Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Random spikes in CPU and memory usage

Started by litup69 , Dec 26 2014 12:52 PM

This topic is locked

#1
litup69

Posted 26 December 2014 - 12:52 PM

Member

Member
39 posts

Hello,

For the past week I have been experiencing high spikes in CPU and memory usage which brings my computer to a crawl. I have run Avast Free, Malwarebytes, Malwarebytes rootkit, and Super antispyware all of which found nothing. And I ran Kaspersky free virus removal tool which found something but that did not solve the issue with the spikes in CPU and Memory usage.

OTL logfile created on: 12/26/2014 1:09:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tina\Downloads\Programs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 7.31 Gb Available Physical Memory | 45.94% Memory free
15.93 Gb Paging File | 7.11 Gb Available in Paging File | 44.63% Paging File free
Paging file location(s): c:\pagefile.sys 16 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 389.29 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 189.11 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 80.99 Gb Free Space | 8.69% Space Free | Partition Type: NTFS

Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/26 13:09:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Downloads\Programs\OTL.exe
PRC - [2014/12/16 07:39:40 | 003,886,672 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2014/12/15 22:40:36 | 008,201,192 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
PRC - [2014/12/12 05:47:06 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/11 06:30:42 | 001,444,560 | ---- | M] () -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
PRC - [2014/12/10 02:35:10 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
PRC - [2014/12/08 22:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/25 10:51:13 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/13 21:42:14 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/13 14:17:58 | 007,475,200 | ---- | M] (Google Inc.) -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/11/12 18:10:03 | 003,215,936 | ---- | M] (Siber Systems Inc.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
PRC - [2014/11/12 18:10:02 | 000,110,160 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/11/12 17:44:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/06 10:29:26 | 000,602,880 | ---- | M] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2014/11/06 10:28:44 | 000,105,216 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\Tina\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/20 20:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2014/05/29 15:53:25 | 001,488,312 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013/03/08 09:54:00 | 003,246,944 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe
PRC - [2013/03/08 09:54:00 | 000,017,760 | ---- | M] () -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe
PRC - [2010/11/20 22:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/04/22 17:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/13 18:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2008/06/06 13:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/04 19:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/24 19:15:20 | 000,043,008 | ---- | M] () -- c:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll
MOD - [2014/12/11 06:30:42 | 001,444,560 | ---- | M] () -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
MOD - [2014/12/10 02:35:09 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/17 04:46:22 | 000,639,488 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2014/11/17 02:00:34 | 001,056,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2014/11/17 01:21:08 | 010,374,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2014/11/17 01:18:32 | 002,496,512 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2014/11/14 05:53:22 | 006,499,840 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2014/11/13 21:42:37 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/13 13:57:36 | 000,253,440 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/11/13 13:57:08 | 000,231,936 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/11/13 13:57:02 | 000,117,248 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/11/13 13:57:00 | 000,344,064 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/11/12 17:44:26 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/12 06:42:11 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b597c30ed765fa6d99a12f00c3314394\Microsoft.VisualBasic.ni.dll
MOD - [2014/11/10 04:55:06 | 001,686,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2014/11/07 04:13:32 | 002,475,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
MOD - [2014/11/06 10:28:44 | 000,105,216 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2014/11/06 04:39:44 | 000,200,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2014/11/05 03:01:04 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2014/11/05 03:00:24 | 000,435,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2014/11/05 02:59:24 | 000,642,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2014/11/05 02:58:54 | 000,889,344 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2014/11/05 02:51:50 | 001,191,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2014/11/05 02:37:06 | 000,632,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2014/11/05 02:36:18 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2014/11/03 03:23:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2014/10/21 19:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 19:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 19:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 19:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/21 19:22:46 | 000,118,784 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
MOD - [2014/10/16 01:51:16 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/16 01:24:13 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/10/16 01:24:08 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 01:24:08 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 01:24:07 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/16 01:24:04 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 01:24:04 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 01:24:03 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 01:24:00 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 01:23:59 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/11 03:39:34 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2014/09/04 01:00:44 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2014/09/04 01:00:34 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2014/09/04 01:00:28 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2014/09/04 01:00:20 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2014/09/03 14:15:50 | 000,026,624 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2014/09/03 14:15:42 | 010,683,392 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2014/09/03 14:15:40 | 007,741,952 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2014/09/03 14:15:40 | 001,681,408 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2014/09/03 14:15:38 | 002,248,192 | ---- | M] () -- C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2014/06/29 21:33:52 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2014/06/29 21:05:12 | 001,183,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
MOD - [2014/06/29 20:55:38 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2014/06/29 20:55:00 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2014/06/18 21:22:04 | 002,177,405 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2014/02/11 17:27:05 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/11 17:27:04 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/28 20:14:20 | 001,233,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
MOD - [2013/09/28 20:14:06 | 003,369,922 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
MOD - [2013/09/28 20:14:06 | 001,978,690 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
MOD - [2013/09/28 20:14:04 | 022,378,434 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
MOD - [2013/09/28 20:13:48 | 000,989,805 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
MOD - [2013/09/28 20:13:48 | 000,544,817 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2013/09/28 20:13:48 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
MOD - [2013/09/28 20:13:48 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
MOD - [2013/09/28 20:13:48 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
MOD - [2013/09/28 20:13:48 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
MOD - [2013/09/28 20:13:48 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/10/15 15:28:38 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
MOD - [2012/10/15 15:28:30 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/10/15 15:28:30 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/10/15 15:28:04 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/10/15 15:28:02 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
MOD - [2012/10/15 15:27:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
MOD - [2010/10/20 17:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/12 17:44:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/12 17:44:13 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/08/12 23:54:56 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/11/12 20:09:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe -- (NitroDriverReadSpool9)
SRV:64bit: - [2013/07/26 06:48:28 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/10 02:35:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/13 21:42:31 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/06 10:29:36 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/08 11:04:22 | 000,882,568 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe -- (WO_LiveService)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/12 20:09:36 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/08 09:54:00 | 000,017,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth)
SRV - [2012/07/03 20:05:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 10:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/13 18:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/08/24 21:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS64.exe -- (DfSdkS)
SRV - [2008/06/06 13:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/04 19:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2007/03/20 18:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/26 12:30:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/16 21:18:56 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2014/12/15 22:40:34 | 000,076,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2014/11/28 19:37:06 | 000,180,648 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2014/11/21 17:44:57 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/12 17:44:29 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/12 17:44:29 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/12 17:44:29 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/12 17:44:29 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/12 17:44:29 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/12 17:44:29 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/12 17:44:29 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/12 17:44:13 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/05/29 15:53:25 | 000,230,840 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2014/04/09 20:05:52 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2013/12/17 03:39:20 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/20 20:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/05/09 03:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/11/05 05:11:58 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 09:31:20 | 001,733,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 22:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 22:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/06 05:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/06/10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 18:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2011/01/10 20:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/29 19:22:32 | 000,553,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2x.sys -- (WN111v2)
DRV:64bit: - [2008/06/04 19:59:44 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2014/12/23 22:29:03 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/09/30 14:05:58 | 000,036,568 | ---- | M] (IObit) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2012/07/03 07:12:32 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/03/08 05:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys -- (LiveTunerPM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 32 50 A7 56 18 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{0E5FC57F-BBBB-4888-B694-4C044277B67C}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{54AD0137-6C8D-4407-B6BE-60A89401776F}: "URL" = http://search.condui...M=2&SSPV=TB_CS7
IE - HKCU\..\SearchScopes\{D33621E8-97C5-4331-8B78-6AF2DA1B310A}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com"
FF - prefs.js..extensions.enabledAddons: ClickCutterFFAutoCopy%40clickcutter.com:1.3
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: openinchrome%40griffeltavla.wordpress.com:1.5.3
FF - prefs.js..extensions.enabledAddons: pbupload%40photobucket.com:1.3.9
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: refgrabit%40refworks.plugin:1.1
FF - prefs.js..extensions.enabledAddons: zotero-autoexport-bib%40rokdd:1.1.8
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:4.0.20130422
FF - prefs.js..extensions.enabledAddons: %7Bd33c2f7c-b1e6-4d46-ab0e-be1f6d05c904%7D:2.0.4
FF - prefs.js..extensions.enabledAddons: ClassicBookmarksButton%40ArisT2Noia4dev:1.0
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.5
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:25.0
FF - prefs.js..extensions.enabledAddons: zotbiblioswitchlocal%40somwhere.org:1.0
FF - prefs.js..extensions.enabledAddons: zoteroscholarcitations%40beloglazov.info:1.8.8
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.91
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.5
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:3.0.11
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1451
FF - prefs.js..keyword.URL: "http://search.condui...162440&UM=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/23 22:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/05/04 14:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/11/12 18:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/20 14:22:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/24 22:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\IDM\idmmzcc5 [2014/12/13 17:24:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/05/04 14:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/11/12 18:10:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Tina\AppData\Roaming\IDM\idmmzcc5 [2014/12/13 17:24:49 | 000,000,000 | ---D | M]

[2012/07/01 19:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2014/12/23 15:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions
[2014/11/24 22:32:05 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2014/10/15 23:28:47 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/05/06 13:18:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/11/26 18:19:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/09/18 13:00:37 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/07/05 17:14:08 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2012/12/19 19:05:10 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/08/21 10:31:02 | 000,004,786 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2012/07/01 20:51:49 | 000,031,378 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/05/01 21:52:07 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2013/11/18 18:58:05 | 000,020,693 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/10/16 07:05:32 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2012/07/01 20:51:50 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2013/12/02 17:36:55 | 000,033,064 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2013/06/25 18:47:38 | 000,027,521 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2013/10/27 05:30:34 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2013/06/02 10:11:19 | 000,025,235 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/11/24 22:31:41 | 000,511,650 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/06/15 19:45:34 | 000,048,797 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/12/13 13:05:42 | 000,007,184 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\[email protected]
[2014/11/12 18:09:16 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/01 21:10:28 | 000,035,287 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi
[2010/04/04 16:29:34 | 000,001,635 | ---- | M] () (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\zotero\storage\89JE3BZE\expiredbackground.jpg
[2013/09/03 20:56:02 | 000,001,635 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\searchplugins\firefox-add-ons.xml
[2014/12/23 16:00:39 | 000,005,501 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\searchplugins\startpage-https.xml
[2014/08/20 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/08/20 14:22:17 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/11/24 22:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/24 22:58:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/23 22:35:55 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2014/12/13 17:24:49 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\TINA\APPDATA\ROAMING\IDM\IDMMZCC5
[2011/08/05 17:25:13 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\ieatgpc.dll
[2011/08/05 17:25:03 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.28_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.21.16_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcfceejhleedfbabanmaamfiagjhncj\4.6_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.809_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.9.10_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.9.2_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZALFree] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D82EB49-27FA-466D-8568-910BA0A4410D}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8D26B6-BB91-4923-A25E-F51FAF455B1A}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(5).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(5).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/24 23:06:39 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
[2014/12/24 14:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/12/24 11:14:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/12/24 10:56:40 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tina\Desktop\procexp.exe
[2014/12/23 23:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Svchost Fix Wizard
[2014/12/23 23:28:47 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/12/23 23:28:47 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/12/23 23:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Svchost Fix Wizard
[2014/12/23 22:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/12/23 22:36:07 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/23 21:44:48 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/23 14:32:42 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\SecTaskMan
[2014/12/23 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/12/22 20:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/12/22 01:05:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\WonderFox Soft
[2014/12/22 01:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
[2014/12/22 01:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WonderFox Soft
[2014/12/20 17:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/12/20 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\mbar
[2014/12/16 07:41:32 | 000,180,648 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/07/01 20:17:18 | 016,157,992 | ---- | C] (Mozilla) -- C:\Users\Tina\Firefox Setup 11.0.exe
[2012/07/01 18:36:12 | 012,378,560 | ---- | C] (Siber Systems) -- C:\Users\Tina\RoboForm-Setup.exe

========== Files - Modified Within 30 Days ==========

[2014/12/26 13:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001UA.job
[2014/12/26 12:56:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/26 12:35:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/26 12:31:00 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - Tina).job
[2014/12/26 12:30:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/26 11:48:50 | 000,007,604 | ---- | M] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
[2014/12/26 10:56:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/26 00:08:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001Core.job
[2014/12/25 17:12:57 | 000,002,022 | ---- | M] () -- C:\Users\Tina\Desktop\FileHippo App Manager.lnk
[2014/12/24 23:10:51 | 000,026,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 23:10:51 | 000,026,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 23:06:40 | 000,001,326 | ---- | M] () -- C:\Users\Tina\Desktop\CopyTrans Control Center.lnk
[2014/12/24 19:13:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/24 14:13:35 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/12/23 23:28:49 | 000,001,241 | ---- | M] () -- C:\Users\Tina\Desktop\Svchost Fix Wizard.lnk
[2014/12/23 22:36:35 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/23 15:14:46 | 000,000,022 | ---- | M] () -- C:\Windows\cmm.dat
[2014/12/23 14:39:40 | 000,001,958 | ---- | M] () -- C:\Users\Tina\Desktop\KMP Games.lnk
[2014/12/22 22:31:06 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2014/12/22 20:30:34 | 002,336,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/22 17:38:43 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/22 15:14:44 | 004,470,784 | ---- | M] () -- C:\Users\Tina\AppData\Local\pq.db
[2014/12/22 01:05:18 | 000,001,436 | ---- | M] () -- C:\Users\Public\Desktop\WonderFox DVD Video Converter.lnk
[2014/12/20 17:03:15 | 000,096,472 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/19 16:10:45 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\One-Click Optimizer.job
[2014/12/16 21:18:58 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk
[2014/12/16 21:18:56 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2014/12/16 21:18:56 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2014/12/16 21:18:56 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\packet.dll
[2014/12/16 21:18:56 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\packet.dll
[2014/12/16 21:18:56 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2014/12/16 19:23:15 | 001,339,420 | ---- | M] () -- C:\Users\Tina\Desktop\01_rent-surveyor-manual-winter-2015.pdf
[2014/12/16 19:22:50 | 000,845,863 | ---- | M] () -- C:\Users\Tina\Desktop\quick-reference-rent-survey-matrix.pdf
[2014/12/15 22:40:34 | 000,076,520 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\KeyCrypt64.sys
[2014/12/15 19:21:10 | 012,446,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/15 19:21:10 | 000,745,764 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/12/15 19:21:10 | 000,745,504 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2014/12/15 19:21:10 | 000,743,546 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2014/12/15 19:21:10 | 000,740,094 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/12/15 19:21:10 | 000,724,648 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014/12/15 19:21:10 | 000,697,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014/12/15 19:21:10 | 000,683,802 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2014/12/15 19:21:10 | 000,668,888 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014/12/15 19:21:10 | 000,663,768 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2014/12/15 19:21:10 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/15 19:21:10 | 000,607,036 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2014/12/15 19:21:10 | 000,494,562 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2014/12/15 19:21:10 | 000,481,550 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2014/12/15 19:21:10 | 000,479,062 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2014/12/15 19:21:10 | 000,428,472 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2014/12/15 19:21:10 | 000,416,826 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/12/15 19:21:10 | 000,392,392 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2014/12/15 19:21:10 | 000,171,382 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2014/12/15 19:21:10 | 000,158,582 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2014/12/15 19:21:10 | 000,153,210 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2014/12/15 19:21:10 | 000,150,950 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014/12/15 19:21:10 | 000,149,688 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/12/15 19:21:10 | 000,149,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014/12/15 19:21:10 | 000,146,954 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/12/15 19:21:10 | 000,142,582 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2014/12/15 19:21:10 | 000,141,534 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014/12/15 19:21:10 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/15 19:21:10 | 000,122,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/12/15 19:21:10 | 000,120,492 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2014/12/15 19:21:10 | 000,111,236 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2014/12/15 19:21:10 | 000,101,628 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2014/12/15 19:21:10 | 000,095,512 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2014/12/15 19:21:10 | 000,094,880 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2014/12/15 19:21:10 | 000,084,866 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2014/12/13 17:29:18 | 000,001,131 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/12/13 17:28:58 | 000,001,013 | ---- | M] () -- C:\Users\Tina\Desktop\Dropbox.lnk
[2014/12/12 14:57:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/02 13:25:16 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/28 19:37:06 | 000,180,648 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2014/11/27 22:58:02 | 000,002,283 | ---- | M] () -- C:\Users\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2014/12/23 23:28:49 | 000,001,241 | ---- | C] () -- C:\Users\Tina\Desktop\Svchost Fix Wizard.lnk
[2014/12/23 15:14:46 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2014/12/22 20:30:14 | 002,336,584 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/22 20:16:00 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/12/22 01:05:18 | 000,001,436 | ---- | C] () -- C:\Users\Public\Desktop\WonderFox DVD Video Converter.lnk
[2014/12/16 19:23:14 | 001,339,420 | ---- | C] () -- C:\Users\Tina\Desktop\01_rent-surveyor-manual-winter-2015.pdf
[2014/12/16 19:22:47 | 000,845,863 | ---- | C] () -- C:\Users\Tina\Desktop\quick-reference-rent-survey-matrix.pdf
[2014/08/17 17:13:11 | 000,000,242 | ---- | C] () -- C:\Users\Tina\AppData\Local\FieldResultText.html
[2014/08/16 19:41:07 | 004,470,784 | ---- | C] () -- C:\Users\Tina\AppData\Local\pq.db
[2014/08/16 19:41:07 | 000,000,235 | ---- | C] () -- C:\Users\Tina\AppData\Local\pq.properties
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/21 10:19:49 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/09/11 16:18:20 | 000,000,041 | ---- | C] () -- C:\Program Files\AVAST Softwar
[2013/05/04 14:22:26 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/05/04 14:22:26 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2012/07/29 17:01:06 | 000,000,152 | ---- | C] () -- C:\Users\Tina\webct_upload_applet.properties
[2012/07/11 18:18:24 | 000,000,440 | ---- | C] () -- C:\Users\Tina\AppData\Local\wnc.properties
[2012/07/11 18:18:24 | 000,000,006 | ---- | C] () -- C:\Users\Tina\AppData\Local\wnc.version
[2012/07/03 07:05:27 | 000,007,604 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/15 00:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\2BrightSparks
[2013/05/04 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Aimersoft Video Converter Ultimate
[2013/06/27 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\aliasworlds
[2012/11/12 20:32:12 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Amazon
[2014/09/11 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Apowersoft
[2014/03/02 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Artogon
[2013/10/21 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVAST Software
[2014/12/23 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Barnes & Noble
[2014/12/22 18:17:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\BitTorrent
[2012/10/21 18:46:59 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\bookend
[2013/01/19 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Box Desktop
[2013/06/29 23:38:24 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Box Sync
[2013/06/01 21:39:04 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\calibre
[2014/01/29 20:49:28 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\com.leawo.imediago
[2014/12/24 20:34:41 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Copy
[2014/04/04 21:15:05 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Digiarty
[2012/07/02 20:10:29 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\DisplayTune
[2014/12/25 17:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\DMCache
[2013/11/20 20:31:10 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Downloaded Installations
[2014/12/24 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox
[2013/09/03 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\ezPDFMultimediaPDFMaker
[2013/11/20 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FileOpen
[2014/01/04 21:21:16 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\FreeFileSync
[2013/09/19 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\GameHouse
[2013/11/06 17:21:21 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\GoodSync
[2014/12/10 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\hakuneko
[2013/11/26 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\HDDHealth
[2013/06/30 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Hulubulu
[2014/12/25 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\IDM
[2012/07/02 19:56:23 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\InterTrust
[2014/12/24 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\IObit
[2014/12/26 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\MediaMonkey
[2012/07/04 18:34:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Motorola
[2012/07/04 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Motorola Mobility
[2013/11/20 20:37:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro
[2014/12/24 19:15:58 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nitro PDF
[2013/09/13 22:28:45 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Nordcurrent
[2013/06/22 15:35:02 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Oracle
[2014/11/14 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\ParetoLogic
[2012/07/09 04:27:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PC-FAX TX
[2013/09/18 19:50:19 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PlayFirst
[2014/08/20 14:20:55 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\RoboForm
[2012/07/02 07:02:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\ScanSoft
[2012/07/02 20:41:57 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Splashtop
[2012/07/01 15:57:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TrueCrypt
[2012/11/12 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\WindSolutions
[2013/01/16 16:54:30 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\WinPatrol
[2014/04/30 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\YoudaGames
[2012/07/02 07:02:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Zeon
[2013/05/04 14:23:08 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:EB333CFC
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1297FF3C
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:6F1F66C0
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Thank you

#2
zep516

Posted 26 December 2014 - 03:01 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Can you please run a different scan called (Farber Recovery Scan) and download to the desktop.

Has to be on the desktop,

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In your next reply post.

FRST.txt
Additions.txt

#3
litup69

Posted 26 December 2014 - 03:10 PM

Member

Topic Starter
Member
39 posts

Hello zep516,

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Tina (administrator) on TINA-PC on 26-12-2014 16:05:39
Running from C:\Users\Tina\Desktop
Loaded Profile: Tina (Available profiles: Tina & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Dropbox, Inc.) C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Tina\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BoxSyncHelper] => C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-02-21] (Box, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8201192 2014-12-15] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-17] (SUPERAntiSpyware)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-16] (Tonec Inc.)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [MusicManager] => C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-12] (Siber Systems)
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Tina\AppData\Roaming\Copy\CopyAgent.exe [15422096 2014-09-12] (Barracuda Networks, Inc.)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(5).dll [96104 2014-12-15] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(5).dll [87840 2014-12-15] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Tina\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {0E5FC57F-BBBB-4888-B694-4C044277B67C} URL = http://search.yahoo....evm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {54AD0137-6C8D-4407-B6BE-60A89401776F} URL = http://search.condui...M=2&SSPV=TB_CS7
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {D33621E8-97C5-4331-8B78-6AF2DA1B310A} URL = http://www.google.co...q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Aimersoft Video Converter Ultimate -> {54F73992-6549-4369-9A0D-84FD310A464A} -> C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default
FF Homepage: https://www.startpage.com
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: @talk.google.com/O1DPlugin -> C:\Users\Tina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3053570190-3216729564-2836280372-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tina\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\searchplugins\startpage-https.xml
FF Extension: Xmarks - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2014-09-18]
FF Extension: Pocket - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2014-07-05]
FF Extension: Zotero - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-12-19]
FF Extension: Toolbar Buttons - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2014-11-24]
FF Extension: ColorfulTabs - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-15]
FF Extension: IE Tab - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-06]
FF Extension: WOT - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Classic Bookmarks Button - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2014-08-21]
FF Extension: ClickCutter AutoCopy - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-11-09]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Ghostery - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2013-08-03]
FF Extension: Lazarus: Form Recovery - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Open In Chrome - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2013-01-29]
FF Extension: Photobucket Uploader - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Personas Plus - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: RefGrab-It - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2013-06-02]
FF Extension: Zotero Bibliography Locale Switcher - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Zotero automatic export - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Zotero Scholar Citations - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected] [2012-07-01]
FF Extension: Adblock Plus - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-01]
FF Extension: Tiny Menu - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2012-07-01]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-08-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt [2013-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-07-01]
FF HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Tina\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Tina\AppData\Roaming\IDM\idmmzcc5 [2014-12-13]
FF HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
FF HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Tina\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - [email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-25]
CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (IDM Integration Module) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-11-25]
CHR Extension: (AdBlock Plus) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcfceejhleedfbabanmaamfiagjhncj [2014-11-25]
CHR Extension: (Pocket) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-11-25]
CHR Extension: (Ghostery) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-11-25]
CHR Extension: (Save to Pocket) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]
CHR Extension: (RoboForm) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-11-25]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\Tina\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.4.0.crx [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - \BrowerProtect\ASC_GhromePlugin.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-06] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-03] (Macrovision Europe Ltd.) [File not signed]
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 PdiService; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [90112 2008-06-04] (Portrait Displays, Inc.) [File not signed]
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [882568 2014-01-08] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2012-11-05] (Digiarty Software, Inc.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-07-03] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-15] (Zemana Ltd.)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-12-16] (CACE Technologies, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20520 2008-06-04] (Portrait Displays, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 16:05 - 2014-12-26 16:05 - 00039637 _____ () C:\Users\Tina\Desktop\FRST.txt
2014-12-26 16:05 - 2014-12-26 16:05 - 00000000 ____D () C:\FRST
2014-12-26 16:04 - 2014-12-26 16:04 - 02122752 _____ (Farbar) C:\Users\Tina\Desktop\FRST64.exe
2014-12-26 16:00 - 2014-12-26 16:00 - 00000056 _____ () C:\Windows\setupact.log
2014-12-26 16:00 - 2014-12-26 16:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-24 23:06 - 2014-12-24 23:06 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-12-24 11:14 - 2014-12-24 11:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-24 10:56 - 2014-09-11 08:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tina\Desktop\procexp.exe
2014-12-23 23:28 - 2014-12-23 23:28 - 00001241 _____ () C:\Users\Tina\Desktop\Svchost Fix Wizard.lnk
2014-12-23 23:28 - 2014-12-23 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Svchost Fix Wizard
2014-12-23 23:28 - 2014-12-23 23:28 - 00000000 ____D () C:\Program Files (x86)\Svchost Fix Wizard
2014-12-23 23:28 - 2011-02-17 18:26 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-12-23 23:28 - 2011-02-17 18:26 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-12-23 22:36 - 2014-12-23 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-23 22:36 - 2014-11-12 17:44 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-23 15:14 - 2014-12-23 15:14 - 00000022 _____ () C:\Windows\cmm.dat
2014-12-23 14:32 - 2014-12-23 15:02 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-12-23 14:32 - 2014-12-23 14:32 - 00000000 ____D () C:\Users\Tina\AppData\Local\SecTaskMan
2014-12-23 14:10 - 2014-12-23 14:12 - 00003036 _____ () C:\Windows\System32\Tasks\AnVir Task Manager
2014-12-22 20:31 - 2014-12-22 20:31 - 00110640 _____ () C:\Users\Tina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 20:30 - 2014-12-22 20:30 - 02336584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 20:16 - 2014-12-24 14:13 - 00000756 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-12-22 20:15 - 2014-12-24 14:13 - 00000000 ____D () C:\Program Files\Speccy
2014-12-22 15:14 - 2014-12-22 15:14 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.77
2014-12-22 15:14 - 2014-12-22 15:14 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.77.lck
2014-12-22 01:05 - 2014-12-22 01:05 - 00001436 _____ () C:\Users\Public\Desktop\WonderFox DVD Video Converter.lnk
2014-12-22 01:05 - 2014-12-22 01:05 - 00000000 ____D () C:\Users\Tina\Documents\WonderFox Soft
2014-12-22 01:05 - 2014-12-22 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2014-12-22 01:05 - 2014-12-22 01:05 - 00000000 ____D () C:\Program Files (x86)\WonderFox Soft
2014-12-20 17:04 - 2014-12-20 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 17:02 - 2014-12-20 19:33 - 00000000 ____D () C:\Users\Tina\Desktop\mbar
2014-12-17 17:34 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 17:34 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:34 - 2014-12-16 19:22 - 00037888 _____ () C:\Users\Tina\Desktop\04_assessment-overview-response-template-winter-20151.xls
2014-12-16 12:55 - 2014-12-16 12:56 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.76
2014-12-16 12:55 - 2014-12-16 12:55 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.76.lck
2014-12-16 07:41 - 2014-11-28 19:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-12-15 15:26 - 2014-12-15 15:26 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.75
2014-12-15 15:26 - 2014-12-15 15:26 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.75.lck
2014-12-13 17:35 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-13 17:35 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-13 17:35 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-13 17:35 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-13 17:35 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-13 17:35 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 17:35 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-13 17:35 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-13 17:35 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-13 17:35 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-13 13:14 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 13:14 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-13 13:14 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 13:14 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 13:14 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 13:14 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 13:14 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 13:14 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 13:14 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 13:14 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 13:14 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 13:14 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 13:14 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 13:14 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 13:14 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 13:14 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 13:14 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 13:14 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 13:14 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 13:14 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 13:14 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 13:14 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 13:14 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 13:14 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 13:14 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-13 13:14 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-13 13:14 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 13:14 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-13 13:14 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 13:14 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 13:14 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-13 13:14 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 13:14 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-13 13:14 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 13:14 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 13:14 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 13:14 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 13:14 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 13:14 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 13:14 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-13 13:14 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-13 13:14 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 13:14 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 13:14 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 13:14 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 13:14 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 13:14 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 13:14 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-13 13:14 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 13:14 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 13:14 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 13:14 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 13:14 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 13:14 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-13 13:13 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 13:13 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-13 13:13 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 13:13 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 13:13 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-13 13:13 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 13:13 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 13:13 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 13:13 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 13:13 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-13 13:13 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-13 13:13 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-13 13:13 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-13 13:13 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-13 13:13 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-13 13:09 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 13:09 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 22:23 - 2014-12-09 22:23 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.74
2014-12-09 22:23 - 2014-12-09 22:23 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.74.lck
2014-12-09 22:15 - 2014-12-09 22:16 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.73
2014-12-09 22:15 - 2014-12-09 22:15 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.73.lck
2014-12-09 22:09 - 2014-12-09 22:09 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.72
2014-12-09 22:09 - 2014-12-09 22:09 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.72.lck
2014-12-08 23:09 - 2014-12-08 23:09 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.71
2014-12-08 23:09 - 2014-12-08 23:09 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.71.lck
2014-12-08 15:22 - 2014-12-08 15:22 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.70
2014-12-08 15:22 - 2014-12-08 15:22 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.70.lck
2014-12-07 13:11 - 2014-12-07 13:12 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.69
2014-12-07 13:11 - 2014-12-07 13:11 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.69.lck
2014-12-07 13:07 - 2014-12-07 13:07 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.68
2014-12-07 13:07 - 2014-12-07 13:07 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.68.lck
2014-12-03 12:25 - 2014-12-03 12:25 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.67
2014-12-03 12:25 - 2014-12-03 12:25 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.67.lck
2014-12-03 00:27 - 2014-12-03 00:27 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.66
2014-12-03 00:27 - 2014-12-03 00:27 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.66.lck
2014-12-01 20:13 - 2014-12-01 20:13 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.65
2014-12-01 20:13 - 2014-12-01 20:13 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.65.lck
2014-12-01 15:29 - 2014-12-01 15:29 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.64
2014-12-01 15:29 - 2014-12-01 15:29 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.64.lck
2014-12-01 15:28 - 2014-12-01 15:28 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.63
2014-12-01 15:28 - 2014-12-01 15:28 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.63.lck
2014-12-01 15:26 - 2014-12-01 15:26 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.62
2014-12-01 15:26 - 2014-12-01 15:26 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.62.lck
2014-12-01 15:24 - 2014-12-01 15:24 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.61
2014-12-01 15:24 - 2014-12-01 15:24 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.61.lck
2014-11-30 15:24 - 2014-11-30 15:24 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.60
2014-11-30 15:24 - 2014-11-30 15:24 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.60.lck
2014-11-30 11:55 - 2014-11-30 11:55 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.59
2014-11-30 11:55 - 2014-11-30 11:55 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.59.lck
2014-11-28 22:09 - 2014-11-28 22:09 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.58
2014-11-28 22:09 - 2014-11-28 22:09 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.58.lck
2014-11-28 21:54 - 2014-11-28 21:54 - 00004643 _____ () C:\Users\Tina\AppData\Local\pq.log.0.57
2014-11-28 21:54 - 2014-11-28 21:54 - 00000000 _____ () C:\Users\Tina\AppData\Local\pq.log.0.57.lck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 16:04 - 2012-07-04 16:19 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\DMCache
2014-12-26 16:01 - 2014-10-10 22:11 - 00000408 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-12-26 15:56 - 2014-11-25 10:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 15:35 - 2013-05-18 03:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 15:08 - 2012-11-30 16:53 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001UA.job
2014-12-26 14:56 - 2012-07-01 05:32 - 01294475 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 13:31 - 2014-04-23 07:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 13:05 - 2012-07-01 16:03 - 00000000 ___RD () C:\Users\Tina\Documents\Manga
2014-12-26 12:31 - 2013-12-24 16:48 - 00000428 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Tina).job
2014-12-26 11:54 - 2012-07-01 18:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-26 11:48 - 2012-07-03 07:05 - 00007604 _____ () C:\Users\Tina\AppData\Local\Resmon.ResmonCfg
2014-12-26 10:56 - 2014-11-25 10:51 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 00:47 - 2012-07-03 21:21 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\MediaMonkey
2014-12-26 00:08 - 2012-11-30 16:53 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001Core.job
2014-12-25 20:10 - 2012-07-01 03:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6610CF01-A123-4FF3-A04E-1C4B6E79A249}
2014-12-25 17:13 - 2012-07-04 16:19 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\IDM
2014-12-25 17:13 - 2012-07-04 16:19 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-12-25 17:12 - 2014-10-15 23:29 - 00002052 _____ () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-12-25 17:12 - 2014-10-15 23:29 - 00002022 _____ () C:\Users\Tina\Desktop\FileHippo App Manager.lnk
2014-12-25 17:12 - 2012-07-01 19:13 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-12-24 23:10 - 2009-07-13 23:45 - 00026384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 23:10 - 2009-07-13 23:45 - 00026384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 23:06 - 2012-11-12 20:06 - 00001326 _____ () C:\Users\Tina\Desktop\CopyTrans Control Center.lnk
2014-12-24 20:34 - 2013-12-17 20:32 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Copy
2014-12-24 19:17 - 2012-07-01 18:02 - 00000000 ___RD () C:\Users\Tina\Dropbox
2014-12-24 19:17 - 2012-07-01 17:59 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Dropbox
2014-12-24 19:16 - 2012-07-01 16:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-24 19:15 - 2013-11-20 20:24 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Nitro PDF
2014-12-24 19:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 19:08 - 2014-01-29 21:13 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\IObit
2014-12-24 01:14 - 2014-05-01 20:45 - 00000000 ____D () C:\Users\Guest
2014-12-24 01:14 - 2012-07-03 20:33 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-24 01:14 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-24 01:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-23 23:02 - 2012-07-01 05:33 - 00000000 ____D () C:\Users\Tina
2014-12-23 22:36 - 2014-11-12 17:44 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-23 22:29 - 2012-07-03 22:40 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-12-23 14:44 - 2012-07-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Barnes & Noble
2014-12-23 14:43 - 2012-07-04 22:03 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Barnes & Noble
2014-12-23 14:39 - 2014-09-06 07:17 - 00001958 _____ () C:\Users\Tina\Desktop\KMP Games.lnk
2014-12-23 14:15 - 2012-07-01 20:19 - 00000000 ____D () C:\Users\Tina\AppData\Local\AnVir
2014-12-23 13:54 - 2013-01-27 21:11 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-12-23 13:24 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-22 22:31 - 2014-10-22 22:01 - 00001144 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-12-22 22:31 - 2014-10-22 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-12-22 22:31 - 2014-10-22 22:01 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-12-22 22:31 - 2014-10-22 22:01 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-12-22 20:32 - 2012-09-10 17:12 - 00000000 ____D () C:\Users\Tina\AppData\Local\NETGEARGenie
2014-12-22 20:31 - 2014-01-29 21:14 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-22 18:48 - 2014-08-27 19:37 - 00110640 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-12-22 18:19 - 2014-10-30 20:56 - 00000000 ____D () C:\Users\Tina\AppData\Local\Downloaded Installations
2014-12-22 18:17 - 2013-07-12 15:54 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\BitTorrent
2014-12-22 17:38 - 2012-07-01 18:49 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 17:38 - 2012-07-01 18:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 15:14 - 2014-08-16 19:41 - 04470784 _____ () C:\Users\Tina\AppData\Local\pq.db
2014-12-20 17:03 - 2014-04-23 07:08 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 15:27 - 2014-10-22 22:01 - 00000000 ____D () C:\Users\Tina\AppData\Local\AntiLogger Free
2014-12-16 21:18 - 2012-09-10 17:11 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-12-16 21:18 - 2012-09-10 17:11 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-12-16 21:18 - 2012-09-10 17:11 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-12-16 21:18 - 2012-09-10 17:11 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-12-16 21:18 - 2012-09-10 17:11 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-12-16 21:18 - 2012-09-10 17:11 - 00002066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2014-12-16 21:18 - 2012-09-10 17:11 - 00002054 _____ () C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-12-16 12:15 - 2012-08-28 04:23 - 00000000 ____D () C:\Users\Tina\Documents\Outlook Files
2014-12-15 22:40 - 2014-10-22 22:01 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-12-15 19:21 - 2012-07-03 21:52 - 00416826 _____ () C:\Windows\system32\perfh011.dat
2014-12-15 19:21 - 2012-07-03 21:52 - 00122208 _____ () C:\Windows\system32\perfc011.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00724648 _____ () C:\Windows\system32\perfh019.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00668888 _____ () C:\Windows\system32\perfh005.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00663768 _____ () C:\Windows\system32\perfh01D.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00607036 _____ () C:\Windows\system32\perfh008.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00494562 _____ () C:\Windows\system32\perfh014.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00428472 _____ () C:\Windows\system32\perfh012.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00150950 _____ () C:\Windows\system32\perfc019.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00142582 _____ () C:\Windows\system32\perfc01D.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00141534 _____ () C:\Windows\system32\perfc005.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00120492 _____ () C:\Windows\system32\perfc012.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00111236 _____ () C:\Windows\system32\perfc008.dat
2014-12-15 19:21 - 2012-07-02 06:32 - 00095512 _____ () C:\Windows\system32\perfc014.dat
2014-12-15 19:21 - 2012-07-01 22:02 - 00743546 _____ () C:\Windows\system32\perfh013.dat
2014-12-15 19:21 - 2012-07-01 22:02 - 00153210 _____ () C:\Windows\system32\perfc013.dat
2014-12-15 19:21 - 2012-07-01 21:49 - 00481550 _____ () C:\Windows\system32\perfh00B.dat
2014-12-15 19:21 - 2012-07-01 21:49 - 00101628 _____ () C:\Windows\system32\perfc00B.dat
2014-12-15 19:21 - 2012-07-01 21:42 - 00683802 _____ () C:\Windows\system32\perfh00E.dat
2014-12-15 19:21 - 2012-07-01 21:42 - 00171382 _____ () C:\Windows\system32\perfc00E.dat
2014-12-15 19:21 - 2012-07-01 21:29 - 00745504 _____ () C:\Windows\system32\perfh00A.dat
2014-12-15 19:21 - 2012-07-01 21:29 - 00158582 _____ () C:\Windows\system32\perfc00A.dat
2014-12-15 19:21 - 2012-07-01 21:20 - 00392392 _____ () C:\Windows\system32\perfh00D.dat
2014-12-15 19:21 - 2012-07-01 21:20 - 00084866 _____ () C:\Windows\system32\perfc00D.dat
2014-12-15 19:21 - 2012-07-01 21:09 - 00740094 _____ () C:\Windows\system32\perfh010.dat
2014-12-15 19:21 - 2012-07-01 21:09 - 00146954 _____ () C:\Windows\system32\perfc010.dat
2014-12-15 19:21 - 2012-07-01 21:01 - 00745764 _____ () C:\Windows\system32\perfh00C.dat
2014-12-15 19:21 - 2012-07-01 21:01 - 00479062 _____ () C:\Windows\system32\perfh001.dat
2014-12-15 19:21 - 2012-07-01 21:01 - 00149688 _____ () C:\Windows\system32\perfc00C.dat
2014-12-15 19:21 - 2012-07-01 21:01 - 00094880 _____ () C:\Windows\system32\perfc001.dat
2014-12-15 19:21 - 2012-07-01 20:44 - 00697256 _____ () C:\Windows\system32\perfh007.dat
2014-12-15 19:21 - 2012-07-01 20:44 - 00149224 _____ () C:\Windows\system32\perfc007.dat
2014-12-15 19:21 - 2009-07-14 00:13 - 12446180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 20:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-13 18:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-13 17:46 - 2012-07-04 21:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 17:45 - 2013-07-17 10:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 17:38 - 2012-07-01 16:11 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 17:28 - 2012-07-01 18:02 - 00001013 _____ () C:\Users\Tina\Desktop\Dropbox.lnk
2014-12-13 17:28 - 2012-07-01 18:01 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 14:57 - 2014-11-25 10:51 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 23:25 - 2012-07-01 20:19 - 00000000 ____D () C:\Users\Tina\Documents\Other Manga
2014-12-10 22:51 - 2014-09-18 19:40 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\hakuneko
2014-12-10 02:35 - 2013-05-18 03:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 02:35 - 2012-07-01 21:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 02:35 - 2012-07-01 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 13:54 - 2014-09-18 19:40 - 00000000 ____D () C:\ProgramData\hakuneko
2014-12-03 20:10 - 2014-04-23 07:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 00:34 - 2012-07-04 21:42 - 00000000 ____D () C:\Users\Tina\Documents\School
2014-12-02 13:25 - 2014-04-23 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 13:25 - 2012-07-01 18:50 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-27 22:44 - 2012-07-01 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 00:03 - 2013-10-17 16:35 - 00000000 ____D () C:\ProgramData\Oracle

Files to move or delete:
====================
C:\Users\Tina\Firefox Setup 11.0.exe
C:\Users\Tina\RoboForm-Setup.exe

Some content of TEMP:
====================
C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-22 21:08

==================== End Of Log ============================

Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Tina at 2014-12-26 16:06:08
Running from C:\Users\Tina\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer eDisplay Management (HKLM-x32\...\{A586DC50-B18D-48FB-B7CC-A598200457C2}) (Version: 1.20.011 - Portrait Displays, Inc.)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.58 - Hulubulu Software)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Aimersoft Video Converter Ultimate(Build 5.0.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.0.1.0 - Aimersoft Software)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{47F9B7C3-F172-940F-D0C4-203C7914E5D2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntiLogger Free version 1.8.2.113 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.113 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG)
ASUS USB-N53 Utility (HKLM-x32\...\{E3D76EEB-4512-4FCF-B71B-5802DDC6B3C0}) (Version: 1.0.16.0000 - ASUS)
ATI AVIVO64 Codecs (Version: 11.6.0.10309 - ATI Technologies Inc.) Hidden
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\BitTorrent) (Version: 7.8.1.29989 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (64 bit) (HKLM\...\{B6E694C7-23C3-4A84-B2F6-BDBFAF5C85A4}) (Version: 3.4.20.0 - Box, Inc)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{779EB69C-6DD9-4CB0-B316-2BEE4361755A}) (Version: 1.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cooking Dash (HKLM-x32\...\BFG-Cooking Dash) (Version: - )
Copy (HKLM\...\{2242404A-D301-470B-A8C4-41F47A53D602}) (Version: 1.40.196.0 - Barracuda Networks, Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Delicious 9 - Emily's Honeymoon Cruise (HKLM-x32\...\Delicious 9 - Emily's Honeymoon CruiseFinal) (Version: Final - AllSmartGames)
Delicious Super Pack (HKLM-x32\...\d8cfe1aad65eb7f9bf02ea49c13dc9f6) (Version: - GameHouse)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dragon Keeper (HKLM-x32\...\Dragon Keeper_is1) (Version: 1.0 - Playrix Entertainment)
Dragon Keeper 2 (HKLM-x32\...\Dragon Keeper 2_is1) (Version: 1.0 - Playrix Entertainment)
Dropbox (HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dynasty (HKLM-x32\...\BFG-Dynasty) (Version: - )
Easy Tune 6 B11.0823.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0823.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FreeFileSync 6.1 (HKLM-x32\...\FreeFileSync) (Version: 6.1 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
hakuneko (HKLM-x32\...\hakuneko_is1) (Version: 1.3.6 - Ronny Wegener <[email protected]>)
Happy Chef 2 (HKLM-x32\...\Happy Chef 2Final) (Version: Final - AllSmartGames)
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
Hotel Dash 2: Lost Luxuries (HKLM-x32\...\BFG-Hotel Dash 2 - Lost Luxuries) (Version: - )
HydraVision (x32 Version: 4.2.188.0 - ATI Technologies Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
LightScribe Applications (HKLM-x32\...\{7D8B9DA5-370A-48B6-AD8D-63574C974AAC}) (Version: 1.18.26.7 - LightScribe)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
Mahjong Towers Eternity ™ (HKLM-x32\...\BFG-Mahjong Towers Eternity) (Version: - )
Mahjongg Dimensions Deluxe (HKLM-x32\...\BFG-Mahjongg Dimensions Deluxe) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MangaRipper (HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\b036966838b42bb1) (Version: 2013.5.20.78 - MangaRipper)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mendeley Desktop 1.12.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.3 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\...\MusicManager) (Version: - Google, Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nitro Pro 9 (HKLM-x32\...\{5d48b872-0053-4f83-b74c-577d3ffe2f2f}) (Version: 9.0.4.5 - Nitro)
Nitro Pro 9 (Version: 9.0.4.5 - Nitro) Hidden
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Pivot Software (x32 Version: 8.21.013 - Portrait Displays, Inc.) Hidden
Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.5 - Prezi.com)
ProQuest For Word (HKLM-x32\...\{F346E6F3-14BC-4406-AD90-98625B60D319}) (Version: 4.3.1217 - ProQuest)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6423 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SDK (x32 Version: 2.05.004 - Portrait Displays, Inc.) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spirit Of Wandering (HKLM-x32\...\Spirit Of Wandering_is1) (Version: - Playrix Entertainment)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1006 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Svchost Fix Wizard (HKLM-x32\...\Svchost Fix Wizard_is1) (Version: 1.0 - Security Stronghold)
SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.48.0 - 2BrightSparks)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinImage (HKLM\...\WinImage) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX DVD Copy Pro 3.4.5 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 7.5.4 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WonderFox DVD Video Converter version 7.5 (HKLM-x32\...\{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1) (Version: 7.5 - WonderFox Soft, Inc)
ZIP PASSWORD FINDER (HKLM-x32\...\ZIP PASSWORD FINDER) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18585BC4-9468-D082-92CB-29E985889A47} No File
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5E469329-9468-D082-7F03-37AF85889A47} No File
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-11-2014 16:00:49 Windows Update
08-11-2014 20:31:54 Windows Backup
08-11-2014 23:42:41 Windows Backup
09-11-2014 00:10:24 Windows Backup
09-11-2014 01:30:01 Windows Backup
12-11-2014 06:28:28 Windows Update
12-11-2014 17:37:19 avast! antivirus system restore point
13-11-2014 23:05:21 Windows Backup
14-11-2014 07:19:48 Windows Backup
14-11-2014 16:15:41 Windows Backup
14-11-2014 17:21:46 Revo Uninstaller's restore point - RegCure Pro
14-11-2014 17:26:29 Windows Backup
16-11-2014 19:01:59 Windows Backup
24-11-2014 22:10:17 Windows Update
24-11-2014 23:05:05 Installed iTunes
24-11-2014 23:22:50 Revo Uninstaller's restore point - Evernote v. 5.6.4
24-11-2014 23:23:48 Removed Evernote v. 5.6.4
25-11-2014 10:41:51 Revo Uninstaller's restore point - Google Chrome
01-12-2014 20:12:58 Windows Update
07-12-2014 19:02:34 Windows Backup
08-12-2014 03:30:18 Windows Update
13-12-2014 13:15:02 Windows Update
13-12-2014 17:29:27 Windows Update
17-12-2014 17:34:33 Windows Update
23-12-2014 12:46:01 Windows Update
23-12-2014 13:51:01 Revo Uninstaller's restore point - Belarc Advisor 8.4
23-12-2014 14:23:59 Revo Uninstaller's restore point - AnVir Task Manager Free
23-12-2014 14:42:21 Revo Uninstaller's restore point - NOOK Study
23-12-2014 15:03:57 Revo Uninstaller's restore point - Emsisoft HiJackFree 4.5
23-12-2014 15:13:48 Revo Uninstaller's restore point - Emsisoft HiJackFree 4.5
23-12-2014 15:17:17 Revo Uninstaller's restore point - Security Task Manager 2.0
23-12-2014 22:29:39 avast! antivirus system restore point
23-12-2014 23:10:57 Revo Uninstaller's restore point - Security Task Manager 2.0
23-12-2014 23:24:11 Revo Uninstaller's restore point - CleanMem

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {039770C9-B15F-4C56-A3DB-FD5888008684} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001UA => C:\Users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {18687DBD-BEB4-4C0C-A43D-13C6B82A7A9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {3A1BF53A-26F5-4FEA-A060-AE35C5C2CF8A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4B312F16-EE8C-4911-BA4B-4BE5B8B25848} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001Core => C:\Users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {4B4FDB56-DED4-4015-99C3-BA7438EEC8D2} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Tina) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {515FB273-74B6-4E11-A8A1-3F0FF06C85C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {5686BFE1-93B1-4F07-8816-FC735F556F5C} - System32\Tasks\{1CF28911-519F-40DA-AF67-4517A68809A1} => pcalua.exe -a C:\Users\Tina\Desktop\zpf.exe -d C:\Users\Tina\Desktop
Task: {5F3C108B-57C1-4146-A767-8662FAC7B6B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {664E8434-C87B-48BA-B5A1-EE319ED83DDA} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {9E213E97-BBC9-4EA1-BCF3-F421900D825E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {A2799A1E-389B-4373-B886-3492A6D6DEF5} - System32\Tasks\{A6E28114-459F-4ACF-BDCE-B6E4DE3042D7} => pcalua.exe -a C:\Users\Tina\Downloads\Programs\Evernote_5.6.4.4632.exe -d C:\Users\Tina\AppData\Roaming\IDM
Task: {AD796AEC-425B-480C-B189-0CEE61B24540} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-12] (Siber Systems)
Task: {B43D93D1-14F9-4CA2-BADB-0C6C4B5DAF0C} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2014-01-08] (Ashampoo Development GmbH & Co. KG)
Task: {BCCA7FEC-FAC0-493E-8B73-745357E92885} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CAB27698-8500-4875-AF21-4322A0F41D0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {E4251AB5-0ED6-4E44-B04F-E4F4660A1F7C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {FEC084EE-C8E2-4AAC-9C9D-883D52E856BC} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001Core.job => C:\Users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053570190-3216729564-2836280372-1001UA.job => C:\Users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Tina).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2012-07-02 19:59 - 2008-06-06 13:40 - 00069632 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2013-11-26 19:18 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2012-07-05 20:15 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-12-17 20:32 - 2014-09-12 11:01 - 08212480 _____ () C:\Users\Tina\AppData\Roaming\Copy\overlay\Brt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-04 16:43 - 2012-03-29 12:03 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2013-05-04 14:22 - 2013-01-08 09:32 - 00721917 _____ () C:\Windows\SysWOW64\AiCM64.dll
2012-03-20 00:09 - 2012-03-20 00:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-06 10:28 - 2014-11-06 10:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-11-12 17:44 - 2014-11-12 17:44 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-12 17:44 - 2014-11-12 17:44 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-11 06:30 - 2014-12-11 06:30 - 01444560 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2014-12-24 13:48 - 2014-12-24 13:48 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122401\algo.dll
2014-11-12 17:44 - 2014-11-12 17:44 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-26 13:27 - 2014-12-26 13:27 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122601\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 10683392 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 07741952 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 02248192 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 01681408 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00117248 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00231936 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00253440 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00344064 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 00026624 _____ () C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 04:46 - 2014-11-17 04:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 04:55 - 2014-11-10 04:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 02:36 - 2014-11-05 02:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 02:37 - 2014-11-05 02:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 05:53 - 2014-11-14 05:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 21:05 - 2014-06-29 21:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 04:13 - 2014-11-07 04:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 15:27 - 2012-10-15 15:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 02:00 - 2014-11-17 02:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 03:39 - 2014-09-11 03:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 02:51 - 2014-11-05 02:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 01:21 - 2014-11-17 01:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 01:18 - 2014-11-17 01:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 04:39 - 2014-11-06 04:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 02:58 - 2014-11-05 02:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 03:00 - 2014-11-05 03:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 03:23 - 2014-11-03 03:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 21:22 - 2014-06-18 21:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 02:59 - 2014-11-05 02:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 03:01 - 2014-11-05 03:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 21:33 - 2014-06-29 21:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2014-11-12 17:44 - 2014-11-12 17:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-24 19:15 - 2014-12-24 19:15 - 00043008 _____ () c:\users\tina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00118784 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2014-08-20 14:22 - 2014-11-13 21:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-12 14:57 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 14:57 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 14:57 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 14:57 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-10 02:35 - 2014-12-10 02:35 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1297FF3C
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82768632.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82768632.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Copy => "C:\Users\Tina\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-3053570190-3216729564-2836280372-500 - Administrator - Disabled)
Guest (S-1-5-21-3053570190-3216729564-2836280372-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3053570190-3216729564-2836280372-1002 - Limited - Enabled)
Tina (S-1-5-21-3053570190-3216729564-2836280372-1001 - Administrator - Enabled) => C:\Users\Tina

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 03:00:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/24/2014 07:14:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 11:17:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 07:31:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/23/2014 10:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:28:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.1.5430, time stamp: 0x54656826
Faulting module name: mozalloc.dll, version: 33.1.1.5430, time stamp: 0x54654321
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1fec
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/23/2014 09:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.1.5430, time stamp: 0x54656826
Faulting module name: mozalloc.dll, version: 33.1.1.5430, time stamp: 0x54654321
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1dfc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/23/2014 09:28:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.1.1.5430 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 70c

Start Time: 01d01eea7f3006d3

Termination Time: 16

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 7d54dbf3-8b14-11e4-9f0c-50e549c6becf

System errors:
=============
Error: (12/24/2014 07:16:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/24/2014 07:11:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (12/24/2014 07:11:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

Error: (12/24/2014 07:11:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x8007045b

Error: (12/24/2014 07:11:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%1722.

Error: (12/24/2014 01:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/24/2014 11:21:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/23/2014 11:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/23/2014 10:31:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005

Error: (12/23/2014 10:31:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Microsoft Office Sessions:
=========================
Error: (12/25/2014 03:00:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (12/24/2014 07:14:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 11:17:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 07:31:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (12/23/2014 10:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:28:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.54305465432180000003000014251fec01d01eee30e3e17cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll84f46348-8b14-11e4-9f0c-50e549c6becf

Error: (12/23/2014 09:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.54305465432180000003000014251dfc01d01eed8c684602C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8313bc3c-8b14-11e4-9f0c-50e549c6becf

Error: (12/23/2014 09:28:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.1.1.543070c01d01eea7f3006d316C:\Program Files (x86)\Mozilla Firefox\firefox.exe7d54dbf3-8b14-11e4-9f0c-50e549c6becf

CodeIntegrity Errors:
===================================
Date: 2014-05-03 14:03:00.261
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\WerFault.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:03:00.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\WerFault.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:03:00.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\WerFault.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.981
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wermgr.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wermgr.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wermgr.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\TabTip.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.695
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\TabTip.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-05-03 14:02:59.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\TabTip.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-04-23 07:44:33.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\x86_microsoft-windows-webservices_31bf3856ad364e35_6.2.8400.0_none_97a7c0f606b9f544\webservices.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 58%
Total physical RAM: 16301.12 MB
Available physical RAM: 6780.06 MB
Total Pagefile: 16315.3 MB
Available Pagefile: 6660.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.5 GB) (Free:391.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.5 GB) (Free:189.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B5D4B5C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60966096)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4
zep516

Posted 26 December 2014 - 03:12 PM

Trusted Helper

Malware Removal
8,093 posts

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Thanks
Joe

#5
litup69

Posted 26 December 2014 - 03:50 PM

Member

Topic Starter
Member
39 posts

The AdwCleaner [SO].txt Log

# AdwCleaner v4.106 - Report created 26/12/2014 at 16:29:00
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tina - TINA-PC
# Running from : C:\Users\Tina\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Aimersoft Video Converter Ultimate
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Tina\AppData\Local\apn
Folder Deleted : C:\Users\Tina\AppData\Local\Conduit
Folder Deleted : C:\Users\Tina\AppData\Local\SecTaskMan
Folder Deleted : C:\Users\Tina\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Tina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tina\AppData\Roaming\Aimersoft Video Converter Ultimate
Folder Deleted : C:\Users\Tina\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Tina\Documents\Aimersoft Video Converter Ultimate
Folder Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\Extensions\[email protected]
Folder Deleted : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\END
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\brubcep0.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{54AD0137-6C8D-4407-B6BE-60A89401776F}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\b1.org
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.1000082.isPlayDisplay", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.1000082.state", "{\"state\":\"stopped\",\"text\":\"Danceradio\",\"description\":\"Danceradio\",\"url\":\"hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.FF19Solved", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.FirstTime", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.FirstTimeFF3", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.GK_HotspotShield_NOTIF_26_02_SENT.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTc0MTE5Mw==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NTc0MTIwNQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "NQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Ng==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3NTc0MTg0MA==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM3NTc0MTQ3NQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.LOCAL_COOKIE_THROTTLE_BASEadd_stats0LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3NTc0MTYyNQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.SF_STATUS.enc", "RU5BQkxFRA==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.SF_USER_ID.enc", "Y2lkXzU4MjAxMzE4MTk1MjIwNDE2MDY=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.SearchAppState.enc", "Mg==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.UserID", "UN40796537495162440");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.acp_personal.appstate.enc", "ZW5hYmxl");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.addressBarTakeOverEnabledInHidden", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.cb_experience_000.enc", "Mg==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.cb_firstuse0100.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.cb_user_id_000.enc", "Q0IxMDAyMDIwNDAxMzRfMTM3NTc0MTIxMjE5OV9GaXJlZm94");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.cbfirsttime.enc", "TW9uIEF1ZyAwNSAyMDEzIDE4OjE5OjUyIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.countryCode", "US");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.defaultSearch", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.enableAlerts", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.enableSearchFromAddressBar", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.firstTimeDialogOpened", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.fixPageNotFoundError", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.fixPageNotFoundErrorByUser", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.fixPageNotFoundErrorInHidden", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.fixUrls", true);
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.fullUserID", "UN40796537495162440.IN.20130805181848");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installDate", "05/08/2013 18:18:47");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installId", "conduitinstaller.exe");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installSessionId", "-1");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installSp", "TRUE");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installType", "conduitnsisintegration");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installUsage", "2013-08-06T01:19:11.4709369+03:00");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installUsageEarly", "2013-08-06T01:19:05.0338676+03:00");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.installerVersion", "1.5.4.5");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.isCheckedStartAsHidden", true);
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.isFirstTimeToolbarLoading", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.keyword", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=15&CUI=UN40796537495162440&SSPV=&Lay=1&UM=2\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.lastVersion", "10.16.9.506");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appStateReportTime.enc", "MTM3NTc0MTE1NTA4OA==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_ACplus.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_CouponBuddy.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_DealPly.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_Easytobook.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_Easytobook_targeted.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_Find-a-Pro.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appState_WindowShopper.enc", "b24=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwidXJsIjoiaHR0cDovL3d3dy5zb2NpYWxncm93dGh0ZWNobm9sb2dpZXMuY29tL2NvdXBvbmJ1ZGR5X3YwMDMvaW5kZXgucGhwP2N0aWQ9RUJUT09MQkFS[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_calledSetupService.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIzMmE3ZDJkYy1lNTE3LTRkNWUtOGY5YS05NmU2NWIyNDEzOTYiLCJ[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_currentVersion.enc", "MS45LjAuNA==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_first_time.enc", "MQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_lastLoginTime.enc", "MTM3NTc0MTE1MTIwNQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDlfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.mam_gk_userId.enc", "ODBkZDMxMjItZDJkOC00NTQwLWEzYWEtMmM4YWM1YzRlODBk");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.migrateAppsAndComponents", true);
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fweb.mail.comcast.net%2Fzimbra%2Fmail%3Fapp%3Dmail%231\",\"EB_MAIN_FRAME_TITLE\":\"XFINITY%20[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.openThankYouPage", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.openUninstallPage", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.originalSearchAddressUrl", "");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.revertSettingsEnabled", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.search.searchAppId", "128491907208256770");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.search.searchCount", "0");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.searchInNewTabEnabledByUser", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.searchInNewTabEnabledInHidden", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.searchRevert", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.searchSuggestEnabledByUser", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.searchUserMode", "2");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.sendUsageEnabled", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://HotspotShield.OurToolbar.com//xpi\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_Configuration_lastUpdate", "1376095219553");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375741146685");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_appsMetadata_lastUpdate", "1375741871627");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375741145292");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1375741143313");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1375741149130");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_login_10.16.9.506_lastUpdate", "1376095343255");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_login_10.16.9.6_lastUpdate", "1375769950293");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375741145533");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_searchAPI_lastUpdate", "1376095219509");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_serviceMap_lastUpdate", "1376095219423");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375741145270");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_toolbarSettings_lastUpdate", "1376095342107");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.serviceLayer_services_translation_lastUpdate", "1376095339930");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.settingsINI", true);
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.shouldFirstTimeDialog", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.showToolbarPermission", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.smartbar.CTID", "CT1561552");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.smartbar.Uninstall", "0");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.smartbar.isHidden", true);
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.smartbar.toolbarName", "Hotspot Shield ");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.startPage", "false");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.toolbarBornServerTime", "6-8-2013");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.toolbarCurrentServerTime", "10-8-2013");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.toolbarDisabled", "true");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.toolbarLoginClientTime", "Mon Aug 05 2013 18:19:09 GMT-0400 (Eastern Standard Time)");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.url_history0001.enc", "aHR0cDovL3d3dy5maW5kaXBpbmZvLmNvbS8jOjo6Y2xpY2toYW5kbGVyOjo6MTM3NTc0MTI2ODc3MywsLGh0dHA6Ly93d3cuZmluZGlwaW5mby5jb20vIzo6OmNsaWNraGFuZGxlcjo6OjEzNzU3NDEyNjg3[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.versionFromInstaller", "10.16.9.6");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552.xpeMode", "0");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376008814289,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[brubcep0.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1561552");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=");
[brubcep0.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "3QTJA0HYJVVFHI6RWVG9GNWJVRUNI7EB3FW9TGOEVEL9V1GIUAJWJD07Z4CWPGHUV6VAMO8UZZUDLVZENRFYTW");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN32413173673254926&UM=2&SSPV=TB_CS7
[C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN32413173673254926&UM=2&SSPV=TB_CS7

*************************

AdwCleaner[R0].txt - [26011 octets] - [26/12/2014 16:25:36]
AdwCleaner[S0].txt - [27056 octets] - [26/12/2014 16:29:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27117 octets] ##########

The JRT.txt Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Tina on Fri 12/26/2014 at 16:41:12.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\One-Click Optimizer.job

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\brubcep0.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\brubcep0.default\smartbar
Successfully deleted the following from C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\brubcep0.default\prefs.js

user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=");
user_pref("smartbar.machineId", "3QTJA0HYJVVFHI6RWVG9GNWJVRUNI7EB3FW9TGOEVEL9V1GIUAJWJD07Z4CWPGHUV6VAMO8UZZUDLVZENRFYTW");
Emptied folder: C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\brubcep0.default\minidumps [134 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/26/2014 at 16:47:30.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
zep516

Posted 26 December 2014 - 03:53 PM

Trusted Helper

Malware Removal
8,093 posts

Thanks and hello,

You already have malwarebytes so you will not have to download, you also already ran it too, but I need to see another Malwarebyts log. You may skip the download part:

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

#7
litup69

Posted 26 December 2014 - 04:23 PM

Member

Topic Starter
Member
39 posts

Malwarebyts log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 4:57:09 PM
Logfile: Malwarebyts log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.11
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413553
Time Elapsed: 10 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#8
zep516

Posted 26 December 2014 - 04:44 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {54AD0137-6C8D-4407-B6BE-60A89401776F} URL = http://search.condui...M=2&SSPV=TB_CS7
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-08-20]
FF Extension: No Name - [email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-22 18:17 - 2013-07-12 15:54 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\BitTorrent
CMD: ipconfig /flushdns
C:\Users\Tina\Firefox Setup 11.0.exe
C:\Users\Tina\RoboForm-Setup.exe
C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18585BC4-9468-D082-92CB-29E985889A47} No File
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5E469329-9468-D082-7F03-37AF85889A47} No File
Task: {5F3C108B-57C1-4146-A767-8662FAC7B6B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {664E8434-C87B-48BA-B5A1-EE319ED83DDA} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1297FF3C
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82768632.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82768632.sys => ""="Driver"



Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Your next reply post:

1- Fixlog.txt, found on desktop..

Thanks
Joe

#9
litup69

Posted 26 December 2014 - 04:59 PM

Member

Topic Starter
Member
39 posts

1- Fixlog.txt, found on desktop..

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Tina at 2014-12-26 17:50:44 Run:1
Running from C:\Users\Tina\Desktop
Loaded Profile: Tina (Available profiles: Tina & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001 -> {54AD0137-6C8D-4407-B6BE-60A89401776F} URL = http://search.condui...M=2&SSPV=TB_CS7
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN40796537495162440&UM=2&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-08-20]
FF Extension: No Name - [email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-22 18:17 - 2013-07-12 15:54 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\BitTorrent
CMD: ipconfig /flushdns
C:\Users\Tina\Firefox Setup 11.0.exe
C:\Users\Tina\RoboForm-Setup.exe
C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18585BC4-9468-D082-92CB-29E985889A47} No File
CustomCLSID: HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5E469329-9468-D082-7F03-37AF85889A47} No File
Task: {5F3C108B-57C1-4146-A767-8662FAC7B6B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {664E8434-C87B-48BA-B5A1-EE319ED83DDA} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1297FF3C
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82768632.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82768632.sys => ""="Driver"

Emptytemp:
reboot:
end
*****************

Processes closed successfully.
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key not found.
HKCR\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key not found.
HKU\S-1-5-21-3053570190-3216729564-2836280372-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54AD0137-6C8D-4407-B6BE-60A89401776F} => Key not found.
HKCR\CLSID\{54AD0137-6C8D-4407-B6BE-60A89401776F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
Firefox Keyword.URL deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] => Moved successfully.
FF Extension: No Name - [email protected] [Not Found] not found.
FF Extension: No Name - [email protected] [Not Found] not found.
motandroidusb => Service deleted successfully.
MSICDSetup => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Tina\AppData\Roaming\BitTorrent => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Users\Tina\Firefox Setup 11.0.exe => Moved successfully.
C:\Users\Tina\RoboForm-Setup.exe => Moved successfully.
"C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatwrr_.dll" => File/Directory not found.
"HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => Key deleted successfully.
"HKU\S-1-5-21-3053570190-3216729564-2836280372-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F3C108B-57C1-4146-A767-8662FAC7B6B3} => Key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664E8434-C87B-48BA-B5A1-EE319ED83DDA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":1297FF3C" ADS removed successfully.
C:\ProgramData\TEMP => ":22741C1F" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":4B244549" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":6F1F66C0" ADS removed successfully.
C:\ProgramData\TEMP => ":EB333CFC" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\82768632.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\82768632.sys" => Key deleted successfully.
EmptyTemp: => Removed 140.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:50:51 ====

#10
zep516

Posted 26 December 2014 - 05:12 PM

Trusted Helper

Malware Removal
8,093 posts

Download HijackThis

Go Here to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

#11
litup69

Posted 26 December 2014 - 05:17 PM

Member

Topic Starter
Member
39 posts

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:17:02 PM, on 12/26/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 33.1.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\HDD Health\hddhealth.exe
C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Users\Tina\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WsSVRIEHelper - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Tina\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Tina\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HDDHealth.lnk = C:\Program Files (x86)\HDD Health\hddhealth.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HDDHealth - Unknown owner - C:\Program Files (x86)\HDD Health\HDDHealthService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe

--
End of file - 17785 bytes

#12
zep516

Posted 26 December 2014 - 05:54 PM

Trusted Helper

Malware Removal
8,093 posts

This is actually an optional fix. You have a lot of programs running at start up when windows boots. This can slow boot and also use excessive memory.

Right click Hijackthis and run as administrator
This time do a system scan only, wait for the scan to finish.
Now place a check mark in the following Entries:

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Tina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Dropbox.lnk = Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe

Click fix checked
Close Hijackthis
Reboot

Thanks
Joe

Let me know how the computer is at this point.

#13
litup69

Posted 26 December 2014 - 06:15 PM

Member

Topic Starter
Member
39 posts

So far it is running without any issues but I am limiting the number of things that I am doing right now.

I did the optional fix.

Was that to improve start up time? If so, there was no change in start up time.

#14
zep516

Posted 26 December 2014 - 06:43 PM

Trusted Helper

Malware Removal
8,093 posts

After several reboots it may improve.

Run the computer as you normally would for a while and let me know.

Lets check a few more items, post checkup.txt and run the computer for a while.

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Are you the only user of this computer ?

#15
litup69

Posted 26 December 2014 - 08:39 PM

Member

Topic Starter
Member
39 posts

I am the only user for this computer

checkup.txt:

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
JavaFX 2.1.1
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 33.1.1 Firefox out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Online Games Manager ogmservice.exe
AVAST Softwar
Ruiware WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````