.23T\1EOTO3G8.QYH\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-10-19 16:22 - 2014-10-19 16:21 - 00035840 ____N () C:\Users\Ryan\AppData\Local\Apps\2.0\WBCLXJM0.23T\1EOTO3G8.QYH\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-19 16:22 - 2014-10-19 16:21 - 00099840 ____N () C:\Users\Ryan\AppData\Local\Apps\2.0\WBCLXJM0.23T\1EOTO3G8.QYH\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2011-03-14 08:29 - 2014-04-21 14:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-20 13:35 - 2013-06-20 13:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-09-04 21:14 - 2013-09-04 21:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-14 03:59 - 2009-12-18 18:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-01-14 03:59 - 2009-12-18 18:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-01-10 23:48 - 2013-01-10 23:48 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2011-01-14 03:22 - 2010-03-03 12:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-01-14 03:38 - 2009-09-26 06:39 - 00360448 _____ () C:\windows\system\BisonC07.dll
2014-09-27 11:19 - 2014-09-22 20:06 - 01098056 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-27 11:19 - 2014-09-22 20:06 - 00174408 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-27 11:19 - 2014-09-22 20:07 - 08577864 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-27 11:19 - 2014-09-22 20:07 - 00331592 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-27 11:19 - 2014-09-22 20:06 - 01660232 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-27 11:19 - 2014-09-22 20:07 - 14891848 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1174101002-3892516317-4234537599-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1174101002-3892516317-4234537599-1004 - Limited - Enabled)
Guest (S-1-5-21-1174101002-3892516317-4234537599-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1174101002-3892516317-4234537599-1010 - Limited - Enabled)
Mcx1-RYANSPC (S-1-5-21-1174101002-3892516317-4234537599-1011 - Limited - Enabled) => C:\Users\Mcx1-RYANSPC
Ryan (S-1-5-21-1174101002-3892516317-4234537599-1000 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16318
 
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16318
 
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15319
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15319
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14305
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14305
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13307
 
 
System errors:
=============
Error: (11/02/2014 09:36:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (10/29/2014 03:24:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (10/29/2014 03:21:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
 
Error: (10/29/2014 00:21:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
 
Error: (10/29/2014 00:21:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
 
Error: (10/29/2014 00:21:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
 
Error: (10/27/2014 00:43:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (10/27/2014 00:40:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%1070
 
Error: (10/27/2014 00:40:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Avira Real-Time Protection service hung on starting.
 
Error: (10/27/2014 00:33:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16318
 
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16318
 
Error: (10/29/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15319
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15319
 
Error: (10/29/2014 00:56:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14305
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14305
 
Error: (10/29/2014 00:56:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/29/2014 00:56:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13307
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 57%
Total physical RAM: 3894.85 MB
Available physical RAM: 1669.07 MB
Total Pagefile: 28892.99 MB
Available Pagefile: 26009.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:158.09 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.83 GB) NTFS
Drive f: (GalCiv) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97EEFA48)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ============================

  • 0

#4
Essexboy
Posted 03 November 2014 - 09:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a few things to do first, your version of chrome has been change to the development version. This means that anything can be installed to chrome with no checks or balances.

First ensure that Chrome synch is disabled http://www.cnet.com/...rome-sync-data/
Then export your bookmarks to a folder for safekeeping https://support.goog.../96816?hl=en-GB
Next fully uninstall Chrome using Control Panel > Programs and features

Then run this FRST and AdwCleaner fix


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Video Library] => C:\windows\system32\rundll32.exe [ ] ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-10-19 16:38 - 2014-10-26 09:31 - 00000000 ____D () C:\ProgramData\BeteteeRPriccECheecc
2014-10-26 18:22 - 2014-09-27 15:14 - 00000000 ____D () C:\ProgramData\87d4b42f5aa6b768
AlternateDataStreams: C:\windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Users\Ryan\taskmgr.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Run a fresh FRST scan so that I can remove any chrome remnants before we re-install it
  • 0

#5
squier133
Posted 03 November 2014 - 10:01 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is my Fixlog, will run AdwCleaner as soon as i close this window.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-03 07:51:14 Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & Mcx1-RYANSPC & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Video Library] => C:\windows\system32\rundll32.exe [ ] ()
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-10-19 16:38 - 2014-10-26 09:31 - 00000000 ____D () C:\ProgramData\BeteteeRPriccECheecc
2014-10-26 18:22 - 2014-09-27 15:14 - 00000000 ____D () C:\ProgramData\87d4b42f5aa6b768
AlternateDataStreams: C:\windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Users\Ryan\taskmgr.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library => value deleted successfully.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk => Moved successfully.
C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\BeteteeRPriccECheecc => Moved successfully.
C:\ProgramData\87d4b42f5aa6b768 => Moved successfully.
C:\windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Ryan\taskmgr.exe => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 155.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#6
squier133
Posted 03 November 2014 - 10:11 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

# AdwCleaner v3.311 - Report created 03/11/2014 at 08:03:40
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Ryan - RYANSPC
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

-\\ Google Chrome v

[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9268 octets] - [27/10/2014 12:32:46]
AdwCleaner[R1].txt - [1089 octets] - [03/11/2014 08:02:12]
AdwCleaner[S0].txt - [9011 octets] - [27/10/2014 12:37:23]
AdwCleaner[S1].txt - [1015 octets] - [03/11/2014 08:03:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1075 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYANSPC on 03-11-2014 08:09:24
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & Mcx1-RYANSPC & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2108200 2010-04-01] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-07] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-07] (Saitek)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: F - F:\install.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {03971de2-1fd1-11e0-bd43-806e6f6e6963} - F:\AUTORUN.EXE
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {139dcd04-cab5-11e2-a30f-1c7508608da8} - H:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {315dc05c-1936-11e2-bdfa-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {410134da-2be0-11e4-87c2-1c7508608da8} - E:\aoesetup.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {79c2e79e-cc4a-11e1-9603-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {815b0da2-bd67-11e3-b1a6-1c7508608da8} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {9d1b9138-6423-11e1-9170-f9d78ab8f98c} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {a2e512e5-9739-11e3-b458-1c7508608da8} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - {22365F49-1338-4FDD-A2F3-F5D16E84662F} URL = http://search.condui...7802042832&UM=2
SearchScopes: HKCU - {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - {8FAC5445-12DB-4902-33D1-0F2DF045E3F1} URL = http://www.bing.com/...UGO&form=ZGAIDF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Better Pirate Bay) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 SaiK0CC3; C:\Windows\System32\DRIVERS\SaiK0CC3.sys [171016 2010-04-22] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
S3 SaiU0CC3; C:\Windows\System32\DRIVERS\SaiU0CC3.sys [41096 2010-04-22] (Saitek)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 iscFlash; \??\C:\Users\Ryan\AppData\Local\Temp\7zSD3F1.tmp\iscflashx64.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 08:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-11-03 07:58 - 2014-11-03 07:58 - 01375089 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-11-03 07:41 - 2014-11-03 07:41 - 00015452 _____ () C:\Users\Ryan\Desktop\bookmarks_11_3_14.html
2014-11-02 21:44 - 2014-11-02 21:45 - 00034857 _____ () C:\Users\Ryan\Desktop\Addition.txt
2014-11-02 21:43 - 2014-11-03 08:09 - 00023870 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 21:43 - 2014-11-03 08:09 - 00000000 ____D () C:\FRST
2014-11-02 21:42 - 2014-11-02 21:42 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-10-29 12:43 - 2014-10-29 12:43 - 00008838 _____ () C:\Users\Ryan\Downloads\[kickass.to]22.jump.street.2014.720p.brrip.x264.yify.torrent
2014-10-29 12:43 - 2014-10-29 12:43 - 00000000 ____D () C:\Users\Ryan\Desktop\Sons of Anarchy S07E08 WEB-DL x264-FUM[ettv]
2014-10-29 12:40 - 2014-10-29 12:41 - 00030799 _____ () C:\Users\Ryan\Downloads\[kickass.to]sons.of.anarchy.s07e08.web.dl.x264.fum.ettv.torrent
2014-10-27 12:20 - 2014-10-27 12:20 - 00157996 _____ () C:\Users\Ryan\Downloads\Extras.Txt
2014-10-27 12:18 - 2014-10-27 13:12 - 00121434 _____ () C:\Users\Ryan\Downloads\OTL.Txt
2014-10-27 12:13 - 2014-11-03 08:03 - 00000000 ____D () C:\AdwCleaner
2014-10-27 12:12 - 2014-10-27 12:12 - 01998336 _____ () C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-10-27 11:50 - 2014-10-27 11:50 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL (1).exe
2014-10-21 20:59 - 2014-10-21 21:04 - 121862569 _____ () C:\Users\Ryan\Desktop\The.Big.Bang.Theory.S08E06.HDTV.x264-LOL.mp4
2014-10-19 16:30 - 2014-09-14 16:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-19 16:29 - 2014-10-19 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 16:29 - 2014-10-19 16:28 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 16:28 - 2014-10-19 16:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 17:13 - 2014-10-17 17:13 - 03341420 _____ () C:\Users\Ryan\Downloads\elvui-7.10.zip
2014-10-09 16:53 - 2014-10-09 16:53 - 00000000 ____D () C:\_OTL
2014-10-09 16:52 - 2014-10-09 16:52 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-10-07 15:31 - 2014-10-07 15:31 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (4).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (3).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (2).application
2014-10-07 15:29 - 2014-10-07 15:29 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (1).application
2014-10-07 15:28 - 2014-10-07 15:28 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter.application
2014-10-06 15:52 - 2014-10-20 20:47 - 00000004 _____ () C:\Users\Ryan\AppData\Roaming\appdataFr2.bin
2014-10-06 06:12 - 2014-11-03 08:06 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-06 06:12 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 08:09 - 2009-07-13 21:13 - 00740354 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-03 08:08 - 2012-12-31 14:05 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-11-03 08:05 - 2011-01-14 03:44 - 00000000 ____D () C:\temp
2014-11-03 08:04 - 2014-01-11 22:58 - 00020950 _____ () C:\windows\PFRO.log
2014-11-03 08:04 - 2014-01-02 07:27 - 00008585 _____ () C:\windows\setupact.log
2014-11-03 08:04 - 2011-03-19 10:34 - 01775105 _____ () C:\windows\WindowsUpdate.log
2014-11-03 08:04 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-03 08:02 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 08:02 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 07:53 - 2013-06-29 17:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-03 07:51 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan
2014-11-03 07:48 - 2011-02-15 12:16 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Google
2014-11-03 07:46 - 2012-05-09 19:53 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-11-03 07:34 - 2014-09-27 11:02 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-03 07:34 - 2014-08-12 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 07:34 - 2012-12-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 07:34 - 2012-12-22 08:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-03 07:25 - 2012-04-25 20:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 02:52 - 2011-02-16 18:48 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Deployment
2014-11-02 22:52 - 2011-02-12 13:45 - 00000000 ____D () C:\Program Files\PeerBlock
2014-11-02 22:13 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Battle.net
2014-11-02 21:37 - 2011-07-04 18:33 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6DCB9FB4-4263-44B5-9D53-49DDCF6BD29F}
2014-10-29 12:57 - 2011-02-12 13:44 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Azureus
2014-10-26 08:54 - 2013-02-13 08:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 11:46 - 2013-10-17 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-10-24 11:37 - 2013-10-15 19:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-24 11:37 - 2013-10-15 15:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-24 11:30 - 2013-01-16 09:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-10-20 17:36 - 2009-07-13 20:45 - 04972048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-20 17:19 - 2012-02-13 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 17:18 - 2013-08-08 16:15 - 00000000 ____D () C:\windows\system32\MRT
2014-10-20 17:07 - 2011-03-02 12:40 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-20 17:06 - 2013-05-07 01:06 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-10-19 16:42 - 2012-12-14 16:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-19 16:31 - 2014-02-15 06:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 16:29 - 2013-10-20 05:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 16:18 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest
2014-10-19 16:16 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-10-19 16:16 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-19 16:15 - 2011-02-12 13:26 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2012-09-24 09:17 - 00000000 ____D () C:\Users\hedev
2014-10-19 16:14 - 2011-09-15 18:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-10-19 16:14 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-09 16:57 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-07 15:34 - 2011-02-12 13:29 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\vlc
2014-10-06 06:40 - 2013-08-27 15:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CRE
2014-10-06 06:38 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC
2014-10-06 06:12 - 2013-02-13 08:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\avgnt.exe
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 10:16

==================== End Of Log ============================


  • 0

#7
Essexboy
Posted 03 November 2014 - 10:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once Chrome has been uninstalled then run this fix and after the reboot you can re-install Chrome. Once done could you let me know what problems remain

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Better Pirate Bay) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]
C:\Users\Ryan\AppData\Local\Google
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {9D2A7CC7-851E-4196-AE91-746BFBEE19B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: {BF0588DA-917D-4FEE-9D97-0CF37FB21454} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
squier133
Posted 03 November 2014 - 10:52 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is the fixlog, I will re-install chrome and see if i still have any problems, and let you know from there. Thank you!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-03 08:45:38 Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & Mcx1-RYANSPC & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Better Pirate Bay) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]
C:\Users\Ryan\AppData\Local\Google
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {9D2A7CC7-851E-4196-AE91-746BFBEE19B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: {BF0588DA-917D-4FEE-9D97-0CF37FB21454} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-15] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll not found.
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll not found.
C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll not found.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => Moved successfully.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => Moved successfully.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll not found.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files (x86)\TabletPlugins\npwacom.dll => Moved successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll => Moved successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjdlkdndghnmhpjhlaehpnelcgaffhg => Moved successfully.
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
C:\Users\Ryan\AppData\Local\Google => Moved successfully.
"HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-1174101002-3892516317-4234537599-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D2A7CC7-851E-4196-AE91-746BFBEE19B4}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF0588DA-917D-4FEE-9D97-0CF37FB21454}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core" => Key not found.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000Core.job not found.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174101002-3892516317-4234537599-1000UA.job not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 11.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#9
squier133
Posted 03 November 2014 - 11:15 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Well, the popups and redirects have seemed to stop for now, though i am still running 4-5 chrome.exe*32 processes. 3 are over 65,000k and one is at 48,000k. I ran all the fixes and posted all the logs before re-installing chrome.


  • 0

#10
Essexboy
Posted 03 November 2014 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now run a fresh FRST scan please. How many tabs are open in chrome as I believe each tab runs in its own process
  • 0

Advertisements

#11
squier133
Posted 03 November 2014 - 11:50 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

i only have one tab open and still have 3 processes running. FRST is scanning right now. 


  • 0

#12
squier133
Posted 03 November 2014 - 11:51 AM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYANSPC on 03-11-2014 09:50:01
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & Mcx1-RYANSPC & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2108200 2010-04-01] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-07] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-07] (Saitek)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\Run: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: F - F:\install.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {03971de2-1fd1-11e0-bd43-806e6f6e6963} - F:\AUTORUN.EXE
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {139dcd04-cab5-11e2-a30f-1c7508608da8} - H:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {315dc05c-1936-11e2-bdfa-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {410134da-2be0-11e4-87c2-1c7508608da8} - E:\aoesetup.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {79c2e79e-cc4a-11e1-9603-1c7508608da8} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {815b0da2-bd67-11e3-b1a6-1c7508608da8} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {9d1b9138-6423-11e1-9170-f9d78ab8f98c} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1174101002-3892516317-4234537599-1000\...\MountPoints2: {a2e512e5-9739-11e3-b458-1c7508608da8} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {22365F49-1338-4FDD-A2F3-F5D16E84662F} URL = http://search.condui...7802042832&UM=2
SearchScopes: HKCU - {86AAB582-9ECC-4CC7-88BB-D8DE4E9B6B9B} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {8FAC5445-12DB-4902-33D1-0F2DF045E3F1} URL = http://www.bing.com/...UGO&form=ZGAIDF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-03]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03]
CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-03]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 SaiK0CC3; C:\Windows\System32\DRIVERS\SaiK0CC3.sys [171016 2010-04-22] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
S3 SaiU0CC3; C:\Windows\System32\DRIVERS\SaiU0CC3.sys [41096 2010-04-22] (Saitek)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 iscFlash; \??\C:\Users\Ryan\AppData\Local\Temp\7zSD3F1.tmp\iscflashx64.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-03 09:39 - 2014-11-03 09:39 - 03325145 _____ () C:\Users\Ryan\Downloads\elvui-7.43.zip
2014-11-03 09:38 - 2014-11-03 09:38 - 00855933 _____ () C:\Users\Ryan\Downloads\oqueue_3.0.3.zip
2014-11-03 08:53 - 2014-11-03 08:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 08:53 - 2014-11-03 08:58 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 08:53 - 2014-11-03 08:54 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Google
2014-11-03 08:53 - 2014-11-03 08:53 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-03 08:53 - 2014-11-03 08:53 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-03 08:53 - 2014-11-03 08:53 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 08:53 - 2014-11-03 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 08:53 - 2014-11-03 08:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-03 08:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-11-03 07:58 - 2014-11-03 07:58 - 01375089 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-11-03 07:41 - 2014-11-03 07:41 - 00015452 _____ () C:\Users\Ryan\Desktop\bookmarks_11_3_14.html
2014-11-02 21:44 - 2014-11-02 21:45 - 00034857 _____ () C:\Users\Ryan\Desktop\Addition.txt
2014-11-02 21:43 - 2014-11-03 09:50 - 00021999 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 21:43 - 2014-11-03 09:50 - 00000000 ____D () C:\FRST
2014-11-02 21:42 - 2014-11-02 21:42 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-10-29 12:43 - 2014-10-29 12:43 - 00008838 _____ () C:\Users\Ryan\Downloads\[kickass.to]22.jump.street.2014.720p.brrip.x264.yify.torrent
2014-10-29 12:43 - 2014-10-29 12:43 - 00000000 ____D () C:\Users\Ryan\Desktop\Sons of Anarchy S07E08 WEB-DL x264-FUM[ettv]
2014-10-29 12:40 - 2014-10-29 12:41 - 00030799 _____ () C:\Users\Ryan\Downloads\[kickass.to]sons.of.anarchy.s07e08.web.dl.x264.fum.ettv.torrent
2014-10-27 12:20 - 2014-10-27 12:20 - 00157996 _____ () C:\Users\Ryan\Downloads\Extras.Txt
2014-10-27 12:18 - 2014-10-27 13:12 - 00121434 _____ () C:\Users\Ryan\Downloads\OTL.Txt
2014-10-27 12:13 - 2014-11-03 08:03 - 00000000 ____D () C:\AdwCleaner
2014-10-27 12:12 - 2014-10-27 12:12 - 01998336 _____ () C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-10-27 11:50 - 2014-10-27 11:50 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL (1).exe
2014-10-21 20:59 - 2014-10-21 21:04 - 121862569 _____ () C:\Users\Ryan\Desktop\The.Big.Bang.Theory.S08E06.HDTV.x264-LOL.mp4
2014-10-19 16:30 - 2014-09-14 16:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-19 16:29 - 2014-10-19 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 16:29 - 2014-10-19 16:28 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-19 16:29 - 2014-10-19 16:28 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 16:28 - 2014-10-19 16:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 17:13 - 2014-10-17 17:13 - 03341420 _____ () C:\Users\Ryan\Downloads\elvui-7.10.zip
2014-10-09 16:53 - 2014-10-09 16:53 - 00000000 ____D () C:\_OTL
2014-10-09 16:52 - 2014-10-09 16:52 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-10-07 15:31 - 2014-10-07 15:31 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (4).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (3).application
2014-10-07 15:30 - 2014-10-07 15:30 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (2).application
2014-10-07 15:29 - 2014-10-07 15:29 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter (1).application
2014-10-07 15:28 - 2014-10-07 15:28 - 00005800 _____ () C:\Users\Ryan\Downloads\EmulatorStarter.application
2014-10-06 15:52 - 2014-10-20 20:47 - 00000004 _____ () C:\Users\Ryan\AppData\Roaming\appdataFr2.bin
2014-10-06 06:12 - 2014-11-03 08:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-26 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 06:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-06 06:12 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-03 09:22 - 2012-04-25 20:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 09:16 - 2013-10-15 19:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-03 09:16 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Battle.net
2014-11-03 08:55 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 08:55 - 2009-07-13 20:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 08:53 - 2011-02-16 18:48 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Deployment
2014-11-03 08:51 - 2009-07-13 21:13 - 00740354 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-03 08:49 - 2012-12-31 14:05 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-11-03 08:47 - 2014-01-02 07:27 - 00008641 _____ () C:\windows\setupact.log
2014-11-03 08:47 - 2011-01-14 03:44 - 00000000 ____D () C:\temp
2014-11-03 08:47 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-03 08:46 - 2011-03-19 10:34 - 01781751 _____ () C:\windows\WindowsUpdate.log
2014-11-03 08:45 - 2011-03-14 08:29 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-11-03 08:15 - 2012-12-14 16:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-03 08:04 - 2014-01-11 22:58 - 00020950 _____ () C:\windows\PFRO.log
2014-11-03 07:53 - 2013-06-29 17:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-03 07:51 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan
2014-11-03 07:46 - 2012-05-09 19:53 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-11-03 07:34 - 2014-09-27 11:02 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-03 07:34 - 2014-08-12 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 07:34 - 2012-12-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 07:34 - 2012-12-22 08:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-02 22:52 - 2011-02-12 13:45 - 00000000 ____D () C:\Program Files\PeerBlock
2014-11-02 21:37 - 2011-07-04 18:33 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6DCB9FB4-4263-44B5-9D53-49DDCF6BD29F}
2014-10-29 12:57 - 2011-02-12 13:44 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Azureus
2014-10-26 08:54 - 2013-02-13 08:39 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 11:46 - 2013-10-17 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-10-24 11:37 - 2013-10-15 15:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-24 11:30 - 2013-01-16 09:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-10-20 17:36 - 2009-07-13 20:45 - 04972048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-20 17:19 - 2012-02-13 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 17:18 - 2013-08-08 16:15 - 00000000 ____D () C:\windows\system32\MRT
2014-10-20 17:07 - 2011-03-02 12:40 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-20 17:06 - 2013-05-07 01:06 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-20 17:06 - 2013-03-28 14:51 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-10-19 16:31 - 2014-02-15 06:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 16:29 - 2013-10-20 05:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 16:18 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest
2014-10-19 16:16 - 2013-10-15 15:46 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-10-19 16:16 - 2011-02-12 13:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
2014-10-19 16:16 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-19 16:15 - 2011-02-12 13:26 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2012-09-24 09:17 - 00000000 ____D () C:\Users\hedev
2014-10-19 16:14 - 2011-09-15 18:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-10-19 16:14 - 2011-09-15 18:17 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-19 16:14 - 2011-02-14 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-09 16:57 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-07 15:34 - 2011-02-12 13:29 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\vlc
2014-10-06 06:40 - 2013-08-27 15:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CRE
2014-10-06 06:38 - 2014-04-17 22:15 - 00000000 ____D () C:\Users\Mcx1-RYANSPC
2014-10-06 06:12 - 2013-02-13 08:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 06:12 - 2013-02-13 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 10:16
 
==================== End Of Log ============================

  • 0

#13
squier133
Posted 03 November 2014 - 12:09 PM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I just read another article on chrome and how it works, and it seems that after all of the fixes we ran, it's running smoothly. The chrome processes are all different parts of chrome, and i'm not running into any of the issues i had before (random words highlighted, redirects, popups, etc.) so it does seem (to me anyways) that the issues i was having are fixed. Thank you for your time, and effort! I will let you know if i run into any more issues.


  • 0

#14
Essexboy
Posted 03 November 2014 - 12:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#15
squier133
Posted 03 November 2014 - 01:07 PM

squier133

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

thank you very much for your time! I will update again in 24 hours and let you know if everything is still okay. I have had Malwarebytes, but just installed CryptoPrevent. Thanks again


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP