Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Generic_r.eji problem [Solved]

Generic_r.eji

  • This topic is locked This topic is locked

#1
nwj629

nwj629

    New Member

  • Member
  • Pip
  • 8 posts
I have the same problem as "newworldmike1"
 
I noticed some slowdowns with with the Internet (CPU running at 100%) and several tabs of untrusted site showing up.
 
I have done several full scan with AVG Free 20145 and I keep getting results stating
Trojan horse Generic_r/EJI emanating from various files in Windows\SysWOW64.  Some of the infections are able to be secured while others say the Element Can Not Be Found.  After removing the items, subsequent scans still have the same infections.If I disconnect the internet cable the system seems to go back to normal.
 
I also noticed strange processes active in my taskmgr including ctfmon, dllhost, fixmapi, dvdupgdr, and others even though it goes not seem the process is actually active.  I force close the processes, but they return again in a few minutes. 
 
I downloaded and ran OTL Tool.  The logs are attached below.   Please let me know what I can do.
********************OTL.Txt******************************************

OTL logfile created on: 1/4/2015 1:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Norm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 70.01% Memory free
15.50 Gb Paging File | 12.80 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 708.16 Gb Free Space | 76.02% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 166.59 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive E: | 488.71 Mb Total Space | 449.03 Mb Free Space | 91.88% Space Free | Partition Type: FAT
Drive F: | 372.61 Gb Total Space | 136.59 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
 
Computer Name: NORM-PC | User Name: Norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/01/04 13:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Norm\Desktop\OTL.exe
PRC - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/12/18 09:51:32 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
PRC - [2014/12/18 09:51:14 | 003,667,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/13 22:17:33 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/06 10:29:26 | 000,602,880 | ---- | M] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2014/11/06 10:28:44 | 000,105,216 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/09/18 18:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2014/08/12 06:36:02 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe
PRC - [2014/06/05 03:19:38 | 000,093,040 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2014/03/11 22:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/03/05 12:02:46 | 001,470,280 | R--- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
PRC - [2012/09/20 16:57:02 | 004,139,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
PRC - [2011/11/17 01:36:22 | 001,231,472 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
PRC - [2010/02/08 13:43:20 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/10/12 14:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/04 08:21:21 | 001,160,704 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_ssl.pyd
MOD - [2015/01/04 08:21:21 | 000,805,888 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._gdi_.pyd
MOD - [2015/01/04 08:21:21 | 000,110,080 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\PyWinTypes27.dll
MOD - [2015/01/04 08:21:21 | 000,027,136 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_multiprocessing.pyd
MOD - [2015/01/04 08:21:21 | 000,007,168 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\hashobjs_ext.pyd
MOD - [2015/01/04 08:21:20 | 000,713,216 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_hashlib.pyd
MOD - [2015/01/04 08:21:19 | 001,062,400 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._controls_.pyd
MOD - [2015/01/04 08:21:19 | 000,811,008 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._windows_.pyd
MOD - [2015/01/04 08:21:19 | 000,070,656 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._html2.pyd
MOD - [2015/01/04 08:21:19 | 000,025,600 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32pdh.pyd
MOD - [2015/01/04 08:21:19 | 000,024,064 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32pipe.pyd
MOD - [2015/01/04 08:21:18 | 000,686,080 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\unicodedata.pyd
MOD - [2015/01/04 08:21:18 | 000,127,488 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\pyexpat.pyd
MOD - [2015/01/04 08:21:18 | 000,108,544 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32security.pyd
MOD - [2015/01/04 08:21:18 | 000,045,568 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_socket.pyd
MOD - [2015/01/04 08:21:18 | 000,038,912 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32inet.pyd
MOD - [2015/01/04 08:21:18 | 000,018,432 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32event.pyd
MOD - [2015/01/04 08:21:18 | 000,017,408 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32profile.pyd
MOD - [2015/01/04 08:21:18 | 000,010,240 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\select.pyd
MOD - [2015/01/04 08:21:17 | 000,525,640 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/04 08:21:17 | 000,167,936 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32gui.pyd
MOD - [2015/01/04 08:21:17 | 000,119,808 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32file.pyd
MOD - [2015/01/04 08:21:16 | 000,128,512 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_elementtree.pyd
MOD - [2015/01/04 08:21:16 | 000,087,552 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\_ctypes.pyd
MOD - [2015/01/04 08:21:14 | 000,098,816 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32api.pyd
MOD - [2015/01/04 08:21:13 | 000,557,056 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\pysqlite2._sqlite.pyd
MOD - [2015/01/04 08:21:13 | 000,320,512 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32com.shell.shell.pyd
MOD - [2015/01/04 08:21:13 | 000,022,528 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32ts.pyd
MOD - [2015/01/04 08:21:12 | 001,175,040 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._core_.pyd
MOD - [2015/01/04 08:21:12 | 000,364,544 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\pythoncom27.dll
MOD - [2015/01/04 08:21:11 | 000,735,232 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._misc_.pyd
MOD - [2015/01/04 08:21:11 | 000,078,336 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._animate.pyd
MOD - [2015/01/04 08:21:11 | 000,011,264 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32crypt.pyd
MOD - [2015/01/04 08:21:10 | 000,122,368 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\wx._wizard.pyd
MOD - [2015/01/04 08:21:09 | 000,035,840 | ---- | M] () -- C:\Users\Norm\AppData\Local\Temp\_MEI41442\win32process.pyd
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/11/17 04:46:22 | 000,639,488 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2014/11/17 02:00:34 | 001,056,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2014/11/17 01:21:08 | 010,374,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2014/11/17 01:18:32 | 002,496,512 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2014/11/14 05:53:22 | 006,499,840 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2014/11/10 04:55:06 | 001,686,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2014/11/07 04:13:32 | 002,475,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
MOD - [2014/11/06 10:28:44 | 000,105,216 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2014/11/06 04:39:44 | 000,200,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2014/11/05 03:01:04 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2014/11/05 03:00:24 | 000,435,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2014/11/05 02:59:24 | 000,642,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2014/11/05 02:58:54 | 000,889,344 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2014/11/05 02:51:50 | 001,191,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2014/11/05 02:37:06 | 000,632,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2014/11/05 02:36:18 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2014/11/03 03:23:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2014/09/11 03:39:34 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2014/09/04 01:00:44 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2014/09/04 01:00:34 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2014/09/04 01:00:28 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2014/09/04 01:00:20 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2014/06/29 21:33:52 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2014/06/29 21:05:12 | 001,183,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
MOD - [2014/06/29 20:55:38 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2014/06/29 20:55:00 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2014/06/18 21:22:04 | 002,177,405 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2013/09/28 20:14:20 | 001,233,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
MOD - [2013/09/28 20:14:06 | 003,369,922 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
MOD - [2013/09/28 20:14:06 | 001,978,690 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
MOD - [2013/09/28 20:14:04 | 022,378,434 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
MOD - [2013/09/28 20:13:48 | 000,989,805 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
MOD - [2013/09/28 20:13:48 | 000,544,817 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2013/09/28 20:13:48 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
MOD - [2013/09/28 20:13:48 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
MOD - [2013/09/28 20:13:48 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
MOD - [2013/09/28 20:13:48 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
MOD - [2013/09/28 20:13:48 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
MOD - [2013/01/16 11:58:54 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2013/01/16 11:58:52 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2013/01/16 11:58:50 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2012/10/15 15:28:38 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
MOD - [2012/10/15 15:28:30 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/10/15 15:28:30 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/10/15 15:28:04 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/10/15 15:28:02 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
MOD - [2012/10/15 15:27:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
MOD - [2012/09/20 16:57:02 | 004,139,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
MOD - [2008/12/12 17:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 17:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/07/03 15:19:06 | 000,263,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/30 22:20:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/18 10:00:17 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/12/18 09:51:32 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe -- (avgfws)
SRV - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/24 12:48:34 | 002,604,856 | ---- | M] (AVG Technologies) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/11/06 10:29:36 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2014/11/04 17:40:02 | 005,795,120 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2014/09/18 18:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2014/06/05 03:19:38 | 000,093,040 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/11 22:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 22:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/18 10:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/25 20:15:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/07 12:39:52 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/02/08 13:43:20 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/11/18 16:30:19 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 14:05:58 | 000,183,584 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetgearUDSTcpBus.sys -- (NetgearUDSTcpBus)
DRV:64bit: - [2012/08/13 14:03:32 | 000,107,296 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NetgearUDSMBus.sys -- (NetgearUDSMBus)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/25 20:13:15 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 13:35:06 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/12/12 17:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 17:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV - [2014/11/24 12:31:18 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2014/07/01 12:37:56 | 000,020,872 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2012/06/15 13:04:00 | 000,092,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys -- (NetgearUDSMBus)
DRV - [2012/06/15 13:02:58 | 000,153,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys -- (NetgearUDSTcpBus)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...a-1067aba099b2,
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-oc
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {F277C811-E1FF-46A7-95F9-1127EB5F3940}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://online.tvguid...s/?rnd=705.5475
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 BF 17 A0 1F EB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://Vosteran.com/...=1783797077&ir=
IE - HKCU\..\SearchScopes\{043932FB-04A6-40A0-BE36-5464BF4D01AE}: "URL" = http://www.google.co...1I7GGIE_enUS424
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...40F000272A92CFD
IE - HKCU\..\SearchScopes\{10A3D284-33C1-4352-BC60-F98875ACDD80}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{1EB9BA02-CFF9-46DF-B54F-897311B50A6C}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{41A0E243-58AD-4A50-BE0D-865A6EC16A2B}: "URL" = http://websearch.ask...55-ADEBD335CFDB
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{7EA95CA4-39AC-432B-9EEE-F2B4F2A4B215}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...a-1067aba099b2,
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{E6490549-FF9D-4ED3-8B36-65CDEEEBD933}: "URL" = http://us.yhs4.searc...&type=tb_ie_chr
IE - HKCU\..\SearchScopes\{F277C811-E1FF-46A7-95F9-1127EB5F3940}: "URL" = http://search.condui...1129379182&UM=2
IE - HKCU\..\SearchScopes\{F8E074EF-2AB5-42A4-B0F9-DA7A0E280E1A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F9610B63-BDF5-4846-BBE0-39671FA42A41}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..CT3294791.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-oc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-oc"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Vosteran"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.tvguide.com/Listings/"
FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: playonplugin%40playon.tv:1.0
FF - prefs.js..extensions.enabledAddons: %7B9D6218B8-03C7-4b91-AA43-680B305DD35C%7D:3.3.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.10
FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.95.133
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "http://trovi.com/Res...633257&UM=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@playon.tv/PlayOnToolbar: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6311158d-1248-4c22-b80e-0fce899a0c7c}: C:\Program Files (x86)\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/18 10:00:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/12/17 15:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
 
[2011/03/26 21:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Extensions
[2011/03/26 21:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/25 19:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/01/03 13:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions
[2014/10/24 08:43:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/11/13 09:44:32 | 000,000,000 | ---D | M] (Vafmusic2) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
[2015/01/03 13:24:26 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]e264651bb.com
[2012/07/22 15:35:52 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]
[2014/09/05 09:47:24 | 000,000,000 | ---D | M] (PlayOn) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]
[2011/03/26 15:31:49 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]
[2015/01/03 13:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]e264651bb.com\extensionData
[2015/01/03 13:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]e264651bb.com\extensionData\plugins
[2015/01/03 13:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]e264651bb.com\extensionData\userCode
[2014/12/28 14:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\q28cj05m.default\extensions
[2014/09/05 09:47:24 | 000,000,000 | ---D | M] (PlayOn) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\q28cj05m.default\extensions\[email protected]
[2014/12/28 17:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\q28cj05m.default\extensions\staged
[2014/12/12 10:18:35 | 002,551,632 | ---- | M] () (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\[email protected]
[2015/01/02 14:22:31 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/12/17 12:27:26 | 000,085,243 | ---- | M] () (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
[2014/11/12 16:34:54 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/30 21:55:07 | 000,002,325 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\askcom.xml
[2010/12/20 08:51:09 | 000,001,832 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\bing.xml
[2014/02/19 16:25:50 | 000,000,880 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\conduit-search.xml
[2013/04/11 11:46:34 | 000,001,294 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\delta.xml
[2014/12/23 09:04:10 | 000,001,168 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\vafmusic2-customized-web-search.xml
[2014/12/28 17:30:49 | 000,002,827 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\Vosteran.xml
[2014/12/23 19:26:33 | 000,008,141 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\yahoo_ff.xml
[2014/12/18 10:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/18 10:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/12/18 10:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/18 10:00:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = http://api.searchpre...={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: RivalGaming Addon (Enabled) = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha\0.5.4_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncebfkpboiagfoihpgjknfkkkpaphjk\1.5_1\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\
CHR - Extension: No name found = C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll (weDownload)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [ACSW14EN] C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [ACSW17EN] C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NETGEAR USB Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [VIDC04EN] C:\Program Files (x86)\ACD Systems\ACDSee Video Converter 4.1\acdIDInTouch2.exe (ACD Systems)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Norm\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_13722F0580CA191EC89E26C74285026F] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9:64bit: - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9:64bit: - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9 - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O9 - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9DE30F4-74F0-46BD-ACD7-46D35606D948}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Norm\AppData\Roaming\skype.dat) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ab7d94d-9960-11e3-97ee-000272a92cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab7d94d-9960-11e3-97ee-000272a92cfd}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/04 13:58:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Norm\Desktop\OTL.exe
[2015/01/03 18:51:58 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/03 18:51:36 | 002,123,776 | ---- | C] (Farbar) -- C:\Users\Norm\Desktop\FRST64.exe
[2015/01/03 11:02:11 | 000,040,248 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe
[2015/01/03 11:02:11 | 000,029,496 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll
[2015/01/03 11:02:11 | 000,025,400 | ---- | C] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll
[2015/01/03 11:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
[2015/01/03 10:58:24 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Local\Avg
[2014/12/31 12:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite
[2014/12/30 22:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/30 21:35:44 | 000,000,000 | ---D | C] -- C:\Users\Norm\Documents\Chrome
[2014/12/30 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Roaming\AVG2015
[2014/12/30 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/12/30 16:10:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/12/30 16:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/12/30 14:21:27 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Local\Avg2015
[2014/12/30 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Local\Avg2014
[2014/12/30 12:31:10 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/30 11:14:13 | 000,189,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.31b0.deleteme
[2014/12/30 11:05:27 | 000,189,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.3078.deleteme
[2014/12/29 17:47:25 | 000,000,000 | ---D | C] -- C:\stinger
[2014/12/29 17:38:11 | 000,000,000 | ---D | C] -- C:\Quarantine
[2014/12/29 10:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/12/29 08:17:56 | 000,000,000 | ---D | C] -- C:\Users\Norm\Documents\del
[2014/12/28 17:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverRestore
[2014/12/28 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Local\Vosteran
[2014/12/28 14:07:37 | 000,020,872 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2014/12/28 14:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[2014/12/28 14:05:33 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Roaming\WSE_Vosteran
[2014/12/28 11:34:37 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Roaming\SparkTrust
[2014/12/28 11:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2014/12/23 18:05:20 | 000,000,000 | ---D | C] -- C:\Elwood Software
[2014/12/23 16:48:58 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Roaming\StatTrak Address Manager
[2014/12/23 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\Norm\Documents\StatTrak Address Manager
[2014/12/23 15:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-Pro Software
[2014/12/18 10:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/17 15:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/12/16 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Norm\Documents\TempDoc
[2014/12/11 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Norm\AppData\Local\{040D2414-9CC3-4E56-9880-A87CB8C55660}
[2014/12/11 07:39:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/08 21:24:26 | 000,260,888 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[28 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/04 13:59:10 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/04 13:59:10 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/04 13:59:10 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/04 13:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Norm\Desktop\OTL.exe
[2015/01/04 13:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/04 13:22:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/04 08:27:19 | 000,022,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/04 08:27:19 | 000,022,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/04 08:21:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/04 08:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/04 08:17:38 | 1945,608,191 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/03 18:40:16 | 002,123,776 | ---- | M] (Farbar) -- C:\Users\Norm\Desktop\FRST64.exe
[2015/01/03 11:28:09 | 000,020,830 | ---- | M] () -- C:\Users\Norm\Documents\MyInfo.kdbx
[2015/01/03 11:01:54 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2015/01/03 11:01:54 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
[2014/12/31 08:11:36 | 000,002,283 | ---- | M] () -- C:\Users\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/30 22:09:34 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/30 16:10:59 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/12/28 15:06:38 | 000,000,010 | ---- | M] () -- C:\Users\Norm\AppData\Local\DSI.DAT
[2014/12/28 15:06:24 | 000,000,226 | ---- | M] () -- C:\Users\Norm\AppData\Roaming\WB.CFG
[2014/12/26 22:15:08 | 000,000,978 | ---- | M] () -- C:\Users\Norm\Desktop\Backup1.cmd - Shortcut.lnk
[2014/12/24 09:22:47 | 000,014,878 | ---- | M] () -- C:\Users\Norm\Documents\Addresses-2.csv
[2014/12/23 16:13:42 | 000,001,113 | ---- | M] () -- C:\Users\Norm\Documents\Addresses_1.csv
[2014/12/23 15:10:16 | 000,114,688 | ---- | M] () -- C:\Users\Norm\Documents\ContactKeeper.mdb
[2014/12/23 12:59:06 | 000,010,272 | ---- | M] () -- C:\Users\Norm\Documents\Addresses Query.pdf
[2014/12/21 10:13:37 | 000,002,048 | ---- | M] () -- C:\Users\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/12/17 15:51:32 | 000,002,114 | ---- | M] () -- C:\Users\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/12/16 19:31:20 | 000,000,355 | ---- | M] () -- C:\Users\Norm\Desktop\Computer - Shortcut.lnk
[2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/12/06 07:12:12 | 000,438,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[28 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/03 11:01:54 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2015/01/03 11:01:54 | 000,002,203 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
[2015/01/03 11:01:53 | 000,002,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
[2014/12/30 22:09:34 | 000,002,283 | ---- | C] () -- C:\Users\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/30 22:09:34 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/30 16:10:59 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/12/28 15:06:38 | 000,000,010 | ---- | C] () -- C:\Users\Norm\AppData\Local\DSI.DAT
[2014/12/26 22:07:55 | 000,000,978 | ---- | C] () -- C:\Users\Norm\Desktop\Backup1.cmd - Shortcut.lnk
[2014/12/23 18:19:45 | 000,014,878 | ---- | C] () -- C:\Users\Norm\Documents\Addresses-2.csv
[2014/12/23 16:07:39 | 000,001,113 | ---- | C] () -- C:\Users\Norm\Documents\Addresses_1.csv
[2014/12/23 14:58:40 | 000,114,688 | ---- | C] () -- C:\Users\Norm\Documents\ContactKeeper.mdb
[2014/12/23 12:56:18 | 000,010,272 | ---- | C] () -- C:\Users\Norm\Documents\Addresses Query.pdf
[2014/12/16 19:31:20 | 000,000,355 | ---- | C] () -- C:\Users\Norm\Desktop\Computer - Shortcut.lnk
[2014/10/09 10:10:53 | 000,000,064 | ---- | C] () -- C:\Users\Norm\AppData\Local\eabb7061177c578f3330c42e293d6adb
[2013/09/22 16:07:01 | 000,000,226 | ---- | C] () -- C:\Users\Norm\AppData\Roaming\WB.CFG
[2013/03/19 09:56:47 | 000,000,004 | ---- | C] () -- C:\Users\Norm\AppData\Roaming\skype.ini
[2012/07/22 14:11:00 | 000,031,465 | ---- | C] () -- C:\Users\Norm\AppData\Local\funmoods.crx
[2012/02/10 20:53:11 | 000,001,240 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/04/13 16:55:58 | 052,989,952 | ---- | C] () -- C:\Users\Norm\JAMES3.QDF-backup
[2011/03/27 21:55:20 | 000,044,544 | ---- | C] () -- C:\Users\Norm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 14:47:11 | 000,007,600 | ---- | C] () -- C:\Users\Norm\AppData\Local\resmon.resmoncfg
[2009/10/30 11:13:49 | 000,061,224 | ---- | C] () -- C:\Users\Norm\GoToAssistDownloadHelper.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/13 07:29:43 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\ACD Systems
[2013/07/12 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\AnvSoft
[2013/09/13 15:25:45 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Audacity
[2015/01/03 11:01:24 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\AVG
[2014/12/30 16:11:57 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\AVG2015
[2012/01/22 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Babylon
[2011/03/25 18:44:57 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Barnes & Noble
[2012/12/23 07:50:39 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\DriverCure
[2013/04/11 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\DSite
[2011/04/08 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\EPSON
[2013/11/10 14:42:16 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\FamilyTreeMaker
[2013/05/30 16:07:16 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Funmoods
[2013/06/18 14:06:23 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\GrabPro
[2014/10/15 08:39:38 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Green Parrots Software
[2014/10/01 07:19:14 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\ISpeedPC
[2015/01/03 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\KeePass
[2011/03/25 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Leadertech
[2012/01/16 14:02:30 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Nokia
[2011/03/28 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Nokia Ovi Suite
[2012/01/16 13:43:36 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Nokia Suite
[2013/07/12 11:51:27 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\OpenCandy
[2013/10/14 08:29:22 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\OpenOffice
[2011/03/25 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\OpenOffice.org
[2014/08/12 06:37:19 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Oracle
[2013/06/18 14:19:19 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Orbit
[2012/12/23 07:50:38 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\ParetoLogic
[2013/04/14 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\PC Suite
[2013/06/18 14:06:29 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\ProgSense
[2014/11/15 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\SketchUp
[2012/03/21 08:13:24 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Softland
[2014/12/28 11:34:37 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\SparkTrust
[2014/12/23 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\StatTrak Address Manager
[2013/05/22 13:12:41 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Strongvault
[2014/10/12 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\TextPad
[2011/04/29 15:47:29 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Thunderbird
[2011/03/25 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\TomTom
[2013/02/17 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\TuneUp Software
[2013/10/19 13:41:48 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Tyre
[2014/12/05 10:35:25 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\VideoPerformer
[2011/03/27 09:02:54 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\Windows Live Writer
[2014/12/28 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\Norm\AppData\Roaming\WSE_Vosteran
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Norm\Documents\hedge.jpg:Roxio EMC Stream
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 

 


  • 0

Advertisements


#2
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here is the Extras.txt from OLT.exe

 

OTL Extras logfile created on: 1/4/2015 1:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Norm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 70.01% Memory free
15.50 Gb Paging File | 12.80 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 708.16 Gb Free Space | 76.02% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 166.59 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive E: | 488.71 Mb Total Space | 449.03 Mb Free Space | 91.88% Space Free | Partition Type: FAT
Drive F: | 372.61 Gb Total Space | 136.59 Gb Free Space | 36.66% Space Free | Partition Type: NTFS
 
Computer Name: NORM-PC | User Name: Norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee 17.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\ACDSeeQV17.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee 17.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\17.0\ACDSeeQV17.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\TRENDnet\PS Monitor\PsMon.exe" = C:\Program Files (x86)\TRENDnet\PS Monitor\PsMon.exe:*:Enabled:PsMonitor -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\TRENDnet\PS Monitor\PsMon.exe" = C:\Program Files (x86)\TRENDnet\PS Monitor\PsMon.exe:*:Enabled:PsMonitor -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BBD912-86A5-4D04-AE11-3E238DEB554C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{05BAFE28-B1CB-4BD7-85AF-508D99A56A46}" = rport=137 | protocol=17 | dir=out | app=system | 
"{09BF8C67-5489-4DDD-934A-169953FE370A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C4D73A1-8C12-4C1C-B493-8A7EA8AF9090}" = lport=445 | protocol=6 | dir=in | app=system | 
"{137B2D1B-0762-4AA4-961E-0DFAA663C534}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19ADD35C-73EA-4C25-9869-73A0F3891747}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{206DB815-0192-4457-836C-D334914DADD0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{212F7C9A-B45C-4077-A8D4-109A488DFB36}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2B03DC27-A062-42DF-AC23-CB099F4963E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D75AE7D-468E-4554-8507-1190A5973597}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{42CA9DC1-E699-42A9-91DD-CE0CF3459E83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{45EF9A86-5E61-490A-A1A2-47908BBE708C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55B63CD6-ABC2-46A4-85CB-9ACCA8CC6C31}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{57A9D511-F541-435A-BAC3-8B08D01FBE2A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{611D885A-C7FB-4AF8-A4BB-B3747718E9B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{666E86C7-8F54-4DB3-9D22-A1145471D2A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{703E0C1F-F5DF-4B33-B429-6FFD7BFD2FE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{782E5133-3E49-4747-B4A5-BB607F5BDD4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{78D49AD9-D0A5-43AC-B2EB-FC3E52FB0392}" = lport=7423 | protocol=17 | dir=in | name=netgear usb control center udp port | 
"{7990DA4F-AD50-41C2-802B-9E8F8E43502B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8ABE0251-5E64-4EFE-A4B3-ACC8F50B9258}" = lport=7423 | protocol=17 | dir=in | name=netgear usb control center udp port | 
"{917A9BD4-4F74-45B6-AB7C-3A0EC5DD36E8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{933876CE-9DD0-4E48-8B2E-734519841F33}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{9BEF5A87-FC28-4683-BC01-CC87A9D09A4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D2B7528-C1EF-4369-B74F-DAFB62F3C9CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A77F087D-8524-4635-9173-0DD7615214B9}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | 
"{AA6104F5-EA03-4B84-A19B-99910956D409}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AD1F9BEA-B2C6-4B9E-9712-DE28371626A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAF8F5D3-3ECA-4775-A72E-CCC08F6B8023}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BCC0FE67-0203-429F-8A60-9353EE0E3606}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{BD861EDA-8D92-48DD-BEC8-5E0BDD1515C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CB8140B0-26FD-43E5-B3CD-534BF36EBDDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D24B0B59-B62B-4DD6-B7BA-77D4FB88DCA6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DACAD36C-1CB7-4F46-90B3-1345064168DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E1BD306D-AD8A-4AC0-B995-265356ABEBAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E590F55A-DA6A-4324-9FAB-0EEF4BDA6A3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA2B021B-E5BF-47D7-9AE6-F1FDE4A8BB2A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | 
"{F0B07849-169C-4BFC-95CB-B69C36705B91}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F12D0443-CE1E-4EFD-B722-760688097D7E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{F8DED301-6E74-42E1-A10D-5D5D65B107B0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FB522EF2-13FD-4AE8-B6DC-CCADC9CC38B5}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DEEA6C-D119-4606-8A13-EAFCE85D2721}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{02691D83-BB63-440E-8E0F-24CE8886F651}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{02A3FF3D-47C8-49A4-994B-925C67F554AC}" = protocol=1 | dir=out | [email protected],-28544 | 
"{08561FB2-A556-4FFE-89DF-4A391207CB78}" = dir=in | app=c:\program files (x86)\mediamall\playmark.exe | 
"{08C2A831-AF71-4451-8B33-9DB434260F5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C6B18F5-20BF-4D38-9986-AF14823A9184}" = protocol=58 | dir=in | [email protected],-28545 | 
"{274CF270-EB13-4B18-902B-F5120D77AE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe | 
"{323F2657-AE77-4DBD-807B-EE5146FF4DA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37362A2D-9055-45BC-B0E6-E2B69542B4AA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{3A34CC7E-748E-4162-9175-F3E26F14698A}" = dir=in | app=c:\program files (x86)\mediamall\surfer.exe | 
"{4065EFD8-AC9A-4B0D-9F5B-0ED0775D49A4}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{423C560B-2893-40C0-8FD4-275DCEC8B3FC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C686A9F-2021-4C8A-8C27-3AFEC41803FD}" = protocol=17 | dir=in | app=c:\program files (x86)\netgear\usb control center\control center.exe | 
"{538ACE21-2864-446D-BF5C-77AB73F6A29C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57EB03F0-B5EA-4C1E-AC36-125D57ECD969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D8A1E6A-E60F-465A-A5E0-0ADECA66DDD3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{60C9AD21-4BB2-4623-B3A7-2C4F3BE8CED7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6312701A-12C3-4B43-A086-9578FC6D86B9}" = dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe | 
"{6FEA1DF6-729F-4151-B114-EAEA72D6FD7E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{739A1302-F529-453F-8B3C-6DE7FFF40538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{747EDB21-3F38-4844-BF74-BBB4F050E95D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{7A7B47DA-2D58-4CED-8300-512803AA344A}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{7FA743AF-9501-4F1A-A591-747F13ED39CD}" = protocol=6 | dir=out | app=system | 
"{8C287830-F8D1-41A1-8AAC-B0F50C5BCD4F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | 
"{936746FB-5527-469B-9DDF-0436CF9A7836}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{94F24609-F901-4115-A295-0166D914D8D5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98A684D4-A135-4054-AD42-F9BB81B387EE}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{99D0241B-E2FF-4170-926C-FA4F80EBA535}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{A3AA7682-81B2-442C-9B96-83423F2BDB39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB3643E7-3126-4857-B340-31741C834A2F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | 
"{AEC5CA47-DA79-4665-99BD-758D8B378776}" = protocol=58 | dir=out | [email protected],-28546 | 
"{B4B1EAFD-2E53-4E9A-B1DB-5A0F94F134D0}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{BFD02C13-0A48-4B1B-88B8-CDE78D6F3D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\netgear\usb control center\control center.exe | 
"{C03CE011-27E0-4B77-AC3B-8B9FDB941FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | 
"{C2CAF616-71F4-4076-822B-A405573B7479}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | 
"{C4992035-875C-406E-AC20-36154F6A77DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | 
"{C631E550-E835-40EC-9CBE-1C3EF3F38CE2}" = protocol=1 | dir=in | [email protected],-28543 | 
"{C6DB093A-F52F-459E-A45A-B44EA333BB3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE5C1D24-9861-41CB-B50F-E70CF70E0FF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CFCD63D8-183A-4AA6-AD74-47BB938F6E91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D0FF6FC7-5817-4119-9B84-4419B44EF6BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1705B22-245F-4277-A7D2-5217EF7298CA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe | 
"{D3D44FC1-0A03-4AB6-8902-7C1B8990F738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2573C49-F6AC-40D4-9E85-E0537917A94D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E5273DB2-DD0F-4E93-B0E7-7B55FAB09F66}" = dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe | 
"{EBA4F5F6-EB4E-432D-8CEC-82FF2429F089}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0E8D45A-EA8D-44E7-96A7-D8E63309B4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | 
"{FFE8121D-CD0C-462D-8EA1-551BDDCC0D61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{2B6FE2AC-8ED9-4BEB-97A3-5B0676A702BC}C:\program files (x86)\trendnet\ps monitor\psmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendnet\ps monitor\psmon.exe | 
"TCP Query User{2EBD8799-B963-4DAA-817C-6C54FF03476E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{5A5855A9-6C52-4618-97D8-6FD526AD0475}C:\program files (x86)\trendnet\ps monitor\psmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendnet\ps monitor\psmon.exe | 
"TCP Query User{C556024B-7A1F-4969-AF2B-820C2B399A95}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{C5B34DFD-0A4A-4978-B6BF-99A5487F03AB}C:\program files (x86)\netgear\usb control center\control center.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear\usb control center\control center.exe | 
"UDP Query User{79B193D5-2A28-4FC0-AE9A-32B2313643DA}C:\program files (x86)\trendnet\ps monitor\psmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendnet\ps monitor\psmon.exe | 
"UDP Query User{80FA62F8-A75A-4A1B-9D15-0063714BC0A8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{B0AF9A25-25B9-4101-B950-4433C9DD2D50}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{BA6BBC2F-4FE8-4BE3-93EE-A8DE845955A4}C:\program files (x86)\netgear\usb control center\control center.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear\usb control center\control center.exe | 
"UDP Query User{D7620ACA-27D6-4F63-8C15-16FA17F2E6CA}C:\program files (x86)\trendnet\ps monitor\psmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendnet\ps monitor\psmon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AB56376-F70E-4951-A097-27CFEC34E5ED}" = AVG 2015
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2369561B-FD79-47F0-905D-B5FC7BAA9C80}" = LinksysEasyLinkAdvisor
"{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
"{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}" = iCloud
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{350CC85B-CA59-4F85-909D-8E4CDBF532FA}" = BCL easyConverter SDK 3 (Word Version) 64
"{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}" = Family Tree Maker 2014
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EF8686B-303C-4F8A-9A3B-2AD5ACA05706}" = AVG 2015
"{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}" = SketchUp 2015
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"AVG" = AVG 2015
"Canon LBP6000/LBP6018" = Canon LBP6000/LBP6018
"novaPDF Professional Desktop 7 printer_is1" = novaPDF Professional Desktop 7.7 printer
"novaPDF Standard Desktop 7 printer_is1" = novaPDF Standard Desktop 7.6 printer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00C2D443-43D9-4550-ABEA-318288E23E57}" = Quicken 2015
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{124CA4D3-B532-4D1F-98C4-E8035DB39E2F}" = Microsoft Store Download Manager
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35EEDA1E-9D45-4580-8554-734F45D48A73}" = TurboTax 2014 WinPerFedFormset
"{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}" = MasterCook Deluxe
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}" = NETGEAR USB Control Center  
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC74ED1-719B-46DA-8B8A-340FBF892291}" = AVG PC TuneUp 2015 (en-US)
"{4B95A7D0-AF67-4916-9433-C18B9969E9D4}" = PS-Utility
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A80851B-5BEF-47C1-A04C-51A963BB5E6E}" = DesignCAD Express 16
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}" = Kaspersky Security Scan
"{5FB042CB-B08A-481E-B076-DC6D0FEB0595}" = TurboTax 2014 WinPerTaxSupport
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B20EE79-2049-49BC-BC46-17A040EE3C2E}" = PS-Wizard
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}" = TomTom HOME
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}" = LightScribe Template Labeler
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}" = Whisper 32
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A47900DC-2011-46C8-8E07-5BDD9D83DE47}" = ACDSee 17
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A996C182-3724-4DF1-A4BC-66154FE57DFE}" = AVG PC TuneUp 2015
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD01103-AC47-4314-9DC3-B1C8BC94AD68}" = TurboTax 2013 wnyiper
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C60F3836-333A-4AE2-B526-CFDBA143A9BA}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}" = Nokia Suite
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EF225F7C-34D6-494D-AF7D-11CFB58F92E6}" = PlayOn
"{EF23717A-FC30-41DC-ADBF-7FA2907E2969}" = PS Monitor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F2283AA1-869C-4497-8F18-09E36C67A014}" = TurboTax 2014 WinPerReleaseEngine
"{F246092E-FA0B-47C8-9D3E-CF8C210293C8}" = SketchUp 2014
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5890CC6-26B7-481E-A90E-ACE938AD294F}" = TurboTax 2014 wrapper
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ACDSee_acdVC" = ACDSee Video Converter 4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Any Video Converter_is1" = Any Video Converter 5.0.7
"Audacity_is1" = Audacity 2.0.3
"AVG PC TuneUp" = AVG PC TuneUp 2015
"BN_DesktopReader" = NOOK for PC
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2010" = Family Tree Maker 2010
"Google Chrome" = Google Chrome
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2369561B-FD79-47F0-905D-B5FC7BAA9C80}" = LinksysEasyLinkAdvisor
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.24
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.700
"NETGEAR Genie" = NETGEAR Genie
"Nokia Suite" = Nokia Suite
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"The weDownload Manager" = The weDownload Manager
"TurboTax 2013" = TurboTax 2013
"TurboTax 2014" = TurboTax 2014
"Tyre_is1" = Tyre
"VLC media player" = VLC media player
"WePrint" = WePrint
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"RivalGaming" = RivalGaming
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/30/2014 9:44:57 AM | Computer Name = Norm-PC | Source = Application Hang | ID = 1002
Description = The program NETGEARGenie.exe version 2.3.1.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e98    Start
 Time: 01d024362886c5c1    Termination Time: 5    Application Path: C:\Program Files (x86)\NETGEAR
 Genie\bin\NETGEARGenie.exe    Report Id: 03404006-902a-11e4-aafd-000272a92cfd  
 
Error - 12/30/2014 10:35:51 AM | Computer Name = Norm-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 12/30/2014 10:35:51 AM | Computer Name = Norm-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 12/30/2014 11:58:03 AM | Computer Name = Norm-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary AVGIDSDriver.  System Error: The system cannot find the file specified.  .
 
Error - 12/30/2014 12:17:36 PM | Computer Name = Norm-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm\Downloads\SoftonicDownloader_for_contactkeeper.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 12/30/2014 1:31:42 PM | Computer Name = Norm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17496,
 time stamp: 0x525b8623  Faulting module name: MSHTML.dll, version: 11.0.9600.17496,
 time stamp: 0x546ff2f9  Exception code: 0xc00000fd  Fault offset: 0x0011fb5c  Faulting
 process id: 0x19f4  Faulting application start time: 0x01d0245665b0b7d7  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MSHTML.dll
Report
 Id: b7532c12-9049-11e4-9c3a-000272a92cfd
 
Error - 12/30/2014 1:34:29 PM | Computer Name = Norm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 017297~1.EXE, version: 8.6.154.0, time 
stamp: 0x53e5162a  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00a42b48  Faulting process id: 0x5c0  Faulting application
 start time: 0x01d02456d0302810  Faulting application path: C:\Users\Norm\AppData\Local\Temp\017297~1.EXE
Faulting
 module path: unknown  Report Id: 1ae5405f-904a-11e4-86d2-000272a92cfd
 
Error - 12/30/2014 2:59:01 PM | Computer Name = Norm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 017297~1.EXE, version: 8.6.154.0, time 
stamp: 0x53e5162a  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00702b48  Faulting process id: 0x5c8  Faulting application
 start time: 0x01d024629f5af0fd  Faulting application path: C:\Users\Norm\AppData\Local\Temp\017297~1.EXE
Faulting
 module path: unknown  Report Id: ea253efd-9055-11e4-a459-000272a92cfd
 
Error - 12/31/2014 1:03:52 PM | Computer Name = Norm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17496,
 time stamp: 0x4a5bc959  Faulting module name: MSHTML.dll, version: 11.0.9600.17496,
 time stamp: 0x546ff2f9  Exception code: 0xc00000fd  Fault offset: 0x0011fb5c  Faulting
 process id: 0x1ed8  Faulting application start time: 0x01d0251b90b42665  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MSHTML.dll
Report
 Id: fee2f686-910e-11e4-a2fe-000272a92cfd
 
Error - 1/2/2015 11:19:10 AM | Computer Name = Norm-PC | Source = Application | ID = 0
Description = 
 
Error - 1/3/2015 12:43:03 PM | Computer Name = Norm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17496,
 time stamp: 0x4a5bcbb4  Faulting module name: MSHTML.dll, version: 11.0.9600.17496,
 time stamp: 0x546ff2f9  Exception code: 0xc00000fd  Fault offset: 0x0007ce49  Faulting
 process id: 0x2a50  Faulting application start time: 0x01d0277431352ccb  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MSHTML.dll
Report
 Id: 951a1713-9367-11e4-91ef-000272a92cfd
 
[ Media Center Events ]
Error - 12/16/2014 9:17:56 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:17:55 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 9:18:03 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:18:03 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 9:18:05 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:18:04 AM - Failed to retrieve SportsV2 (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 9:18:06 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:18:06 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 10:18:45 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 9:18:43 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 11:19:15 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 10:19:14 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 7:33:34 PM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 6:33:30 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 12/17/2014 8:54:52 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 7:54:52 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 12/17/2014 9:55:15 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:55:14 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 12/21/2014 9:01:13 AM | Computer Name = Norm-PC | Source = MCUpdate | ID = 0
Description = 8:01:13 AM - Failed to retrieve SportsV2 (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 1/3/2015 11:15:27 PM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 1/4/2015 12:13:55 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 1/4/2015 12:17:31 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 1/4/2015 12:17:51 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 1/4/2015 9:17:15 AM | Computer Name = Norm-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
 due to a known firmware problem. Check with the computer manufacturer for updated
 firmware.
 
Error - 1/4/2015 9:17:29 AM | Computer Name = Norm-PC | Source = BTHUSB | ID = 327685
Description = The Bluetooth driver expected an HCI event with a certain size but
 did not receive it.
 
Error - 1/4/2015 9:17:47 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7003
Description = The AirPrint service depends the following service: Bonjour Service.
 This service might not be installed.
 
Error - 1/4/2015 9:18:46 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   bbnfd_1_10_0_2
 
Error - 1/4/2015 9:22:15 AM | Computer Name = Norm-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/4/2015 9:23:35 AM | Computer Name = Norm-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Search service hung on starting.
 
 
< End of report >

  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Welcome to the site :)

 

Yes, I do see some issues in this log. However, I'd like to see a scan with another tool before I start any Cleaning/Removal, so please perform the following scan.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#4
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks for the help!!!

Here are the log files from FRST64.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Norm (administrator) on NORM-PC on 05-01-2015 09:40:39
Running from C:\Users\Norm\Desktop
Loaded Profile: Norm (Available profiles: Norm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ACSW14EN] => C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe [1231472 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NETGEAR USB Control Center] => C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4139008 2012-09-20] ()
HKLM-x32\...\Run: [VIDC04EN] => C:\Program Files (x86)\ACD Systems\ACDSee Video Converter 4.1\acdIDInTouch2.exe [1480008 2014-03-05] (ACD Systems)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1470280 2014-03-05] (ACD Systems)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Norm\AppData\Local\Akamai\netsession_win.exe [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-25] (Google Inc.)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [] => [X]
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [GoogleChromeAutoLaunch_13722F0580CA191EC89E26C74285026F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\MountPoints2: {3ab7d94d-9960-11e3-97ee-000272a92cfd} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Norm\AppData\Roaming\skype.dat <==== ATTENTION 
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-oc
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.tvguid...s/?rnd=705.5475
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...a-1067aba099b2,
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {F277C811-E1FF-46A7-95F9-1127EB5F3940} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/...=1783797077&ir=
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/...=1783797077&ir=
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...40F000272A92CFD
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {10A3D284-33C1-4352-BC60-F98875ACDD80} URL = http://search.avg.co...{language}&nt=1
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {1EB9BA02-CFF9-46DF-B54F-897311B50A6C} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {41A0E243-58AD-4A50-BE0D-865A6EC16A2B} URL = http://websearch.ask...55-ADEBD335CFDB
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {7EA95CA4-39AC-432B-9EEE-F2B4F2A4B215} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...a-1067aba099b2,
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {E6490549-FF9D-4ED3-8B36-65CDEEEBD933} URL = http://us.yhs4.searc...&type=tb_ie_chr
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {F277C811-E1FF-46A7-95F9-1127EB5F3940} URL = http://search.condui...1129379182&UM=2
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {F8E074EF-2AB5-42A4-B0F9-DA7A0E280E1A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {F9610B63-BDF5-4846-BBE0-39671FA42A41} URL = http://search.yahoo....rtPage?}&fr=ie8
BHO: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll (weDownload)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI=UN39878921622633257&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://www.tvguide.com/Listings/
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN39878921622633257&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\user.js
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\vafmusic2-customized-web-search.xml
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\yahoo_ff.xml
FF Extension: RivalGaming  - C:\Users\Norm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-04-30]
FF Extension: The weDownload Manager - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\[email protected]e264651bb.com [2015-01-03]
FF Extension: Funmoods.com - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\[email protected] [2012-07-22]
FF Extension: PlayOn - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\[email protected] [2014-09-05]
FF Extension: Ancestry.com Advanced Image Viewer - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\[email protected] [2009-09-20]
FF Extension: Yahoo! Toolbar - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
FF Extension: Vafmusic2  - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e} [2014-11-13]
FF Extension: Firebug - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\[email protected] [2011-03-26]
FF Extension: NoScript - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-02]
FF Extension: Procon Latte Content Filter - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2011-09-08]
FF Extension: Adblock Plus - C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{6311158d-1248-4c22-b80e-0fce899a0c7c}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=&cd=&cr=&ir=
CHR StartupUrls: Default -> "hxxp://www.13wham.com/", "hxxp://www.cnn.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (PDF Mergy) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2013-11-23]
CHR Extension: (New Tab Aid) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncebfkpboiagfoihpgjknfkkkpaphjk [2014-12-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Vosteran New Tab) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2014-12-28]
CHR Extension: (Gmail) - C:\Users\Norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Norm\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-06]
CHR HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Norm\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Norm\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2010-10-07] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-25] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5795120 2014-11-04] (MediaMall Technologies, Inc.)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2010-02-08] (Smith Micro Software, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2011-02-07] (MediaMall Technologies, Inc.)
R3 NetgearUDSMBus; C:\Windows\System32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows ® Codename Longhorn DDK provider)
R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 NetgearUDSTcpBus; C:\Windows\System32\drivers\NetgearUDSTcpBus.sys [183584 2012-08-13] (Windows ® Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys [153600 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-11-18] (CACE Technologies, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-11-24] (TuneUp Software)
S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 09:40 - 2015-01-05 09:41 - 00033122 _____ () C:\Users\Norm\Desktop\FRST.txt
2015-01-04 14:12 - 2015-01-04 14:12 - 00091616 _____ () C:\Users\Norm\Desktop\Extras.Txt
2015-01-04 14:10 - 2015-01-04 14:10 - 00154624 _____ () C:\Users\Norm\Desktop\OTL.Txt
2015-01-04 13:58 - 2015-01-04 13:56 - 00602112 _____ (OldTimer Tools) C:\Users\Norm\Desktop\OTL.exe
2015-01-04 09:26 - 2015-01-04 09:26 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-01-03 19:14 - 2015-01-03 23:12 - 00238423 _____ () C:\Users\Norm\Desktop\avgrep.txt
2015-01-03 18:51 - 2015-01-05 09:40 - 00000000 ____D () C:\FRST
2015-01-03 18:51 - 2015-01-03 18:40 - 02123776 _____ (Farbar) C:\Users\Norm\Desktop\FRST64.exe
2015-01-03 13:00 - 2015-01-03 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:35 - 2015-01-03 12:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-01-03 11:02 - 2014-11-24 12:48 - 00040248 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-01-03 11:02 - 2014-11-24 12:48 - 00029496 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-01-03 11:02 - 2014-11-24 12:48 - 00025400 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-01-03 11:01 - 2015-01-03 11:01 - 00002229 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2015-01-03 11:01 - 2015-01-03 11:01 - 00002215 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-01-03 11:01 - 2015-01-03 11:01 - 00002203 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-01-03 11:01 - 2015-01-03 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2015-01-03 10:58 - 2015-01-03 10:58 - 00000000 ____D () C:\Users\Norm\AppData\Local\Avg
2015-01-03 10:56 - 2015-01-03 10:57 - 90844984 _____ (AVG Technologies) C:\Users\Norm\Downloads\avg_tuht_stf_all_2015_238.exe
2015-01-03 10:19 - 2015-01-03 10:19 - 00207848 _____ () C:\Users\Norm\Downloads\AVG Web TuneUp.exe
2014-12-31 12:21 - 2014-12-31 12:21 - 00000000 ____D () C:\Program Files (x86)\DLLSuite
2014-12-31 12:20 - 2014-12-31 12:21 - 16578402 _____ ( ) C:\Users\Norm\Downloads\DLLSuite_Setup.exe
2014-12-30 22:09 - 2014-12-30 22:09 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 22:09 - 2014-12-30 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-30 22:08 - 2014-12-30 22:08 - 00880784 _____ (Google Inc.) C:\Users\Norm\Downloads\ChromeSetup.exe
2014-12-30 21:35 - 2014-12-30 21:39 - 00000000 ____D () C:\Users\Norm\Documents\Chrome
2014-12-30 21:07 - 2014-12-30 21:32 - 00000253 _____ () C:\Users\Norm\Documents\Chrome_Bookmarks.txt
2014-12-30 16:11 - 2014-12-30 16:11 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\AVG2015
2014-12-30 16:10 - 2014-12-30 16:11 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-30 16:10 - 2014-12-30 16:10 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-30 16:10 - 2014-12-30 16:10 - 00000000 ___HD () C:\$AVG
2014-12-30 16:10 - 2014-12-30 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-30 14:21 - 2014-12-30 16:28 - 00000000 ____D () C:\Users\Norm\AppData\Local\Avg2015
2014-12-30 14:20 - 2014-12-30 14:20 - 00000000 ____D () C:\Users\Norm\AppData\Local\Avg2014
2014-12-30 12:29 - 2014-12-30 12:29 - 03480040 _____ (McAfee, Inc.) C:\Users\Norm\Downloads\MCPR.exe
2014-12-30 12:25 - 2014-12-29 10:06 - 05292448 _____ (McAfee, Inc.) C:\Users\Norm\Downloads\McAfeeSetup.exe
2014-12-30 11:14 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.31b0.deleteme
2014-12-30 11:05 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.3078.deleteme
2014-12-29 17:47 - 2014-12-30 13:35 - 00000000 ____D () C:\stinger
2014-12-29 17:46 - 2014-12-29 17:46 - 14340389 _____ () C:\Users\Norm\Downloads\stinger64-epo.zip
2014-12-29 17:38 - 2014-12-30 13:52 - 00000000 ____D () C:\Quarantine
2014-12-29 11:03 - 2014-12-29 15:24 - 00234505 _____ () C:\Windows\system32\avgrep.txt
2014-12-29 10:50 - 2014-12-30 16:53 - 00000000 ____D () C:\Program Files\McAfee
2014-12-29 08:17 - 2014-12-29 08:17 - 00000000 ____D () C:\Users\Norm\Documents\del
2014-12-28 20:27 - 2014-12-28 20:27 - 00000900 _____ () C:\Users\Norm\Documents\cup Problem.txt
2014-12-28 17:28 - 2014-12-28 17:28 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-12-28 15:06 - 2014-12-28 15:06 - 00000010 _____ () C:\Users\Norm\AppData\Local\DSI.DAT
2014-12-28 14:07 - 2014-12-28 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-12-28 14:07 - 2014-12-28 17:27 - 00000000 ____D () C:\Users\Norm\AppData\Local\Vosteran
2014-12-28 14:07 - 2014-07-01 12:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-12-28 14:05 - 2014-12-28 14:06 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\WSE_Vosteran
2014-12-28 14:04 - 2014-12-28 14:04 - 01055936 _____ (Adobe) C:\Users\Norm\Downloads\flash_setup.exe
2014-12-28 13:58 - 2014-12-28 13:58 - 00828440 _____ ( ) C:\Users\Norm\Downloads\adobe_flash_setup.exe
2014-12-28 11:34 - 2014-12-28 11:34 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\SparkTrust
2014-12-28 11:33 - 2014-12-28 17:26 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-12-28 11:31 - 2014-12-28 11:31 - 06835224 _____ (SparkTrust) C:\Users\Norm\Downloads\SparkTrust PC Cleaner Plus Setup_ea338af_.exe
2014-12-26 22:08 - 2014-12-26 22:14 - 00293196 _____ () C:\Backup.Log
2014-12-26 22:07 - 2014-12-26 22:15 - 00000978 _____ () C:\Users\Norm\Desktop\Backup1.cmd - Shortcut.lnk
2014-12-26 17:35 - 2014-12-26 17:35 - 04641208 _____ (AVG Technologies) C:\Users\Norm\Downloads\avg_isc_stb_all_2015_5645.exe
2014-12-24 12:40 - 2014-12-24 12:40 - 00000000 _____ () C:\A677.tmp
2014-12-24 12:37 - 2014-12-24 12:37 - 00000000 _____ () C:\3E29.tmp
2014-12-24 12:36 - 2014-12-24 12:36 - 00000000 _____ () C:\28A8.tmp
2014-12-24 12:35 - 2014-12-24 12:35 - 00000000 _____ () C:\7D7F.tmp
2014-12-24 12:04 - 2014-12-24 12:04 - 00000000 _____ () C:\694B.tmp
2014-12-24 12:03 - 2014-12-24 12:03 - 00000000 _____ () C:\6491.tmp
2014-12-24 11:42 - 2014-12-24 11:42 - 00000000 _____ () C:\4887.tmp
2014-12-24 11:41 - 2014-12-24 11:41 - 00000000 _____ () C:\DE2.tmp
2014-12-24 11:05 - 2014-12-24 11:05 - 00000000 _____ () C:\1579.tmp
2014-12-23 20:09 - 2014-12-23 20:09 - 00000000 _____ () C:\DD47.tmp
2014-12-23 20:08 - 2014-12-23 20:08 - 00000000 _____ () C:\C7FD.tmp
2014-12-23 20:07 - 2014-12-23 20:07 - 00000000 _____ () C:\E056.tmp
2014-12-23 19:47 - 2014-12-23 19:47 - 00000000 _____ () C:\90AC.tmp
2014-12-23 19:46 - 2014-12-23 19:46 - 00000000 _____ () C:\3325.tmp
2014-12-23 18:47 - 2014-12-23 18:47 - 00000000 _____ () C:\399.tmp
2014-12-23 18:46 - 2014-12-23 18:46 - 00000000 _____ () C:\30F3.tmp
2014-12-23 18:19 - 2014-12-24 09:22 - 00014878 _____ () C:\Users\Norm\Documents\Addresses-2.csv
2014-12-23 18:15 - 2014-12-23 18:15 - 00000000 _____ () C:\A8C2.tmp
2014-12-23 18:09 - 2014-12-23 18:09 - 00000000 _____ () C:\C0CC.tmp
2014-12-23 18:09 - 2014-12-23 18:09 - 00000000 _____ () C:\912E.tmp
2014-12-23 18:09 - 2014-12-23 18:09 - 00000000 _____ () C:\42AC.tmp
2014-12-23 18:08 - 2014-12-23 18:08 - 00000000 _____ () C:\3214.tmp
2014-12-23 18:07 - 2014-12-23 18:07 - 00000000 _____ () C:\56.tmp
2014-12-23 18:06 - 2014-12-23 18:06 - 00000000 _____ () C:\F7AB.tmp
2014-12-23 18:05 - 2014-12-23 18:05 - 00000000 ____D () C:\Elwood Software
2014-12-23 18:04 - 2014-12-23 18:04 - 09269504 _____ ( ) C:\Users\Norm\Downloads\EZHOTrial.exe
2014-12-23 16:48 - 2014-12-23 16:48 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\StatTrak Address Manager
2014-12-23 16:33 - 2014-12-23 16:33 - 00000000 _____ () C:\FED3.tmp
2014-12-23 16:07 - 2014-12-23 16:13 - 00001113 _____ () C:\Users\Norm\Documents\Addresses_1.csv
2014-12-23 16:02 - 2014-12-23 16:02 - 00000000 _____ () C:\BBC.tmp
2014-12-23 16:01 - 2014-12-23 16:01 - 00000000 _____ () C:\5226.tmp
2014-12-23 15:58 - 2014-12-24 12:43 - 00000000 ____D () C:\Users\Norm\Documents\StatTrak Address Manager
2014-12-23 15:45 - 2014-12-31 07:41 - 00053952 _____ () C:\Windows\PFRO.log
2014-12-23 15:40 - 2014-12-23 15:40 - 17872920 _____ () C:\Users\Norm\Downloads\apsam51d.exe
2014-12-23 15:12 - 2014-12-23 15:12 - 00000000 ____D () C:\Program Files (x86)\All-Pro Software
2014-12-23 14:58 - 2014-12-23 15:10 - 00114688 _____ () C:\Users\Norm\Documents\ContactKeeper.mdb
2014-12-23 14:58 - 2014-12-23 15:10 - 00000002 _____ () C:\Users\Norm\Documents\ContactKeeper.txt
2014-12-23 14:58 - 2014-12-23 14:58 - 02080909 _____ (ContactKeeper ) C:\Users\Norm\Downloads\ContactKeeper150.exe
2014-12-18 10:00 - 2014-12-18 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 07:33 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:33 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 07:21 - 2015-01-05 07:32 - 00003528 _____ () C:\Windows\setupact.log
2014-12-17 15:50 - 2014-12-17 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-16 19:31 - 2014-12-16 19:31 - 00000355 _____ () C:\Users\Norm\Desktop\Computer - Shortcut.lnk
2014-12-16 09:29 - 2014-12-22 20:11 - 00000000 ____D () C:\Users\Norm\Documents\TempDoc
2014-12-11 13:00 - 2014-12-11 13:00 - 00000000 ____D () C:\Users\Norm\AppData\Local\{040D2414-9CC3-4E56-9880-A87CB8C55660}
2014-12-11 07:39 - 2014-12-11 07:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 23:00 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 23:00 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 07:45 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 07:45 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 07:45 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 07:45 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:45 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:45 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:45 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:45 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:45 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:45 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:45 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:45 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:45 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:45 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:45 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:45 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:45 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:45 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:45 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:45 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:45 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:45 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:45 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:45 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:45 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:45 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:45 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:45 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:45 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:45 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:45 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:45 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:45 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:45 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:45 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:45 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:45 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:45 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:45 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:45 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:45 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:45 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:45 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:45 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:45 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:45 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:45 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:45 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:45 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:45 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:45 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:45 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:45 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:45 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:45 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:45 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:45 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:45 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:45 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:45 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:44 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:44 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:44 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:44 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:44 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:44 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:44 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:44 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:44 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:44 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:44 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:44 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:44 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:44 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 09:22 - 2011-03-25 18:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 09:14 - 2011-03-25 18:25 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\KeePass
2015-01-05 09:14 - 2011-03-25 15:38 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-05 08:52 - 2012-03-29 07:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 08:27 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 07:42 - 2009-07-13 23:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 07:42 - 2009-07-13 23:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 07:39 - 2011-03-25 16:45 - 01621360 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 07:35 - 2013-12-06 11:36 - 00000000 ___RD () C:\Users\Norm\Google Drive
2015-01-05 07:32 - 2011-03-25 18:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 07:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 09:27 - 2011-03-25 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys
2015-01-03 23:21 - 2009-04-29 15:29 - 00000000 ____D () C:\Users\Norm\Documents\Taxes
2015-01-03 12:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-03 11:28 - 2011-03-25 18:49 - 00020830 _____ () C:\Users\Norm\Documents\MyInfo.kdbx
2015-01-03 11:06 - 2013-01-15 09:23 - 00000000 ____D () C:\ProgramData\AVG
2015-01-03 11:01 - 2011-07-09 12:54 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\AVG
2015-01-03 11:00 - 2011-03-25 15:47 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-03 09:00 - 2011-04-02 07:44 - 00000000 ____D () C:\Users\Norm\AppData\Roaming\vlc
2015-01-02 19:21 - 2009-04-23 12:55 - 00000000 ____D () C:\Users\Norm\Documents\Receipts
2014-12-30 22:20 - 2012-03-29 07:12 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 22:20 - 2012-03-29 07:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 22:20 - 2011-05-15 05:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 22:09 - 2011-03-25 18:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 16:02 - 2011-03-25 13:55 - 00000000 ____D () C:\Users\Norm
2014-12-30 11:18 - 2012-04-01 17:34 - 00000000 ____D () C:\Users\Norm\AppData\Local\Smith Micro
2014-12-30 09:46 - 2013-07-12 11:52 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-12-30 09:46 - 2013-07-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-12-28 15:06 - 2013-09-22 16:07 - 00000226 _____ () C:\Users\Norm\AppData\Roaming\WB.CFG
2014-12-28 09:25 - 2014-01-04 09:08 - 00000000 ____D () C:\Users\Norm\AppData\Local\NETGEARGenie
2014-12-26 22:48 - 2011-10-12 06:24 - 00000000 ____D () C:\Users\Norm\Documents\Cottage
2014-12-26 17:45 - 2014-03-17 13:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:30 - 2011-04-22 20:10 - 00000000 ____D () C:\Users\Norm\AppData\Local\{8752FD05-FBCA-4BF3-A288-2CAD3F64A63F}
2014-12-24 10:50 - 2010-12-29 11:45 - 00000000 ____D () C:\Users\Public\Documents\Addresses and Phone Numbers
2014-12-22 16:14 - 2009-11-21 18:37 - 00000000 ____D () C:\Users\Norm\Documents\VW_TDI
2014-12-22 07:47 - 2014-08-28 12:29 - 00000000 ____D () C:\Users\Norm\AppData\Local\Adobe
2014-12-22 07:38 - 2012-04-26 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 15:36 - 2011-03-26 21:29 - 00000000 ____D () C:\Users\Norm\AppData\Local\Thunderbird
2014-12-12 07:39 - 2014-10-14 06:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 20:30 - 2014-10-24 11:58 - 00000000 ____D () C:\Users\Norm\Documents\Florda_Trip
2014-12-11 11:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 07:39 - 2014-05-02 12:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 07:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 07:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 23:10 - 2013-07-15 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:01 - 2011-03-25 14:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-06 07:12 - 2009-07-13 23:45 - 00438088 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Norm\AppData\Roaming\skype.ini
 
 
Some content of TEMP:
====================
C:\Users\Norm\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Norm\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Norm\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Norm\AppData\Local\Temp\vmw.exe
C:\Users\Norm\AppData\Local\Temp\VSTStubSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 11:15
 
==================== End Of Log ============================
 
**************************************************************************************************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Norm at 2015-01-05 09:41:44
Running from C:\Users\Norm\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
ACDSee 14 (HKLM-x32\...\{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}) (Version: 14.3.168 - ACD Systems International Inc.)
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
ACDSee Video Converter 4.1 (HKLM-x32\...\ACDSee_acdVC) (Version: 4.1.0.166 - ACD Systems International Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.0.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignCAD Express 16 (HKLM-x32\...\{5A80851B-5BEF-47C1-A04C-51A963BB5E6E}) (Version: 16.0 - IMSI)
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.80.00 - )
EPSON Perfection V500 Photo Scanner Driver Update (HKLM-x32\...\{25653817-9502-41A5-A24D-FED750611E98}) (Version:  - )
EPSON Perfection V500P User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.11.00 - )
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}) (Version: 1.0.0.500 - KSS)
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe Applications (HKLM-x32\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Designs - Music Pack 1 (HKLM-x32\...\{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LinksysEasyLinkAdvisor (HKLM-x32\...\InstallShield_{2369561B-FD79-47F0-905D-B5FC7BAA9C80}) (Version:  - )
LinksysEasyLinkAdvisor (Version: 3.0.8122.29 - Linksys, Cisco System.) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MasterCook Deluxe (HKLM-x32\...\{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}) (Version: 9.0.0 - ValuSoft)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1033-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1428 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{124CA4D3-B532-4D1F-98C4-E8035DB39E2F}) (Version: 2.7.4126.0 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM-x32\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.1 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.700 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.700 - TomTom)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
NETGEAR USB Control Center   (HKLM-x32\...\{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}) (Version: 1.32 - NETGEAR)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
novaPDF Professional Desktop 7.7 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version:  - Softland)
novaPDF Standard Desktop 7.6 printer (HKLM\...\novaPDF Standard Desktop 7 printer_is1) (Version:  - Softland)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PlayOn (HKLM-x32\...\{EF225F7C-34D6-494D-AF7D-11CFB58F92E6}) (Version: 3.10.1 - MediaMall Technologies, Inc.)
PS Monitor (HKLM-x32\...\{EF23717A-FC30-41DC-ADBF-7FA2907E2969}) (Version:  - )
PS-Utility (HKLM-x32\...\{4B95A7D0-AF67-4916-9433-C18B9969E9D4}) (Version:  - )
PS-Wizard (HKLM-x32\...\{6B20EE79-2049-49BC-BC46-17A040EE3C2E}) (Version:  - )
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
RivalGaming (HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\RivalGaming) (Version:  - RivalGaming) <==== ATTENTION!
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
StuffIt 2010 (HKLM\...\{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}) (Version: 14.0.1 - Smith Micro)
TextPad 4.7 (HKLM-x32\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.1 - Helios)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.1.21 - weDownload) <==== ATTENTION
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.4.0.1 - 't Schrijverke)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WePrint (HKLM-x32\...\WePrint) (Version:  - EuroSmartz Ltd)
Whisper 32 (HKLM-x32\...\{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}) (Version: 1.15.0 - Shaun Ivory)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
30-12-2014 09:42:02 Removed Bonjour
30-12-2014 09:45:03 Removed Microsoft Access database engine 2010 (English)
30-12-2014 10:56:02 Removed AVG 2015
30-12-2014 10:58:03 Removed AVG 2015
30-12-2014 14:26:53 Installed AVG 2015
30-12-2014 14:28:37 Removed AVG 2015
30-12-2014 16:08:55 Installed AVG 2015
30-12-2014 16:09:44 Installed AVG 2015
03-01-2015 10:58:39 Installed AVG PC TuneUp 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00488614-5AA0-4A42-A9FC-B3F941D94A84} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {15021F61-CA2F-44C0-BEE9-7F7E3AAF4F46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
Task: {15B43A2A-9894-404F-AFB3-7C922E87D3D9} - System32\Tasks\{9F035023-C3B1-4711-B1A8-69A2C574A29B} => pcalua.exe -a "E:\Win7 Install\LogitechRemote\LogitechHarmonyRemote7.7.0-WIN-x86.exe" -d "E:\Win7 Install\LogitechRemote"
Task: {166CEBCA-C311-4F8D-986D-A619B0DAE3FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {1771C3C4-81B8-4C2F-9864-74616612BD1E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {210A1A3D-9631-4DDD-A737-E53FAB7FF65B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2284C539-7763-4E12-A205-6DF74339F7DA} - System32\Tasks\{5D963F8D-BA3B-4B1F-BABD-1CD8FC2006C3} => pcalua.exe -a C:\Users\Norm\Downloads\weathersp3_StubInstaller.exe -d C:\Users\Norm\Downloads
Task: {24A349A9-4ADD-454A-B8CD-C381C4C74CE3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-11-24] (AVG Technologies)
Task: {366D61D3-9C74-49B3-AE8F-1F7DB727BA18} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {44262E7A-220E-4D0B-8C96-A67B98169C54} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {4CFAD54B-68A3-4AD4-B4FD-7E996C61AB7F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {59A926BB-FD78-40A1-BDFB-EF805A6CB7FB} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {6EAFE709-EF33-461A-B8A2-D0A42B97B858} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F27528C-E704-4329-955E-F42134E6CE2F} - System32\Tasks\Real Player online update program => c:\program files (x86)\real\realplayer\Update\realsched.exe
Task: {7DD0BFF9-B2E5-482F-B3A2-94FED7A98AA0} - System32\Tasks\{0BE805DB-A5FF-4DAA-8246-98C29B3AC084} => pcalua.exe -a "D:\BackUpSoftware\Streets _ Trips 2011\ST2011\Setup_ST.exe" -d "D:\BackUpSoftware\Streets _ Trips 2011\ST2011"
Task: {8574E1FE-CD12-460C-8B44-E0A10276236B} - System32\Tasks\4593 => Wscript.exe C:\Users\Norm\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {927926B1-E175-442F-A4CB-908DEA599B59} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {9A71A357-8B80-4878-9D2A-FDDE1BB5D8DB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A021D09E-BEB7-4435-8D08-0FCD0ABBEE34} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A37662A6-01C8-4E9E-A0A0-4E19AB0764D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3642669842-3344055725-2380362599-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B39CFF6C-0177-41BB-A626-EDC7FBAF610C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {B8EAB256-57B3-4072-91FA-B7AB30BF6C00} - System32\Tasks\SpeedOptimizerPro_Popup => C:\Program Files (x86)\Speed Optimizer Pro\Splash.exe <==== ATTENTION
Task: {BB736B3B-D56A-4B94-85D6-F3D52503C0AF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BF1D0DE9-D925-4C13-B395-60750344CF47} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {CF86D412-3997-485B-A9D7-C36B1EAA8E56} - System32\Tasks\DSite => C:\Users\Norm\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D5B938C7-915F-46D7-8FCC-993B4915CB61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E25955E0-63B9-4C01-BAC0-9776708E8BE1} - System32\Tasks\SpeedOptimizerPro_Start => C:\Program Files (x86)\Speed Optimizer Pro\SpeedOptimizerPro.exe <==== ATTENTION
Task: {E2CEEA1D-99DD-4EEA-BDE5-C011BB237D5A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-09-10 23:45 - 2007-09-10 23:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2008-11-13 14:43 - 2008-11-13 14:43 - 00204800 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2014-11-24 12:48 - 2014-11-24 12:48 - 00713528 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-09-20 16:57 - 2012-09-20 16:57 - 04139008 _____ () C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
2014-11-24 12:49 - 2014-11-24 12:49 - 00856888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2014-11-06 10:28 - 2014-11-06 10:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 04:46 - 2014-11-17 04:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 04:55 - 2014-11-10 04:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 02:36 - 2014-11-05 02:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 02:37 - 2014-11-05 02:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 05:53 - 2014-11-14 05:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 21:05 - 2014-06-29 21:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 04:13 - 2014-11-07 04:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 15:27 - 2012-10-15 15:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 02:00 - 2014-11-17 02:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 03:39 - 2014-09-11 03:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 02:51 - 2014-11-05 02:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 01:21 - 2014-11-17 01:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 01:18 - 2014-11-17 01:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 04:39 - 2014-11-06 04:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 02:58 - 2014-11-05 02:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 03:00 - 2014-11-05 03:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 03:23 - 2014-11-03 03:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 21:22 - 2014-06-18 21:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 02:59 - 2014-11-05 02:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 03:01 - 2014-11-05 03:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 21:33 - 2014-06-29 21:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2008-12-12 17:11 - 2008-12-12 17:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 17:11 - 2008-12-12 17:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-12-30 22:09 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-30 22:09 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-05 07:32 - 2015-01-05 07:32 - 00098816 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32api.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00110080 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\pywintypes27.dll
2015-01-05 07:32 - 2015-01-05 07:32 - 00364544 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\pythoncom27.dll
2015-01-05 07:32 - 2015-01-05 07:32 - 00045568 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_socket.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 01160704 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_ssl.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00320512 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32com.shell.shell.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00713216 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_hashlib.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 01175040 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._core_.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00805888 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._gdi_.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00811008 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._windows_.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 01062400 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._controls_.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00735232 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._misc_.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00128512 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_elementtree.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00127488 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\pyexpat.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00557056 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\pysqlite2._sqlite.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00087552 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_ctypes.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00119808 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32file.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00108544 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32security.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00007168 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\hashobjs_ext.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00167936 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32gui.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00018432 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32event.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00038912 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32inet.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00011264 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32crypt.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00070656 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._html2.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00027136 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\_multiprocessing.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00035840 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32process.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00686080 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\unicodedata.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00122368 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._wizard.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00024064 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32pipe.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00025600 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32pdh.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00525640 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\windows._lib_cacheinvalidation.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00010240 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\select.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00017408 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32profile.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00022528 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\win32ts.pyd
2015-01-05 07:32 - 2015-01-05 07:32 - 00078336 _____ () C:\Users\Norm\AppData\Local\Temp\_MEI34442\wx._animate.pyd
2008-11-13 14:43 - 2008-11-13 14:43 - 00081920 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\lib\wrapper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Norm\Documents\hedge.jpg:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"                                                                                                                                                                                                       
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3642669842-3344055725-2380362599-500 - Administrator - Disabled)
Guest (S-1-5-21-3642669842-3344055725-2380362599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3642669842-3344055725-2380362599-1002 - Limited - Enabled)
Norm (S-1-5-21-3642669842-3344055725-2380362599-1000 - Administrator - Enabled) => C:\Users\Norm
 
==================== Faulty Device Manager Devices =============
 
Name: bbnfd_1_10_0_2
Description: bbnfd_1_10_0_2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bbnfd_1_10_0_2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/03/2015 11:43:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0007ce49
Faulting process id: 0x2a50
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/02/2015 10:19:10 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
 
Error: (12/31/2014 00:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc959
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x1ed8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/30/2014 01:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 017297~1.EXE, version: 8.6.154.0, time stamp: 0x53e5162a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00702b48
Faulting process id: 0x5c8
Faulting application start time: 0x017297~1.EXE0
Faulting application path: 017297~1.EXE1
Faulting module path: 017297~1.EXE2
Report Id: 017297~1.EXE3
 
Error: (12/30/2014 00:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 017297~1.EXE, version: 8.6.154.0, time stamp: 0x53e5162a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00a42b48
Faulting process id: 0x5c0
Faulting application start time: 0x017297~1.EXE0
Faulting application path: 017297~1.EXE1
Faulting module path: 017297~1.EXE2
Report Id: 017297~1.EXE3
 
Error: (12/30/2014 00:31:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x525b8623
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x19f4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/30/2014 11:17:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/30/2014 10:58:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/30/2014 09:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 2.1.168.192.in-addr.arpa. PTR Norm-PC.local.
 
Error: (12/30/2014 09:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   17 2.1.168.192.in-addr.arpa. PTR Norm-PC-2.local.
 
 
System errors:
=============
Error: (01/05/2015 08:44:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/05/2015 07:34:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bbnfd_1_10_0_2
 
Error: (01/05/2015 07:32:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.
 
Error: (01/05/2015 07:31:45 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
 
Error: (01/05/2015 07:31:34 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/04/2015 11:33:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/04/2015 08:23:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (01/04/2015 08:22:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/04/2015 08:18:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bbnfd_1_10_0_2
 
Error: (01/04/2015 08:17:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AirPrint service depends the following service: Bonjour Service. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (01/03/2015 11:43:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcbb4MSHTML.dll11.0.9600.17496546ff2f9c00000fd0007ce492a5001d0277431352ccbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll951a1713-9367-11e4-91ef-000272a92cfd
 
Error: (01/02/2015 10:19:10 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
 
Error: (12/31/2014 00:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc959MSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c1ed801d0251b90b42665C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllfee2f686-910e-11e4-a2fe-000272a92cfd
 
Error: (12/30/2014 01:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 017297~1.EXE8.6.154.053e5162aunknown0.0.0.000000000c000000500702b485c801d024629f5af0fdC:\Users\Norm\AppData\Local\Temp\017297~1.EXEunknownea253efd-9055-11e4-a459-000272a92cfd
 
Error: (12/30/2014 00:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 017297~1.EXE8.6.154.053e5162aunknown0.0.0.000000000c000000500a42b485c001d02456d0302810C:\Users\Norm\AppData\Local\Temp\017297~1.EXEunknown1ae5405f-904a-11e4-86d2-000272a92cfd
 
Error: (12/30/2014 00:31:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496525b8623MSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c19f401d0245665b0b7d7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllb7532c12-9049-11e4-9c3a-000272a92cfd
 
Error: (12/30/2014 11:17:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Norm\Downloads\SoftonicDownloader_for_contactkeeper.exe
 
Error: (12/30/2014 10:58:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
 
Error: (12/30/2014 09:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 2.1.168.192.in-addr.arpa. PTR Norm-PC.local.
 
Error: (12/30/2014 09:35:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   17 2.1.168.192.in-addr.arpa. PTR Norm-PC-2.local.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-02-10 20:32:19.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:32:19.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:32:16.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:32:16.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:32:16.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:32:16.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:13:45.834
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:13:45.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:13:42.745
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-10 20:13:42.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 20 Processor
Percentage of memory in use: 34%
Total physical RAM: 7935.3 MB
Available physical RAM: 5214 MB
Total Pagefile: 15868.79 MB
Available Pagefile: 13527.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:707.96 GB) NTFS
Drive d: (Backup) (Fixed) (Total:298.09 GB) (Free:166.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:372.61 GB) (Free:136.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: EAF15BA9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: 0C7C9719)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B475B512)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi,
 
Well, some bad news and then some good news.
 

warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:
  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.
Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).
  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.
Assuming you'd like to move forward with cleaning the machine rather than a reinstall, then follow these instructions. NOTE: Just so that you are not surprised, cleaning will require several steps (interactions) and likely several days to completely clean your computer.
 
FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [] => [X]
    HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Norm\AppData\Roaming\skype.dat <==== ATTENTION
    HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
    CustomCLSID: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
    BHO: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll (weDownload)
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
    BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
    BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} ->  No File
    Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  No File
    Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-12-18]
    C:\Users\Norm\AppData\Roaming\skype.ini
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state on
    CMD: ipconfig /flushdns
    Emptytemp:
    Hosts:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
 
 
ESET Poweliks Cleaner

ESETOnline.png
Scan with ESET Poweliks Cleaner

Please download ESET Poweliks Cleaner and save the file to your desktop.
  • Right-click on ESETOnline.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the tool will find Poweliks
  • You will be prompted Win32/Poweliks found in your system.
  • Press Y to continue the removal.
  • You should be noted that the tool succesfully removed the threat from your system.
  • The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.
Please attach this file to your next reply.
To do so:

- after typing in your message, click More reply options instead of Post.
- below the post preview and the post editor, you should be able to see Attach files option - please click Choose file.
- in the pop-up window navigate to the desktop. Choose the one named ESETPoweliksCleaner_Date.Time.log and attach it.

If the file will be to big to attach it (it may happen), then please host it on a Dropbox account or a site like mediafire.com, providing me the link to the uploaded file. 
 
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

xMBAMsettings_zpsb6b9ada0.jpg.pagespeed.

Go back to the Dashboard and select Scan Now

xMBAMScan_zps8ba7d192.jpg.pagespeed.ic.M

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

xMBAMReboot_zps9089ab30.jpg.pagespeed.ic

xMBAMLog_zpsade07f42.jpg.pagespeed.ic.c1

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
  • 0

#6
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have followed all the step. I have had the PC disconnect from the internet and have change all online password. I have attached the 3 files from the 3 Programs.
Thank you.

Attached Files


  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Good work :thumbsup:

 

Now, one more FRST scan as you did before please and also test the computer a bit and let me know how it's working now. :)


  • 0

#8
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I have run most internet type programs at this point and the CPU seems to be running normally. I do have one question; when I run chrome with 2 tabs open, I see 5 chrome.exe 32 processes running, is this normal?

I have attached the 2 files from FRST64.

Attached Files


  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I do have one question; when I run chrome with 2 tabs open, I see 5 chrome.exe 32 processes running, is this normal?

Potentially, yes :)   Chrome opens a Process for every Windows that it opens. The logic being, if one Window crashes, it doesn't take down the entire Browser.
 
That said, there is absolutely is Malware the opens multiple Chrome *32 processes. Is that what you're seeing? "Chrome *32" or "Chrome 32" or something else? I don't see anything in your log that would indicate the *32 Malware, but if you're seeing it, I'll look closer.
 
In the meantime, I have a little more clean for you to do.

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {F277C811-E1FF-46A7-95F9-1127EB5F3940} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {41A0E243-58AD-4A50-BE0D-865A6EC16A2B} URL = http://websearch.ask.com/redirect?client=ie&tb=PGL&o=102946&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=6J&apn_dtid=YYYYYYYYUS&apn_uid=59024583-055e-4782-ad80-81efad964fe8&apn_sauid=DCE80CB9-070B-4BE9-8E55-ADEBD335CFDB
    SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=MLUOLYGLxV9n0tr_Hcqjhu0nSTc?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {7EA95CA4-39AC-432B-9EEE-F2B4F2A4B215} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP87C72773-C6D3-4BD3-8C18-AE75C4457E96&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> {F277C811-E1FF-46A7-95F9-1127EB5F3940} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN35509931129379182&UM=2
    FF SearchPlugin: C:\Users\Norm\AppData\Roaming\Mozilla\Firefox\Profiles\2x7ofyo3.default\searchplugins\askcom.xml
    C:\*.tmp
    EmptyTemp:
    
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

adwcleaner_new.png Scan with AdwCleaner




Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
Please include the contents of that file in your reply.

JRTbythisisu.png Fix with Junkware Removal Tool




Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.




Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Then run FRST once more and post the results. And, let me know how the machine is working :)
  • 0

#10
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I run all the steps and have attached all the files. Chrome processes  are "Chrome *32".

Attached Files


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Ok, one last fix! When this is complete, give the computer a bit of a work out and let me know how things are going. Have the issues that originally brought you to us been resolved? Any new concerns?

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    Task: {8574E1FE-CD12-460C-8B44-E0A10276236B} - System32\Tasks\4593 => Wscript.exe C:\Users\Norm\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {B8EAB256-57B3-4072-91FA-B7AB30BF6C00} - System32\Tasks\SpeedOptimizerPro_Popup => C:\Program Files (x86)\Speed Optimizer Pro\Splash.exe <==== ATTENTION
    Task: {BB736B3B-D56A-4B94-85D6-F3D52503C0AF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {BF1D0DE9-D925-4C13-B395-60750344CF47} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
    Task: {CF86D412-3997-485B-A9D7-C36B1EAA8E56} - System32\Tasks\DSite => C:\Users\Norm\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {E25955E0-63B9-4C01-BAC0-9776708E8BE1} - System32\Tasks\SpeedOptimizerPro_Start => C:\Program Files (x86)\Speed Optimizer Pro\SpeedOptimizerPro.exe <==== ATTENTION
    File: iexplore.exe
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
  • 0

#12
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Attached is the current Fixlot. 

Thank for the help.

Attached Files


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Thanks very much for the Donation! :thumbsup:  :cheers:

 

Most unexpected, but quite welcome :)

 

So, give the machine a good workout and let me know how things look. If it's still doing well in a day or so, I'll remove my tools, give you some suggestions for "Staying Safe" and send you on your way :thumbsup:


  • 0

#14
nwj629

nwj629

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I have not seen any problems with the system. I have run full scans with AVG and Malwarebytes Anti-Malware.I would like to thank you for all the time you spent on this.


  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I have not seen any problems with the system. I have run full scans with AVG and Malwarebytes Anti-Malware.

 

Excellent news!!!

 

 

I would like to thank you for all the time you spent on this.

 

You are quite welcome! :thumbsup:   From my side, it's been a pleasure!! wavey.gif.pagespeed.ce.4AQn4GwL8t9RHoZhx  Take care!!

 

Alright, I guess I will send you on your way! :)

 

A good workman always cleans up his tools, so that is what DelFix will do. Also, I will add some preventitive information below.   If you have any questions, let me know. I'll keep the topic open for a few days "just in case". After that, PM me or any Admin to have the topic re-opened if something goes wonky!

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.

Preventing Re-Infection

An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

Adobe products have to always be updated, because they also are being used to infect your computer.

  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.

FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

Recommendations for security programs

  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

For some good tips about how to prevent infection in the future, visit this site.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP