Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Accidently clicked on popup that said my computer needs fixed. Now fu


  • Please log in to reply

#1
rockitout

rockitout

    Member

  • Member
  • PipPipPip
  • 140 posts

OTL logfile created on: 1/21/2015 5:48:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JOHNANDSUE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 71.37% Memory free
15.79 Gb Paging File | 13.34 Gb Available in Paging File | 84.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.15 Gb Total Space | 816.06 Gb Free Space | 89.66% Space Free | Partition Type: NTFS
Drive D: | 21.07 Gb Total Space | 2.27 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive F: | 98.00 Mb Total Space | 74.44 Mb Free Space | 75.96% Space Free | Partition Type: FAT32
 
Computer Name: 17INCH | User Name: JOHNANDSUE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/21 17:47:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JOHNANDSUE\Desktop\OTL.exe
PRC - [2015/01/15 14:06:21 | 001,845,472 | ---- | M] () -- C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\Client.exe
PRC - [2015/01/09 17:50:54 | 000,154,112 | ---- | M] (Tester Extension) -- C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
PRC - [2015/01/09 17:50:52 | 000,471,096 | ---- | M] (Tester Extension) -- C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
PRC - [2015/01/09 17:50:34 | 000,246,840 | ---- | M] (Tester Extension) -- C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe
PRC - [2015/01/09 17:50:22 | 000,192,000 | ---- | M] (Tester Extension) -- C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe
PRC - [2014/12/21 11:25:29 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/03 12:06:52 | 000,040,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2014/11/24 12:38:23 | 002,039,192 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/11/24 12:38:23 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/11/14 06:48:12 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/09/21 04:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
PRC - [2014/09/15 12:00:46 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/09/15 12:00:44 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/05/14 13:39:24 | 025,794,880 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2013/09/28 08:39:56 | 013,103,104 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/07/20 12:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) -- C:\Users\JOHNANDSUE\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/07/19 19:18:05 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012/11/05 15:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/08/28 11:00:32 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/08/28 10:55:16 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/12/16 14:37:00 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 14:37:00 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 14:37:00 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/12/16 14:37:00 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011/12/05 04:14:00 | 000,291,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 22:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/28 16:08:00 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/03/30 13:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/06/29 09:48:12 | 000,304,368 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
PRC - [2007/06/29 09:47:48 | 000,292,080 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/15 14:06:21 | 001,845,472 | ---- | M] () -- C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\Client.exe
MOD - [2014/11/20 13:34:44 | 000,316,576 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/11/20 13:33:36 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014/10/20 09:37:07 | 000,530,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\7f372539d1837d70e88821cc20ed6530\System.Net.Http.ni.dll
MOD - [2014/10/20 09:37:06 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/20 09:36:52 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/20 09:36:30 | 000,163,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#\34706e2d87221f8168500c086e3ee9e5\System.Windows.Input.Manipulations.ni.dll
MOD - [2014/10/20 09:36:28 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/20 09:36:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/10/17 20:13:06 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/17 20:12:56 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/17 20:12:52 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\97bbbd410c21d79e55ed5519faab853d\System.Deployment.ni.dll
MOD - [2014/10/17 20:12:51 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/17 20:12:49 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/17 20:12:48 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/17 20:12:47 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/17 20:12:46 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/17 20:12:45 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/17 20:12:45 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/17 20:12:44 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/17 20:12:44 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/17 20:12:43 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/17 20:12:43 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/17 20:12:42 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/17 07:05:42 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/17 07:05:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/17 07:05:34 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/17 07:05:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/17 07:05:19 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 16:57:18 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/02/27 07:54:09 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 07:54:09 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/27 07:30:39 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/08/22 04:02:09 | 000,187,888 | ---- | M] () -- C:\Users\JOHNANDSUE\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/06/29 09:48:12 | 000,304,368 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
MOD - [2007/06/29 09:47:48 | 000,292,080 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
MOD - [2006/09/06 04:12:00 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\DLCQcfg.dll
MOD - [2006/08/08 13:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll
MOD - [2006/06/09 00:39:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/12 00:06:52 | 002,449,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/04/09 07:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/08/30 19:40:14 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/12/08 17:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2006/12/12 02:22:44 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcqcoms.exe -- (dlcq_device)
SRV - [2015/01/15 14:45:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/09 17:50:52 | 000,471,096 | ---- | M] (Tester Extension) [Auto | Running] -- C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe -- (cozaghost)
SRV - [2015/01/09 17:50:34 | 000,246,840 | ---- | M] (Tester Extension) [Auto | Running] -- C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe -- (cozwdhost)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/24 12:38:23 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/09/21 04:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/09/15 12:00:46 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/20 12:23:34 | 001,206,624 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\JOHNANDSUE\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/08 13:42:48 | 000,244,720 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/01/29 23:03:54 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/16 14:37:00 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 14:37:00 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 14:37:00 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/12/16 14:37:00 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/29 22:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/12/12 02:22:34 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcqcoms.exe -- (dlcq_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/21 17:38:10 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/08/25 20:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 20:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 13:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/03/03 22:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 19:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/01/31 09:08:04 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/25 20:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 20:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/08/30 19:40:15 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/05/21 16:40:51 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/05/21 16:40:51 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/05/21 16:20:59 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/12/21 06:08:40 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/09/24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/31 05:56:58 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/07/17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/21 19:59:36 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/01/18 20:24:12 | 014,658,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 05:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/05 04:13:00 | 000,785,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2011/12/05 04:13:00 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2011/12/05 04:13:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/29 21:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/10/27 12:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/10/13 22:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/13 22:37:42 | 000,020,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2011/08/23 23:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/03 13:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/09 11:31:52 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/09 11:31:52 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 09:16:15 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/21 16:37:49 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 16:37:48 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\eng64.sys -- (NAVENG)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F002A842-FF7A-42C9-A0F5-96D88886FE62}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CDDD6C6D-8EC6-4E73-A6C8-7003E9F529DA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKLM\..\SearchScopes\{F002A842-FF7A-42C9-A0F5-96D88886FE62}: "URL" = http://www.amazon.co...ds={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...13_wc2&tsp=4971
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...fcd7718bf8=
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol...13_wc2&tsp=4971
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...&q={searchTerms}
IE - HKCU\..\SearchScopes\{CDDD6C6D-8EC6-4E73-A6C8-7003E9F529DA}: "URL" = http://search.condui...0228050253&UM=2
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKCU\..\SearchScopes\{F002A842-FF7A-42C9-A0F5-96D88886FE62}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49162;https=127.0.0.1:49162
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.13: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll File not found
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2015/01/21 17:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/09/15 12:01:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/02/13 07:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9D2AA73B-6049-4799-B8AC-925723370070}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/09/15 12:01:44 | 000,000,000 | ---D | M]
 
[2013/08/11 17:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHNANDSUE\AppData\Roaming\Mozilla\Extensions
[2013/08/11 17:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.4_1\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf\55.10_0\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.31.4.510_1\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.31.4.510_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.10.15_0\
CHR - Extension: No name found = C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\JOHNANDSUE\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DLCQCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCQtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcqmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [gmsd_us_108]  File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [NTRedirect] C:\Users\JOHNANDSUE\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E24250B-1375-49BE-ABFD-8EE6B342BFFF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A0BE744-C934-4BBB-AEAA-E9664BD1EC1F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Program Files  Files) -  File not found
O20 - AppInit_DLLs: (c:\program files) - c:\Program Files [2014/08/13 09:46:55 | 000,000,000 | R--D | M]
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6}\Shell - "" = AutoRun
O33 - MountPoints2\{3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{d7b38302-6822-11e4-a661-a0b3cc5207b6}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b38302-6822-11e4-a661-a0b3cc5207b6}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/21 17:47:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JOHNANDSUE\Desktop\OTL.exe
[2015/01/21 17:43:37 | 000,000,000 | ---D | C] -- C:\8042944f6965e3a869
[2015/01/20 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\AppData\Local\globalUpdate
[2015/01/20 16:01:36 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\AppData\Local\BoBrowser
[2015/01/20 15:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\download Manager
[2015/01/20 15:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2015/01/20 15:54:09 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\AppData\Local\46E115E7-886C-5C45-B723-B395AD2B6BF9
[2015/01/20 15:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\4e10650d0000700e
[2015/01/20 15:26:46 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\Documents\Optimizer Pro
[2015/01/18 12:20:50 | 000,000,000 | -HSD | C] -- C:\Users\JOHNANDSUE\AppData\Roaming\AnyProtectEx
[2015/01/18 12:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
[2015/01/18 12:06:32 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\AppData\Local\GeniusBox
[2015/01/18 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\AppData\Local\Pro_PC_Cleaner
[2015/01/18 12:06:12 | 000,000,000 | ---D | C] -- C:\Users\JOHNANDSUE\Documents\ProPCCleaner
[2015/01/18 12:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\makulitsidwe
[2014/12/29 17:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\JOHNANDSUE\AppData\Local\*.tmp files -> C:\Users\JOHNANDSUE\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/21 17:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/21 17:48:50 | 000,000,575 | ---- | M] () -- C:\Users\JOHNANDSUE\Desktop\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.website
[2015/01/21 17:47:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JOHNANDSUE\Desktop\OTL.exe
[2015/01/21 17:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/21 17:44:03 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 17:44:03 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 17:38:20 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2015/01/21 17:38:10 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2015/01/21 17:36:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/21 17:36:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015/01/21 17:35:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 17:35:19 | 2065,149,951 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/20 19:38:41 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/20 19:38:41 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/20 19:38:41 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/20 19:37:28 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJOHNANDSUE.job
[2015/01/20 16:07:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2015/01/20 15:11:05 | 001,664,617 | ---- | M] () -- C:\Windows\shost.bin
[2015/01/18 13:43:56 | 000,001,110 | ---- | M] () -- C:\Users\JOHNANDSUE\Desktop\Continue Live Installation.lnk
[2015/01/18 13:11:44 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015/01/18 13:11:44 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015/01/18 13:09:08 | 000,001,532 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2015/01/18 12:53:24 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015/01/18 12:20:22 | 000,002,010 | ---- | M] () -- C:\Windows\patsearch.bin
[2015/01/18 12:20:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
[2015/01/18 12:06:44 | 000,058,765 | ---- | M] () -- C:\Users\JOHNANDSUE\Desktop\PlayerStubWrapper1.exe
[2015/01/18 12:06:35 | 000,000,064 | ---- | M] () -- C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b
[2014/12/29 18:02:38 | 000,001,242 | ---- | M] () -- C:\Users\JOHNANDSUE\Desktop\Paint.lnk
[2014/12/29 17:30:18 | 000,036,575 | ---- | M] () -- C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
[2014/12/29 17:28:59 | 000,067,091 | ---- | M] () -- C:\Users\JOHNANDSUE\Desktop\yahoo_contacts.csv
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\JOHNANDSUE\AppData\Local\*.tmp files -> C:\Users\JOHNANDSUE\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/21 17:47:39 | 000,000,575 | ---- | C] () -- C:\Users\JOHNANDSUE\Desktop\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.website
[2015/01/20 16:02:25 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2015/01/20 16:02:21 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015/01/20 15:11:00 | 001,664,617 | ---- | C] () -- C:\Windows\shost.bin
[2015/01/18 13:09:08 | 000,001,544 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2015/01/18 13:09:08 | 000,001,532 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2015/01/18 12:37:49 | 000,001,110 | ---- | C] () -- C:\Users\JOHNANDSUE\Desktop\Continue Live Installation.lnk
[2015/01/18 12:21:13 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015/01/18 12:21:13 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015/01/18 12:21:12 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015/01/18 12:20:22 | 000,002,010 | ---- | C] () -- C:\Windows\patsearch.bin
[2015/01/18 12:20:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
[2015/01/18 12:06:44 | 000,058,765 | ---- | C] () -- C:\Users\JOHNANDSUE\Desktop\PlayerStubWrapper1.exe
[2015/01/18 12:06:35 | 000,000,064 | ---- | C] () -- C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b
[2014/12/29 18:02:38 | 000,001,242 | ---- | C] () -- C:\Users\JOHNANDSUE\Desktop\Paint.lnk
[2014/12/29 17:30:18 | 000,036,575 | ---- | C] () -- C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
[2014/12/29 17:28:59 | 000,067,091 | ---- | C] () -- C:\Users\JOHNANDSUE\Desktop\yahoo_contacts.csv
[2014/10/05 13:20:31 | 000,000,848 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014/10/05 13:20:31 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014/10/05 13:19:57 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2014/10/05 13:17:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014/10/05 13:17:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/10/05 13:17:08 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/10/05 13:17:05 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2014/01/09 08:07:35 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\dlcqcomx.dll
[2014/01/09 08:07:35 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLCQinst.dll
[2014/01/09 08:07:34 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqpmui.dll
[2014/01/09 08:07:34 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcqutil.dll
[2014/01/09 08:07:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqinpa.dll
[2014/01/09 08:07:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqiesc.dll
[2014/01/09 08:07:34 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcqjswr.dll
[2014/01/09 08:07:34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcqinsr.dll
[2014/01/09 08:07:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcqcur.dll
[2014/01/09 08:07:33 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcqinsb.dll
[2014/01/09 08:07:33 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcqins.dll
[2014/01/09 08:07:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqusb1.dll
[2014/01/09 08:07:31 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcqcub.dll
[2014/01/09 08:07:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcqcu.dll
[2014/01/09 08:07:30 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqserv.dll
[2014/01/09 08:07:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqlmpm.dll
[2014/01/09 08:07:29 | 000,181,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqppls.exe
[2014/01/09 08:07:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqprox.dll
[2014/01/09 08:07:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqpplc.dll
[2014/01/09 08:07:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqhbn3.dll
[2014/01/09 08:07:28 | 000,537,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqcoms.exe
[2014/01/09 08:07:28 | 000,385,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqih.exe
[2014/01/09 08:07:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqcomc.dll
[2014/01/09 08:07:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqcomm.dll
[2014/01/09 08:07:26 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcqcfg.exe
[2014/01/09 08:07:26 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\DLCQcfg.dll
[2013/12/20 15:42:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fruit
[2013/12/20 15:42:51 | 000,000,268 | RH-- | C] () -- C:\Users\JOHNANDSUE\AppData\Roaming\Font Book
[2013/12/20 15:42:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/12/20 15:42:51 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Helper Scripts
[2013/12/20 15:42:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2013/12/20 15:42:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework
[2013/12/20 15:42:50 | 000,000,268 | RH-- | C] () -- C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions Handlers
[2013/12/20 15:42:50 | 000,000,268 | RH-- | C] () -- C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions
[2013/12/20 15:42:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/12/20 15:42:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/12/20 15:42:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Halftone
[2013/12/20 15:42:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Guitars
[2013/07/10 20:59:44 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/07/10 20:59:42 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/07/10 20:59:41 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/07/10 20:59:40 | 013,001,728 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013/05/21 17:01:55 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/18 12:20:50 | 000,000,000 | -HSD | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\AnyProtectEx
[2013/08/11 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\BabSolution
[2013/08/11 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Babylon
[2014/10/05 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\ControlCenter4
[2013/08/11 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Delta
[2014/04/12 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\DIRECTV
[2014/08/15 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Garmin
[2014/05/07 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Nikon
[2014/09/23 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Oracle
[2014/12/22 09:33:03 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\PC-FAX TX
[2013/07/18 09:01:30 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Synaptics
[2013/08/13 20:05:51 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\Tepfel
[2013/10/25 10:46:11 | 000,000,000 | ---D | M] -- C:\Users\JOHNANDSUE\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 

< End of report >

 

 

 

OTL Extras logfile created on: 1/21/2015 5:48:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JOHNANDSUE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 71.37% Memory free
15.79 Gb Paging File | 13.34 Gb Available in Paging File | 84.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910.15 Gb Total Space | 816.06 Gb Free Space | 89.66% Space Free | Partition Type: NTFS
Drive D: | 21.07 Gb Total Space | 2.27 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive F: | 98.00 Mb Total Space | 74.44 Mb Free Space | 75.96% Space Free | Partition Type: FAT32
 
Computer Name: 17INCH | User Name: JOHNANDSUE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FE7654-04C3-447B-A261-2B8F5C0238B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FB23BD5-ABAE-499C-BB41-24C20E28F56E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2039CA67-6EF1-4D38-AC79-EAC69B148130}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22F3481A-8310-4584-8211-68386C8BA480}" = lport=137 | protocol=17 | dir=in | app=system |
"{362BD6BD-B334-41AF-A7FD-AF8D1DBF8334}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{389AE2C7-F8C0-4237-A29C-02A00684B048}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39D174C8-1EA3-467E-B52B-B1BABB48BBD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BADB41E-E672-45FF-9BA5-84BA15054D0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42518A2A-1AFB-4C6D-99CB-851251B7888F}" = lport=139 | protocol=6 | dir=in | app=system |
"{4E6D7929-90AA-4319-AA24-9F4D189B9F0C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E9FF871-3BB0-476F-9E35-7F98F0DECC9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4FA18EB4-1C89-45BE-9A40-0C2457A6AAC1}" = rport=137 | protocol=17 | dir=out | app=system |
"{53AB84C4-ED4B-445A-9E24-681DA1B0475E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5416D773-FE1A-4FCF-B4A4-FF3D853F7F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56D5AB94-B19C-4889-94E7-3DA3B1874A64}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{59854B8E-FC9E-4418-A677-086A355528D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D0B3741-33A3-4F9E-987F-B65977C1EB56}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74E91D0A-B3D0-4331-BB3D-CF8465D82D4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A913F24-6530-4F70-99EE-14A4F6C9DE8F}" = rport=139 | protocol=6 | dir=out | app=system |
"{89D8F225-2FF0-4E48-A526-C9D1A288A299}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5AD2B38-9FD3-4B29-A4B2-2A12B78F29F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A912B699-9B63-41DA-8EFD-B18E54F42304}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AADBF1AF-4BB3-4E8A-8CBC-940523109E21}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD059514-D1DE-4442-B7BE-42E6296657E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCF36E96-127B-4260-BFD2-B59372E7F566}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D701B197-FF87-4FAD-B334-391CC4ED2277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E156E231-BEEB-4209-8DAA-E62E18E27A6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EBBBA682-4411-4874-89A4-E3DE3D93760C}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0DC64EB-3FD6-4268-BC5D-DD5E22E1930D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{F1C8C11D-79BB-4E18-B6C7-A06403DE60F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3675D95-97E2-4CB9-B3AC-7D1AD883F5EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4A9ADC1-DA90-43D2-978C-BE3EC627F54E}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8579BBF-B7A4-41C5-8783-D90FFBC31362}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC2B70D9-A0F8-4CCB-B903-C748FB88F749}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063434ED-83A4-4629-A81B-56D13E0A6B5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BB99DD3-BB65-4ED0-BF46-79FF5ECFB4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\dlcqaiox.exe |
"{0DF4B982-425A-4A0B-9AE6-FC1D01FF83AE}" = protocol=17 | dir=in | app=c:\windows\system32\dlcqcoms.exe |
"{10419409-FAB7-47FE-9F23-DA61508F19AD}" = protocol=6 | dir=in | app=c:\programdata\makulitsidwe\1.1.0.29\cozaghost.exe |
"{1D53724D-6C72-4D4E-8332-2163D4067AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtoolbar\ie\dtuser.exe |
"{1E08934A-FF4F-4945-930B-895B7E93B778}" = protocol=58 | dir=in | [email protected],-28545 |
"{20EF739A-C484-441B-BD62-0E420B14DCA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2284EB44-1E9C-4336-86EA-7666316BAD22}" = protocol=17 | dir=in | app=c:\programdata\makulitsidwe\1.1.0.29\cozaghost.exe |
"{234ACE43-7A5A-4F59-9945-83467D0D81B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24A9FBE7-E3F8-4354-8E9B-8C331FD1A6B5}" = protocol=1 | dir=out | [email protected],-28544 |
"{327089D3-F465-4BC2-8DD4-16B14F52834C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{34AE21D4-1948-41C7-9865-378F2FFDF829}" = protocol=58 | dir=in | app=system |
"{38535A3A-C4DA-4C7A-A015-AE4008EAC214}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\memcard.exe |
"{3E2DC534-69D8-4F69-AD9A-E0B8FECCECC1}" = protocol=58 | dir=out | [email protected],-503 |
"{445FF76F-EF5C-401B-BA1D-06B9E096E1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\dlcqmon.exe |
"{47A599E7-FD12-420A-8A69-20FED73C29AD}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{492A830D-2E63-4F30-A17D-83D34C407412}" = protocol=6 | dir=in | app=c:\programdata\makulitsidwe\1.1.0.29\cozaghost.exe |
"{4B09AE9F-DDB1-4FD7-9D98-09BD1A853A79}" = protocol=17 | dir=in | app=c:\programdata\makulitsidwe\1.1.0.29\cozaghost.exe |
"{4D637FD5-F576-498F-9B7D-2A4AEA3B56B4}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtoolbar\ie\dtuser.exe |
"{50782488-06A7-4FC6-BF87-B7A54AE135D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57CB25CB-6FE4-4ECA-983C-3872124D2C80}" = protocol=6 | dir=in | app=c:\windows\system32\dlcqcoms.exe |
"{586607DC-AB48-4618-8715-E4870BB767CB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\memcard.exe |
"{6D1B2BA8-5D39-4B96-801E-EB6DA98DE564}" = dir=in | app=c:\users\johnandsue\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
"{845EB74B-5084-4179-BD64-12A8E2D92FA9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B7BACD9-F7BE-415E-85F2-037E5355907D}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlcqcoms.exe |
"{99EF4D38-53BB-4F88-AC0A-497CD7582A47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A8D5055-ADCB-4563-91B3-30493172CA53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAD53AF-0492-42EA-8286-130A692ED768}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlcqcoms.exe |
"{9BF978ED-CFDA-4B0D-976B-C2EC834AD602}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EC7A04C-169E-4707-995C-DE17135396D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3BFC7B5-B82F-47EC-9B6D-9CB8F9B1F899}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3EBC8B3-FD4A-4469-AE0F-C76E65746197}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD0740B6-B3D9-4185-9F39-37CEEB0CEBD5}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{AE8CE257-BC3E-4BCD-A88C-AF779E3A6820}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{B1859F4A-9173-463E-9479-0D5B1ADE99A0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{B499DB8E-1D5B-4266-844E-11489C7C80EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B604E67A-0225-4890-8F87-ECD4C4590C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\dlcqaiox.exe |
"{B67863E0-D953-4D49-88F2-B0D70B84291C}" = dir=in | app=c:\users\johnandsue\appdata\local\torch\plugins\hola\hola_plugin.exe |
"{B9F3A4BD-C65A-4B1C-B951-D33E1048CB48}" = protocol=58 | dir=out | [email protected],-28546 |
"{BC3AF796-D5B8-4496-BFDD-FDBAF03AE68D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{BD125C3D-B161-42A6-85D1-2A3621578E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{C4F691D6-2208-4830-B5D7-DBF182B2D7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{D40DF84D-41F6-4698-93DF-3549EB4B2243}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D4612868-4649-49C0-8348-7498A38685AE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB07DA34-45E3-44C1-B2C2-B80468B0EB9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC560973-01DB-468B-B6B2-BE9055E8945D}" = protocol=6 | dir=out | app=system |
"{E8B32FBB-5F19-4851-9781-1B2BD119DC5D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{E93736BF-5846-41EF-9224-2FE857717448}" = dir=in | app=c:\programdata\makulitsidwe\1.1.0.29\cozaghost.exe |
"{E942655A-EB67-42B9-B0BF-748D4A409EE8}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{EA69B8AD-6C7C-45C1-B791-F8150CF13996}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FB2C5B-957A-4674-9A80-033EDF150493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6AE8A3A-DA36-4844-9D08-DD4ECDB19E29}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 966\dlcqmon.exe |
"{F76E8B00-3B26-4FC8-8B8F-F41423062B1B}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{F986455D-58AB-4577-A26C-E107C47166BD}" = dir=in | app=c:\users\johnandsue\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{FAA40BD8-9848-430C-B9A5-57F66124F472}" = protocol=1 | dir=in | [email protected],-28543 |
"{FADB0585-B368-48C8-B469-27097361CC7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC97308B-4249-4A57-A40E-7F102F952E46}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{FDB405CC-7A23-4FAA-8BE6-B2DEF5E791F8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{37A08B0D-1168-49E3-B2BD-933B83F36E92}" = ANT Drivers Installer x64
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = Web-Cake 3.00
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}" = Validity WBF DDK
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}" = HP Security Assistant
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 966" = Dell Photo AIO Printer 966
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"McAfee Security Scan" = McAfee Security Scan Plus
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187DA2A3-9687-4740-BD77-5ABB15BCDA8D}" = Garmin Express
"{194D74FC-B8AA-40E3-86C1-91977E0C1951}" = DIRECTV GenieGO
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}" = HP Software Framework
"{2289494D-48E6-40F0-ABE1-24F1FD5A84E5}" = Garmin Express Tray
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3C4BCD2A-8D3C-4663-9449-AB7B3AFD096F}" = Elevated Installer
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F524A2D-5350-4500-76A7-A758B70C1500}" = Search App by Ask
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74699736-87EB-49E7-8B71-7527A45C35C6}" = Garmin City Navigator North America NT 2015.20
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FBAD091-89F7-4C77-A224-15FF4423C7D2}" = RealDownloader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{97C97FAC-9153-409E-A9C8-A19AFABE7547}" = DriverUpdate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J835DW
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B288E426-9954-451C-B811-B0F234CF0EDD}" = HP Documentation
"{b43ffffb-1adc-4bcb-b277-7844ebff94da}" = Garmin Express
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ACF120-CD69-47F0-B202-9A4B95C436D8}" = ESU for Microsoft Windows 7 SP1
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D44E64-51EE-4888-A1FD-F13108B75A43}" = Garmin MapInstall
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"46E115E7-886C-5C45-B723-B395AD2B6BF9" = Idle Crawler
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"GeniusBox" = GeniusBox 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"NIS" = Norton Internet Security
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"RealPlayer 17.0" = RealPlayer Cloud
"The Weather Channel App" = The Weather Channel App
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09a0a5fd-a2db-46a8-9449-065ad5d1bec4" = Plants vs. Zombies - Game of the Year
"WTA-1652932b-4db6-41a2-add4-e425113403b1" = Final Drive Fury
"WTA-24129e49-5ae6-4690-a292-e9bd0f25ed49" = The Treasures of Mystery Island: The Ghost Ship
"WTA-3d5fbe3f-dcf2-4df6-b7aa-8290d2c44820" = Jewel Match 3
"WTA-420e4cb2-e84c-4f27-ba68-5775493307a4" = John Deere Drive Green
"WTA-57cdc6ac-4d29-4642-982d-4be376661af9" = RollerCoaster Tycoon 3: Platinum
"WTA-6301b706-eaf6-46b7-bf1c-c767e5d8a506" = Virtual Villagers 4 - The Tree of Life
"WTA-64a6fb9d-e704-4502-ab6f-ee517c326cb8" = Farmscapes
"WTA-68d09aab-f716-453b-afea-80f0202c4917" = FATE
"WTA-6a038175-a274-4e1f-946b-8352084502df" = Luxor HD
"WTA-73dc1fbe-6fc4-47f1-89ca-33b49897bbd4" = Mah Jong Medley
"WTA-751b6497-68c6-4852-ac4c-8ae65ca10849" = Letters from Nowhere 2
"WTA-7a95701c-0846-4f99-b330-8103dd49bcb4" = Farm Frenzy
"WTA-87a3dd0b-44b0-4e80-a669-6cf9e3c0e89b" = Hoyle Card Games
"WTA-8bf43373-fa6e-417a-aaa7-c84a6164d51d" = Chuzzle Deluxe
"WTA-8d9e06e4-2491-4d49-8978-adbb5f94156f" = Polar Golfer
"WTA-8dfe0026-6567-4922-bbc1-2f64cb3fa51d" = Cradle of Rome 2
"WTA-b983cff9-ca9e-4b3b-a862-15775711e5a1" = Bejeweled 3
"WTA-bdf5b161-2593-457c-8fd9-32d4981b7abd" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-c78334b9-4544-4340-b08b-5494522cb01b" = Torchlight
"WTA-d01fbe51-61c9-408c-90d3-940ae1c87745" = Poker Superstars III
"WTA-d5bafdf4-da9b-4343-9c6b-9d601608e61e" = Penguins!
"WTA-e073b377-ef40-4b9c-8d89-e60d493c2a5d" = Blackhawk Striker 2
"WTA-ef1e78d1-4e83-4632-907d-e8a8f00d6aba" = Dora's World Adventure
"WTA-f773293a-78a5-440a-ade3-07300b02d666" = Zuma's Revenge
"WTA-f9b3752d-f285-45ba-9c00-e434382bb83b" = Polar Bowler
"zoompic" = Zoompic
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{194D74FC-B8AA-40E3-86C1-91977E0C1951}" = DIRECTV GenieGO
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/11/2014 7:29:43 PM | Computer Name = 17INCH | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 6/11/2014 7:29:43 PM | Computer Name = 17INCH | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 6/12/2014 7:17:03 AM | Computer Name = 17INCH | Source = WinMgmt | ID = 10
Description =
 
Error - 6/12/2014 7:19:03 AM | Computer Name = 17INCH | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 6/12/2014 7:19:04 AM | Computer Name = 17INCH | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 6/12/2014 9:50:16 AM | Computer Name = 17INCH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{DE431304-8040-43D4-8419-A58E210A3894}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 6/13/2014 6:43:42 AM | Computer Name = 17INCH | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleUpdate.exe, version: 1.3.21.103,
time stamp: 0x4f3c6d6c  Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x000223e0  Faulting
 process id: 0x8c0c  Faulting application start time: 0x01cf86f35a4249e6  Faulting application
 path: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  Faulting module path:
 C:\Windows\SysWOW64\ntdll.dll  Report Id: 95a42222-f2e7-11e3-8ad1-a0b3cc5207b6
 
Error - 6/13/2014 6:46:43 AM | Computer Name = 17INCH | Source = System Restore | ID = 8193
Description =
 
Error - 6/13/2014 6:56:51 AM | Computer Name = 17INCH | Source = VSS | ID = 12289
Description =
 
Error - 6/13/2014 6:56:52 AM | Computer Name = 17INCH | Source = System Restore | ID = 8193
Description =
 
[ Media Center Events ]
Error - 4/27/2014 10:06:47 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 9:06:47 PM - Error connecting to the internet.  9:06:47 PM -     Unable
 to contact server.. 
 
Error - 4/27/2014 11:06:53 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 10:06:53 PM - Error connecting to the internet.  10:06:53 PM -     Unable
 to contact server.. 
 
Error - 4/28/2014 12:01:21 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 11:01:21 AM - Error connecting to the internet.  11:01:21 AM -     Unable
 to contact server.. 
 
Error - 4/28/2014 1:15:23 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 12:15:23 PM - Error connecting to the internet.  12:15:23 PM -     Unable
 to contact server.. 
 
Error - 4/28/2014 2:15:28 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 1:15:28 PM - Error connecting to the internet.  1:15:28 PM -     Unable
 to contact server.. 
 
Error - 6/4/2014 6:13:31 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 5:13:29 PM - Error connecting to the internet.  5:13:29 PM -     Unable
 to contact server.. 
 
Error - 6/11/2014 6:53:38 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 5:53:38 PM - Error connecting to the internet.  5:53:38 PM -     Unable
 to contact server.. 
 
Error - 6/11/2014 6:53:48 PM | Computer Name = 17INCH | Source = MCUpdate | ID = 0
Description = 5:53:43 PM - Error connecting to the internet.  5:53:43 PM -     Unable
 to contact server.. 
 
[ OAlerts Events ]
Error - 12/21/2014 11:45:55 PM | Computer Name = 17INCH | Source = Microsoft Office 15 Alerts | ID = 300
Description = New App for Office This app comes from the Office Store. If you trust
 it, it will have access to the contents of any documents where this app is included.
 See more. P1: Apps for Office P2: 15.0.4673.1000 P3: 0x80042FAC P4: 
 
[ System Events ]
Error - 1/20/2015 10:19:17 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HPWMISVC service.
 
Error - 1/20/2015 10:20:02 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7000
Description = The globalUpdate Update Service (globalUpdate) service failed to start
 due to the following error:   %%2
 
Error - 1/21/2015 7:35:36 PM | Computer Name = 17INCH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:17 PM on ?1/?20/?2015 was unexpected.
 
Error - 1/21/2015 7:36:33 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the cozaghost
 service to connect.
 
Error - 1/21/2015 7:36:33 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7000
Description = The cozaghost service failed to start due to the following error:
  %%1053
 
Error - 1/21/2015 7:37:31 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the cozaghost
 service to connect.
 
Error - 1/21/2015 7:37:31 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7000
Description = The cozaghost service failed to start due to the following error:
  %%1053
 
Error - 1/21/2015 7:38:55 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7000
Description = The globalUpdate Update Service (globalUpdate) service failed to start
 due to the following error:   %%2
 
Error - 1/21/2015 7:55:21 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7034
Description = The cozwdhost service terminated unexpectedly.  It has done this 1
 time(s).
 
Error - 1/21/2015 7:55:21 PM | Computer Name = 17INCH | Source = Service Control Manager | ID = 7034
Description = The cozaghost service terminated unexpectedly.  It has done this 1
 time(s).
 
 
< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
     
    Ron

    • 0

    #3
    rockitout

    rockitout

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 140 posts
    # AdwCleaner v4.108 - Report created 21/01/2015 at 22:59:09
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-18.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : JOHNANDSUE - 17INCH
    # Running from : C:\Users\JOHNANDSUE\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : APNMCP
    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    Service Deleted : torchcrashhandler

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\ProgramData\Babylon
    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\DataMngr
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
    Folder Deleted : C:\ProgramData\4e10650d0000700e
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\predm
    Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Temp\mt_ffx
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\AskPartnerNetwork
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Conduit
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\DefineExt
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\ilividmoviestoolbardla
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\onlysearch
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\torch
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\BoBrowser
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\GeniusBox
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\LocalLow\ilividmoviestoolbardla
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\AnyProtectEx
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Delta
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Tepfel
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    Folder Deleted : C:\Users\JOHNANDSUE\Documents\Optimizer Pro
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
    Folder Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    File Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\eBay.lnk
    File Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
    File Deleted : C:\Users\JOHNANDSUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    File Deleted : C:\Users\JOHNANDSUE\Desktop\Continue Live Installation.lnk
    File Deleted : C:\Users\JOHNANDSUE\Desktop\Torch.lnk
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
    File Deleted : C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : APSnotifierPP1
    Task Deleted : APSnotifierPP2
    Task Deleted : APSnotifierPP3
    Task Deleted : driverupdate startup
    Task Deleted : EPUpdater
    Task Deleted : globalUpdateUpdateTaskMachineCore
    Task Deleted : globalUpdateUpdateTaskMachineUA
    Task Deleted : LaunchApp
    Task Deleted : Run_Bobby_Browser
    Task Deleted : ProPCCleaner_Start
    Task Deleted : ProPCCleaner_Popup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
    Key Deleted : HKCU\Software\Classes\keepmysearch
    Key Deleted : HKCU\Software\eeded8b33bb848
    Key Deleted : HKLM\SOFTWARE\eeded8b33bb848
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CDDD6C6D-8EC6-4E73-A6C8-7003E9F529DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\AnyProtect
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\BABSOLUTION
    Key Deleted : HKCU\Software\DataMngr
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\ilividmoviestoolbardla
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Search Extensions
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\TutoTag
    Key Deleted : HKCU\Software\BoBrowser
    Key Deleted : HKCU\Software\Define Ext
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Delta
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\torch
    Key Deleted : HKLM\SOFTWARE\Tutorials
    Key Deleted : HKLM\SOFTWARE\Clara
    Key Deleted : HKLM\SOFTWARE\Define Ext
    Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v

    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=A0oG7o7BssVSQVoAjHwPxQt.;_ylc=X1MDMjExNDcwMDU1OQRfcgMyBGJjawMwM2k5NWdsOHVsYmlhJTI2YiUzRDQlMjZkJTNEQTJBSXhVcHJZSDFEeFBiUHJXRFZWUzh5OS5CN3QzZ0ZkU3cwZHguTDFjN0dvUS0tJTI2cyUzRHRrBGNzcmNwdmlkA1dpTWE2VW9HN3Z3QnlTV0ZVZXF1U2d6bmJFVld0VkxGc3NFQUJkdlkEZnIDBGZyMgNzYS1ncARncHJpZAMuUEZmdmZ6RFROTzNiM2RtUFpEcmpBBG10ZXN0aWQDbnVsbARuX3JzbHQDMTAEbl9zdWdnAzQEb3JpZ2luA3VzLnloczQuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMgRwcXN0cgM0MXN0IGFsZGVybWFuBHBxc3RybAMxMwRxc3RybAMyMQRxdWVyeQM0MXN0IGFsZGVybWFuIGNoaWNhZ28EdF9zdG1wAzEzODg2ODgwODQ3MjAEdnRlc3RpZANudWxs?p={searchTerms}&fr2=sb-top&hspart=btbar&hsimp=yhs-002&type=br112dm35ts555af119351
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=E80124FD52CBA0C7&affID=119351&tt=070813_wc2&tsp=4971
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=E80124FD52CBA0C7&affID=119351&tt=070813_wc2&tsp=4971
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=795&systemid=406&v=a13251-116&apn_uid=5205022025004032&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=58&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&q={searchTerms}&SSPV=
    [C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=58&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&q={searchTerms}&SSPV=

    *************************

    AdwCleaner[R0].txt - [27280 octets] - [21/01/2015 22:55:10]
    AdwCleaner[S0].txt - [25355 octets] - [21/01/2015 22:59:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25416 octets] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by JOHNANDSUE on Wed 01/21/2015 at 23:12:17.35
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\DRIVERUPDATE.EXE-4FF082B7.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\JOHNANDSUE\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\JOHNANDSUE\appdata\local\pro_pc_cleaner"
    Successfully deleted: [Folder] "C:\Users\JOHNANDSUE\documents\propccleaner"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/21/2015 at 23:14:18.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by JOHNANDSUE (administrator) on 17INCH on 21-01-2015 23:15:56
    Running from C:\Users\JOHNANDSUE\Desktop
    Loaded Profiles: JOHNANDSUE (Available profiles: JOHNANDSUE)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    ( ) C:\Windows\System32\dlcqcoms.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
    () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    (The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-08-30] (IDT, Inc.)
    HKLM\...\Run: [dlcqmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
    HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
    HKLM\...\Run: [DLCQCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCQtime.dll,RunDLLEntry
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2013-07-19] (cyberlink)
    HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
    HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Dell PC Fax\fm3032.exe [312560 2007-06-29] ()
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-15] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [gmsd_us_108] => [X]
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\RunOnce: [Uninstall C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64"
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\MountPoints2: {3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\MountPoints2: {d7b38302-6822-11e4-a661-a0b3cc5207b6} - G:\VZAccess_Manager.exe /z detect
    AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
    AppInit_DLLs-x32: c:\program files => c:\program files [0 2014-08-13] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-4100955786-2800544736-253032312-1000] => http=127.0.0.1:49166;https=127.0.0.1:49166
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....n.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM-x32 -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...s={searchTerms}
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-21]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-15]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-13]
    FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=55&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=55&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&SSPV="
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultNewTabURL: Default -> https://www.trovi.co...718BF8&SAT=CNTS
    CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Profile: C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (Google Wallet) - C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
    R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [566152 2006-12-12] ( )
    R2 dlcq_device; C:\Windows\SysWOW64\dlcqcoms.exe [537480 2006-12-12] ( )
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-15] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
    S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
    R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-31] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 23:15 - 2015-01-21 23:16 - 00033230 _____ () C:\Users\JOHNANDSUE\Desktop\FRST.txt
    2015-01-21 23:15 - 2015-01-21 23:15 - 00000000 ____D () C:\FRST
    2015-01-21 23:14 - 2015-01-21 23:14 - 00001064 _____ () C:\Users\JOHNANDSUE\Desktop\JRT.txt
    2015-01-21 23:12 - 2015-01-21 23:12 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-21 23:11 - 2015-01-21 23:11 - 01707939 _____ (Thisisu) C:\Users\JOHNANDSUE\Desktop\JRT.exe
    2015-01-21 23:09 - 2015-01-21 23:09 - 02126848 _____ (Farbar) C:\Users\JOHNANDSUE\Desktop\FRST64.exe
    2015-01-21 23:07 - 2015-01-21 23:11 - 00000671 _____ () C:\Users\JOHNANDSUE\Desktop\Accidently clicked on popup that said my computer needs fixed. Now fu - Virus, Spyware, Malware Removal.website
    2015-01-21 23:03 - 2015-01-21 23:03 - 00025545 _____ () C:\Users\JOHNANDSUE\Desktop\AdwCleaner[S0].txt
    2015-01-21 22:53 - 2015-01-21 22:53 - 02186752 _____ () C:\Users\JOHNANDSUE\Desktop\AdwCleaner.exe
    2015-01-21 22:52 - 2015-01-21 22:59 - 00000000 ____D () C:\AdwCleaner
    2015-01-21 17:56 - 2015-01-21 17:56 - 00074476 _____ () C:\Users\JOHNANDSUE\Desktop\Extras.Txt
    2015-01-21 17:55 - 2015-01-21 17:55 - 00161964 _____ () C:\Users\JOHNANDSUE\Desktop\OTL.Txt
    2015-01-21 17:47 - 2015-01-21 17:47 - 00602112 _____ (OldTimer Tools) C:\Users\JOHNANDSUE\Desktop\OTL.exe
    2015-01-20 15:54 - 2015-01-20 15:55 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\46E115E7-886C-5C45-B723-B395AD2B6BF9
    2015-01-20 15:54 - 2015-01-20 15:54 - 00000000 ____D () C:\Program Files (x86)\download Manager
    2015-01-20 15:11 - 2015-01-20 15:11 - 01664617 _____ () C:\Windows\shost.bin
    2015-01-18 13:09 - 2015-01-18 13:09 - 00001544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    2015-01-18 13:09 - 2015-01-18 13:09 - 00001532 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2015-01-18 12:20 - 2015-01-18 12:20 - 00613057 _____ (CMI Limited) C:\Users\JOHNANDSUE\AppData\Local\nsa67C5.tmp
    2015-01-18 12:20 - 2015-01-18 12:20 - 00002010 _____ () C:\Windows\patsearch.bin
    2015-01-18 12:20 - 2015-01-18 12:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
    2015-01-18 12:06 - 2015-01-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
    2015-01-18 12:06 - 2015-01-18 12:06 - 00058765 _____ () C:\Users\JOHNANDSUE\Desktop\PlayerStubWrapper1.exe
    2015-01-18 12:06 - 2015-01-18 12:06 - 00004508 _____ () C:\Windows\System32\Tasks\Validate Installation
    2015-01-18 12:06 - 2015-01-18 12:06 - 00004302 _____ () C:\Windows\System32\Tasks\Check Updates
    2015-01-18 12:06 - 2015-01-18 12:06 - 00003886 _____ () C:\Windows\System32\Tasks\GeniusBox
    2015-01-18 12:06 - 2015-01-18 12:06 - 00000064 _____ () C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b
    2015-01-18 12:04 - 2015-01-18 12:04 - 00000000 ____D () C:\ProgramData\makulitsidwe
    2015-01-18 11:27 - 2015-01-21 23:04 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 17INCH-JOHNANDSUE 17INCH
    2015-01-15 14:06 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-15 14:06 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-15 14:06 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-15 14:06 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-15 14:06 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-15 14:06 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-15 14:06 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-15 14:06 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-15 14:06 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-15 14:06 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-15 14:06 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-15 14:06 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-15 14:06 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-12-29 18:02 - 2014-12-29 18:02 - 00001242 _____ () C:\Users\JOHNANDSUE\Desktop\Paint.lnk
    2014-12-29 17:30 - 2014-12-29 17:30 - 00036575 _____ () C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
    2014-12-29 17:28 - 2014-12-29 17:28 - 00067091 _____ () C:\Users\JOHNANDSUE\Desktop\yahoo_contacts.csv
    2014-12-25 11:40 - 2014-12-25 11:40 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 23:14 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 23:14 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-21 23:05 - 2013-07-18 15:59 - 01858943 _____ () C:\Windows\WindowsUpdate.log
    2015-01-21 23:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-21 23:02 - 2013-07-18 18:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-21 23:01 - 2010-11-20 21:47 - 00354824 _____ () C:\Windows\PFRO.log
    2015-01-21 23:01 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-21 23:01 - 2009-07-13 22:51 - 00088145 _____ () C:\Windows\setupact.log
    2015-01-21 22:51 - 2013-07-18 18:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-21 22:46 - 2013-07-18 18:45 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2015-01-21 17:46 - 2014-06-19 08:05 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\Adobe
    2015-01-21 17:45 - 2013-05-21 16:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-21 17:43 - 2013-07-18 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9518268F-47A7-4DA6-A4B3-BB2271FBAD11}
    2015-01-20 20:26 - 2014-12-21 11:39 - 00000000 ____D () C:\Users\JOHNANDSUE\Documents\Outlook Files
    2015-01-20 19:38 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-20 19:37 - 2013-07-28 07:09 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJOHNANDSUE
    2015-01-20 19:37 - 2013-07-28 07:09 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJOHNANDSUE.job
    2015-01-20 16:15 - 2013-05-21 17:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-01-20 15:32 - 2013-07-18 08:57 - 00000000 ____D () C:\Users\JOHNANDSUE
    2015-01-20 15:32 - 2013-07-10 21:50 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-01-20 15:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2015-01-18 13:13 - 2013-07-23 05:55 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\CrashDumps
    2015-01-18 13:09 - 2013-07-19 06:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-17 16:15 - 2014-06-01 14:47 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4100955786-2800544736-253032312-1000
    2015-01-17 16:15 - 2014-06-01 14:47 - 00003244 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4100955786-2800544736-253032312-1000
    2015-01-16 19:04 - 2013-08-10 11:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-16 19:04 - 2013-07-19 18:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-15 22:32 - 2013-08-15 02:28 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 22:28 - 2013-07-28 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-15 14:45 - 2013-05-21 16:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-15 14:45 - 2013-05-21 16:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-15 14:45 - 2013-05-21 16:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-15 13:59 - 2014-01-09 08:11 - 00000000 ____D () C:\Program Files\Dl_cats
    2015-01-08 09:55 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-22 09:37 - 2014-10-05 13:20 - 00000848 _____ () C:\Windows\Brpfx04a.ini
    2014-12-22 09:33 - 2014-10-08 16:47 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Roaming\PC-FAX TX

    ==================== Files in the root of some directories =======
    2014-11-14 06:48 - 2014-11-14 06:48 - 6000640 _____ () C:\Program Files (x86)\GUTEB87.tmp
    2014-12-29 17:30 - 2014-12-29 17:30 - 0036575 _____ () C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions Handlers
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Font Book
    2015-01-18 12:06 - 2015-01-18 12:06 - 0000064 _____ () C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b
    2015-01-18 12:20 - 2015-01-18 12:20 - 0613057 _____ (CMI Limited) C:\Users\JOHNANDSUE\AppData\Local\nsa67C5.tmp
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Framework
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Frameworks
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Fruit
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Guitars
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Halftone
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Helper Scripts
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2013-12-20 15:42 - 2014-11-09 14:09 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2013-12-20 15:42 - 2014-05-23 04:55 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

    Some content of TEMP:
    ====================
    C:\Users\JOHNANDSUE\AppData\Local\Temp\amisetup7210__11003.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\APNSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DC8AC956-E6A6-3026-B7CE-75F75E785190.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Delta.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DeltaTB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\eject.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Extract.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\lowproc.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\mconduitinstaller.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nskC2E5.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nslC8E1.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq6165.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq9054.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsqBD69.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\oi_{38B25121-4742-4087-94A4-9C86BFEC9E93}.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\optprosetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\playerfile.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\propsys.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Quarantine.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\readSTILog.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Resource.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\rnsetup0.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Runner.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\setup32.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56750.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56904.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56929.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57698.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57966.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp58915.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP60051.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP61037.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP62991.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP63801.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp64126.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sqlite3.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\stubhelper.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\tbKeyB.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\The_Weather_Channel_Application.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\ToolbarHelper.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\WSSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-15 15:24

    ==================== End Of Log ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by JOHNANDSUE at 2015-01-21 23:16:41
    Running from C:\Users\JOHNANDSUE\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell PC Fax (HKLM\...\Dell PC Fax) (Version: - )
    Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version: - Dell, Inc.)
    DIRECTV GenieGO (HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\InstallShield_{194D74FC-B8AA-40E3-86C1-91977E0C1951}) (Version: 2.0.0.44 - DIRECTV, LLC)
    DIRECTV GenieGO (x32 Version: 2.0.0.44 - DIRECTV, LLC) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DriverUpdate (HKLM-x32\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{B288E426-9954-451C-B811-B0F234CF0EDD}) (Version: 1.3.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21096.0 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    Idle Crawler (HKLM-x32\...\46E115E7-886C-5C45-B723-B395AD2B6BF9) (Version: 125.0.0.472 - EUROHAUTE LTD) <==== ATTENTION
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Print to Fax (HKLM-x32\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
    ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Zoompic (HKLM-x32\...\zoompic) (Version: 1.1.0.29 - Zoompic) <==== ATTENTION!
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    21-12-2014 22:20:09 Installed Java 7 Update 71
    30-12-2014 13:00:53 Scheduled Checkpoint
    06-01-2015 14:05:31 Scheduled Checkpoint
    15-01-2015 15:31:00 Scheduled Checkpoint
    15-01-2015 22:28:39 Windows Update
    20-01-2015 15:15:36 Windows Update
    20-01-2015 15:28:22 Restore Operation
    20-01-2015 15:52:22 Windows Defender Checkpoint
    20-01-2015 16:35:17 Removed Java 7 Update 71
    21-01-2015 17:55:05 Windows Defender Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0405DD7F-EE13-4271-8D03-8C8CC80F1625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {27369880-7723-41A5-AF7A-99BFCD82DF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
    Task: {3273F6ED-AB7B-4133-9F6D-6802FE4AEC4A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {4E6250FA-83ED-4056-A3D8-F5D698DDA7FB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for 17INCH-JOHNANDSUE 17INCH => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-21] (Microsoft Corporation)
    Task: {50BAD618-2F2F-41F5-A72E-3B1ABFA49688} - System32\Tasks\Check Updates => C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\updater.exe
    Task: {53B92A62-4A7E-4CB6-AB66-F83C763D8BDB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {53F2DF91-D8F5-45F4-9BBF-D6E81FD98624} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
    Task: {57E32F2D-A5B1-425A-B95C-5627BCD41F12} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {58F980E0-651A-4AD7-93B0-0C2DA2F88C22} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {607170FC-1AE8-4A62-A952-D410BBE48D75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {60EE5364-56AB-4CF2-B598-1C340546F4EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-21] (Microsoft Corporation)
    Task: {6D8ABCAA-545E-4874-B880-E86E52D4D900} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {6E5EC71D-2780-41A9-903E-788BC7388287} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {6F733CFD-E633-4075-8183-894F92282E31} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4100955786-2800544736-253032312-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {7A705710-E40D-46BE-B3AD-D43966A68A2C} - System32\Tasks\Test TimeTrigger => C:\Users\JOHNANDSUE\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
    Task: {896DDACF-92B7-422C-AA3C-3399ED875396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
    Task: {8AAC9672-13FA-480F-84AC-95501DF16BD4} - System32\Tasks\{ABD7DBCA-CABF-4D5D-B5F2-EF22E1A4D63F} => pcalua.exe -a C:\Users\JOHNANDSUE\Downloads\F-AW110-V11W.exe -d C:\Users\JOHNANDSUE\Downloads
    Task: {974D2EF4-4FFC-4C32-8C43-14E83C2CFD45} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {9B80E84C-7E63-427C-A3EB-84DC1DA05DD9} - System32\Tasks\AdobeAAMUpdater-1.0-17INCH-JOHNANDSUE => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {A361A2ED-F823-4228-BF39-8E37AA3337F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BEE66D07-81A3-49DE-9604-F03BAB3DF01E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
    Task: {D833E1FE-F69C-4575-A67D-E25BB961BBD5} - System32\Tasks\HPCeeScheduleForJOHNANDSUE => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {D8510623-DDB9-4434-95DE-54FA583708AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {D9955391-C539-45A6-94F4-926865E99D99} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4100955786-2800544736-253032312-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {DD954D8A-5F30-4C12-9140-800899754AB9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {E042A0F1-2330-41A5-9084-20029B71A87B} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\client.exe"
    Task: {E7426D0A-039D-4031-AEDD-FB5FCAE7A001} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {FF449C18-EC4A-4863-952A-DAFEC102434D} - System32\Tasks\Validate Installation => C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\updater.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJOHNANDSUE.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-09 08:08 - 2006-10-06 06:27 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
    2014-01-09 08:08 - 2006-10-06 06:24 - 00016384 _____ () C:\Program Files (x86)\Dell PC Fax\DlCtrStr.dll
    2014-01-09 08:08 - 2006-10-06 06:24 - 00081408 _____ () C:\Program Files (x86)\Dell PC Fax\ipcmt64.dll
    2014-01-09 08:11 - 2006-10-19 23:39 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcqdrpp.dll
    2014-03-21 12:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-07-10 20:59 - 2011-12-16 14:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2013-07-10 20:59 - 2012-01-18 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-01-09 08:09 - 2007-06-29 09:47 - 00292080 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
    2014-01-09 08:09 - 2007-06-29 09:48 - 00304368 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    2014-11-20 13:42 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-06-25 16:41 - 2014-09-15 12:00 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2014-11-20 13:34 - 2014-11-20 13:34 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-01-09 08:09 - 2006-08-08 13:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll
    2014-01-09 08:09 - 2006-09-06 04:12 - 00077824 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqcfg.dll
    2014-01-09 08:09 - 2006-06-09 00:39 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll
    2014-10-05 13:17 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2014-10-17 07:45 - 2014-10-17 07:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
    2013-07-10 21:04 - 2011-11-29 22:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2013-07-10 20:59 - 2011-12-16 12:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-4100955786-2800544736-253032312-500 - Administrator - Disabled)
    Guest (S-1-5-21-4100955786-2800544736-253032312-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4100955786-2800544736-253032312-1002 - Limited - Enabled)
    JOHNANDSUE (S-1-5-21-4100955786-2800544736-253032312-1000 - Administrator - Enabled) => C:\Users\JOHNANDSUE

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8087.31 MB
    Available physical RAM: 6000.26 MB
    Total Pagefile: 16172.8 MB
    Available Pagefile: 13914.41 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:910.15 GB) (Free:815.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery) (Fixed) (Total:21.07 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFB2BDF9)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=910.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

    ==================== End Of Log ============================
    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.
     
    If FRST does not reboot your PC, please do so at this time.
     
     
     Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Are you still getting popups?
     
    (Bedtime for me)

     


    • 0

    #5
    rockitout

    rockitout

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 140 posts

    I ran the scan/fixes.  The logs are below.  Afterwards I browsed the internet for a little bit and am not experiencing any popups.

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by JOHNANDSUE at 2015-01-22 06:54:44 Run:1
    Running from C:\Users\JOHNANDSUE\Desktop
    Loaded Profiles: JOHNANDSUE (Available profiles: JOHNANDSUE)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [gmsd_us_108] => [X]
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\MountPoints2: {3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\MountPoints2: {d7b38302-6822-11e4-a661-a0b3cc5207b6} - G:\VZAccess_Manager.exe /z detect
    AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
    AppInit_DLLs-x32: c:\program files => c:\program files [0 2014-08-13] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ProxyServer: [S-1-5-21-4100955786-2800544736-253032312-1000] => http=127.0.0.1:49166;https=127.0.0.1:49166
    earchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    2014-11-14 06:48 - 2014-11-14 06:48 - 6000640 _____ () C:\Program Files (x86)\GUTEB87.tmp
    2015-01-18 12:06 - 2015-01-18 12:06 - 0000064 _____ () C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b
    2015-01-18 12:20 - 2015-01-18 12:20 - 0613057 _____ (CMI Limited) C:\Users\JOHNANDSUE\AppData\Local\nsa67C5.tmp
    C:\Users\JOHNANDSUE\AppData\Local\Temp\amisetup7210__11003.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\APNSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DC8AC956-E6A6-3026-B7CE-75F75E785190.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Delta.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DeltaTB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\eject.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Extract.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\lowproc.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\mconduitinstaller.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nskC2E5.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nslC8E1.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq6165.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq9054.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsqBD69.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\oi_{38B25121-4742-4087-94A4-9C86BFEC9E93}.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\optprosetup.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\playerfile.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\propsys.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Quarantine.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\readSTILog.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Resource.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\rnsetup0.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Runner.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\setup32.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56750.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56904.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56929.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57698.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57966.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp58915.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP60051.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP61037.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP62991.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP63801.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp64126.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sqlite3.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\stubhelper.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\tbKeyB.dll
    C:\Users\JOHNANDSUE\AppData\Local\Temp\The_Weather_Channel_Application.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\ToolbarHelper.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\JOHNANDSUE\AppData\Local\Temp\WSSetup.exe
    Task: {50BAD618-2F2F-41F5-A72E-3B1ABFA49688} - System32\Tasks\Check Updates => C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\updater.exe
    Task: {7A705710-E40D-46BE-B3AD-D43966A68A2C} - System32\Tasks\Test TimeTrigger => C:\Users\JOHNANDSUE\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
    Task: {E042A0F1-2330-41A5-9084-20029B71A87B} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\client.exe"
    Task: {FF449C18-EC4A-4863-952A-DAFEC102434D} - System32\Tasks\Validate Installation => C:\Users\JOHNANDSUE\AppData\Local\GeniusBox\updater.exe
    C:\ProgramData\makulitsidwe
    C:\Users\JOHNANDSUE\AppData\Local\GeniusBox
    CMD: sc delete cozaghost
    CMD: sc delete cozwdhost
    CMD: sc delete McComponentHostService

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_108 => value deleted successfully.
    "HKU\S-1-5-21-4100955786-2800544736-253032312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6}" => Key deleted successfully.
    HKCR\CLSID\{3e71dae9-17f6-11e4-8f7a-a0b3cc5207b6} => Key not found.
    "HKU\S-1-5-21-4100955786-2800544736-253032312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7b38302-6822-11e4-a661-a0b3cc5207b6}" => Key deleted successfully.
    HKCR\CLSID\{d7b38302-6822-11e4-a661-a0b3cc5207b6} => Key not found.
    "C:\Program Files Files" => Value Data not found.
    "c:\program files" => Value Data removed successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    earchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    C:\Program Files (x86)\GUTEB87.tmp => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\cb481826a498f3ce241c8f1e6666b81b => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\nsa67C5.tmp => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\amisetup7210__11003.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\APNSetup.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DC8AC956-E6A6-3026-B7CE-75F75E785190.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Delta.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\E1246211-E4A1-C8D7-5281-66618C7846FB.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\eject.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Extract.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\lowproc.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nskC2E5.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nslC8E1.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq6165.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsq9054.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\nsqBD69.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\oi_{38B25121-4742-4087-94A4-9C86BFEC9E93}.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\optprosetup.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\playerfile.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\propsys.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\readSTILog.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Resource.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\rnsetup0.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\Runner.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\setup32.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56750.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56904.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP56929.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57698.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP57966.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp58915.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP60051.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP61037.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP62991.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\SP63801.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sp64126.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\stubhelper.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\tbKeyB.dll => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\ToolbarHelper.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
    C:\Users\JOHNANDSUE\AppData\Local\Temp\WSSetup.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50BAD618-2F2F-41F5-A72E-3B1ABFA49688}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50BAD618-2F2F-41F5-A72E-3B1ABFA49688}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Check Updates => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A705710-E40D-46BE-B3AD-D43966A68A2C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A705710-E40D-46BE-B3AD-D43966A68A2C}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E042A0F1-2330-41A5-9084-20029B71A87B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E042A0F1-2330-41A5-9084-20029B71A87B}" => Key deleted successfully.
    C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF449C18-EC4A-4863-952A-DAFEC102434D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF449C18-EC4A-4863-952A-DAFEC102434D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
    C:\ProgramData\makulitsidwe => Moved successfully.
    "C:\Users\JOHNANDSUE\AppData\Local\GeniusBox" => File/Directory not found.

    =========  sc delete cozaghost =========

    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.

    ========= End of CMD: =========

    =========  sc delete cozwdhost =========

    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.

    ========= End of CMD: =========

    =========  sc delete McComponentHostService =========

    [SC] DeleteService SUCCESS

    ========= End of CMD: =========

    ==== End of Fixlog 06:54:49 ====

     

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by JOHNANDSUE (administrator) on 17INCH on 22-01-2015 06:59:32
    Running from C:\Users\JOHNANDSUE\Desktop
    Loaded Profiles: JOHNANDSUE (Available profiles: JOHNANDSUE)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    ( ) C:\Windows\System32\dlcqcoms.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
    () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-08-30] (IDT, Inc.)
    HKLM\...\Run: [dlcqmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
    HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
    HKLM\...\Run: [DLCQCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCQtime.dll,RunDLLEntry
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2013-07-19] (cyberlink)
    HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
    HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Dell PC Fax\fm3032.exe [312560 2007-06-29] ()
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-15] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\RunOnce: [Uninstall C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64"
    AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....n.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....&pvid=21.5.0.19
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-4100955786-2800544736-253032312-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKLM -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...ds={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKLM-x32 -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...ds={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> {F002A842-FF7A-42C9-A0F5-96D88886FE62} URL = http://www.amazon.co...ds={searchTerms}
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-4100955786-2800544736-253032312-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-22]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-15]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-13]
    FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=55&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M7F529BD5-B4F4-403A-B0DE-A4C0885B03BD&SearchSource=55&CUI=&UM=8&UP=SP1B2D1867-CE6E-46D5-8D79-44FCD7718BF8&SSPV="
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultNewTabURL: Default -> https://www.trovi.co...718BF8&SAT=CNTS
    CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Profile: C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (Google Wallet) - C:\Users\JOHNANDSUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
    R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [566152 2006-12-12] ( )
    R2 dlcq_device; C:\Windows\SysWOW64\dlcqcoms.exe [537480 2006-12-12] ( )
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-15] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141017.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
    S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
    R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-31] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-21 23:16 - 2015-01-21 23:16 - 00029139 _____ () C:\Users\JOHNANDSUE\Desktop\Addition.txt
    2015-01-21 23:15 - 2015-01-22 07:00 - 00031884 _____ () C:\Users\JOHNANDSUE\Desktop\FRST.txt
    2015-01-21 23:15 - 2015-01-22 06:59 - 00000000 ____D () C:\FRST
    2015-01-21 23:14 - 2015-01-21 23:14 - 00001064 _____ () C:\Users\JOHNANDSUE\Desktop\JRT.txt
    2015-01-21 23:12 - 2015-01-21 23:12 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-21 23:11 - 2015-01-21 23:11 - 01707939 _____ (Thisisu) C:\Users\JOHNANDSUE\Desktop\JRT.exe
    2015-01-21 23:09 - 2015-01-21 23:09 - 02126848 _____ (Farbar) C:\Users\JOHNANDSUE\Desktop\FRST64.exe
    2015-01-21 23:07 - 2015-01-22 06:53 - 00000671 _____ () C:\Users\JOHNANDSUE\Desktop\Accidently clicked on popup that said my computer needs fixed. Now fu - Virus, Spyware, Malware Removal.website
    2015-01-21 23:03 - 2015-01-21 23:03 - 00025545 _____ () C:\Users\JOHNANDSUE\Desktop\AdwCleaner[S0].txt
    2015-01-21 22:53 - 2015-01-21 22:53 - 02186752 _____ () C:\Users\JOHNANDSUE\Desktop\AdwCleaner.exe
    2015-01-21 22:52 - 2015-01-21 22:59 - 00000000 ____D () C:\AdwCleaner
    2015-01-21 17:56 - 2015-01-21 17:56 - 00074476 _____ () C:\Users\JOHNANDSUE\Desktop\Extras.Txt
    2015-01-21 17:55 - 2015-01-21 17:55 - 00161964 _____ () C:\Users\JOHNANDSUE\Desktop\OTL.Txt
    2015-01-21 17:47 - 2015-01-21 17:47 - 00602112 _____ (OldTimer Tools) C:\Users\JOHNANDSUE\Desktop\OTL.exe
    2015-01-20 15:54 - 2015-01-20 15:55 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\46E115E7-886C-5C45-B723-B395AD2B6BF9
    2015-01-20 15:54 - 2015-01-20 15:54 - 00000000 ____D () C:\Program Files (x86)\download Manager
    2015-01-20 15:11 - 2015-01-20 15:11 - 01664617 _____ () C:\Windows\shost.bin
    2015-01-18 13:09 - 2015-01-18 13:09 - 00001544 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    2015-01-18 13:09 - 2015-01-18 13:09 - 00001532 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2015-01-18 12:20 - 2015-01-18 12:20 - 00002010 _____ () C:\Windows\patsearch.bin
    2015-01-18 12:20 - 2015-01-18 12:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
    2015-01-18 12:06 - 2015-01-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
    2015-01-18 12:06 - 2015-01-18 12:06 - 00058765 _____ () C:\Users\JOHNANDSUE\Desktop\PlayerStubWrapper1.exe
    2015-01-18 11:27 - 2015-01-22 06:58 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 17INCH-JOHNANDSUE 17INCH
    2015-01-15 14:06 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-15 14:06 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-15 14:06 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-15 14:06 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-15 14:06 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-15 14:06 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-15 14:06 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-15 14:06 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-15 14:06 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-15 14:06 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-15 14:06 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-15 14:06 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-15 14:06 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-12-29 18:02 - 2014-12-29 18:02 - 00001242 _____ () C:\Users\JOHNANDSUE\Desktop\Paint.lnk
    2014-12-29 17:30 - 2014-12-29 17:30 - 00036575 _____ () C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
    2014-12-29 17:28 - 2014-12-29 17:28 - 00067091 _____ () C:\Users\JOHNANDSUE\Desktop\yahoo_contacts.csv
    2014-12-25 11:40 - 2014-12-25 11:40 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-22 06:58 - 2014-06-01 14:47 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4100955786-2800544736-253032312-1000
    2015-01-22 06:58 - 2014-06-01 14:47 - 00003244 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4100955786-2800544736-253032312-1000
    2015-01-22 06:57 - 2013-07-18 18:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-22 06:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-22 06:56 - 2009-07-13 22:51 - 00088257 _____ () C:\Windows\setupact.log
    2015-01-22 06:55 - 2013-07-18 15:59 - 01867760 _____ () C:\Windows\WindowsUpdate.log
    2015-01-22 06:55 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 06:55 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 06:51 - 2013-07-18 18:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-21 23:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-21 23:01 - 2010-11-20 21:47 - 00354824 _____ () C:\Windows\PFRO.log
    2015-01-21 22:46 - 2013-07-18 18:45 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2015-01-21 17:46 - 2014-06-19 08:05 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\Adobe
    2015-01-21 17:45 - 2013-05-21 16:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-21 17:43 - 2013-07-18 09:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9518268F-47A7-4DA6-A4B3-BB2271FBAD11}
    2015-01-20 20:26 - 2014-12-21 11:39 - 00000000 ____D () C:\Users\JOHNANDSUE\Documents\Outlook Files
    2015-01-20 19:38 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-20 19:37 - 2013-07-28 07:09 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJOHNANDSUE
    2015-01-20 19:37 - 2013-07-28 07:09 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJOHNANDSUE.job
    2015-01-20 16:15 - 2013-05-21 17:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-01-20 15:33 - 2013-12-08 10:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2015-01-20 15:32 - 2013-07-18 08:57 - 00000000 ____D () C:\Users\JOHNANDSUE
    2015-01-20 15:32 - 2013-07-10 21:50 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-01-20 15:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2015-01-18 13:13 - 2013-07-23 05:55 - 00000000 ____D () C:\Users\JOHNANDSUE\AppData\Local\CrashDumps
    2015-01-18 13:09 - 2013-07-19 06:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-16 19:04 - 2013-08-10 11:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-16 19:04 - 2013-07-19 18:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-15 22:32 - 2013-08-15 02:28 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 22:28 - 2013-07-28 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-15 14:45 - 2013-05-21 16:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-15 14:45 - 2013-05-21 16:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-15 14:45 - 2013-05-21 16:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-15 13:59 - 2014-01-09 08:11 - 00000000 ____D () C:\Program Files\Dl_cats
    2015-01-08 09:55 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======
    2014-12-29 17:30 - 2014-12-29 17:30 - 0036575 _____ () C:\Users\JOHNANDSUE\AppData\Roaming\Comma Separated Values.ADR
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Folder Actions Handlers
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\Users\JOHNANDSUE\AppData\Roaming\Font Book
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Framework
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Frameworks
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000268 ___RH () C:\ProgramData\Fruit
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Guitars
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Halftone
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000012 ___RH () C:\ProgramData\Helper Scripts
    2013-12-20 15:42 - 2013-12-20 15:42 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2013-12-20 15:42 - 2014-11-09 14:09 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2013-12-20 15:42 - 2014-05-23 04:55 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-15 15:24

    ==================== End Of Log ============================

     

     

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by JOHNANDSUE at 2015-01-22 07:00:46
    Running from C:\Users\JOHNANDSUE\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell PC Fax (HKLM\...\Dell PC Fax) (Version:  - )
    Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version:  - Dell, Inc.)
    DIRECTV GenieGO (HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\InstallShield_{194D74FC-B8AA-40E3-86C1-91977E0C1951}) (Version: 2.0.0.44 - DIRECTV, LLC)
    DIRECTV GenieGO (x32 Version: 2.0.0.44 - DIRECTV, LLC) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DriverUpdate (HKLM-x32\...\{97C97FAC-9153-409E-A9C8-A19AFABE7547}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{B288E426-9954-451C-B811-B0F234CF0EDD}) (Version: 1.3.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21096.0 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    Idle Crawler (HKLM-x32\...\46E115E7-886C-5C45-B723-B395AD2B6BF9) (Version: 125.0.0.472 - EUROHAUTE LTD) <==== ATTENTION
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4100955786-2800544736-253032312-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Print to Fax (HKLM-x32\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
    ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Zoompic (HKLM-x32\...\zoompic) (Version: 1.1.0.29 - Zoompic) <==== ATTENTION!
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4100955786-2800544736-253032312-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JOHNANDSUE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    21-12-2014 22:20:09 Installed Java 7 Update 71
    30-12-2014 13:00:53 Scheduled Checkpoint
    06-01-2015 14:05:31 Scheduled Checkpoint
    15-01-2015 15:31:00 Scheduled Checkpoint
    15-01-2015 22:28:39 Windows Update
    20-01-2015 15:15:36 Windows Update
    20-01-2015 15:28:22 Restore Operation
    20-01-2015 15:52:22 Windows Defender Checkpoint
    20-01-2015 16:35:17 Removed Java 7 Update 71
    21-01-2015 17:55:05 Windows Defender Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0405DD7F-EE13-4271-8D03-8C8CC80F1625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1AE7652C-9DFB-4334-AA3D-FE178A4AD1D4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4100955786-2800544736-253032312-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {27369880-7723-41A5-AF7A-99BFCD82DF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
    Task: {3273F6ED-AB7B-4133-9F6D-6802FE4AEC4A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {4E6250FA-83ED-4056-A3D8-F5D698DDA7FB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for 17INCH-JOHNANDSUE 17INCH => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-21] (Microsoft Corporation)
    Task: {53B92A62-4A7E-4CB6-AB66-F83C763D8BDB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {53F2DF91-D8F5-45F4-9BBF-D6E81FD98624} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
    Task: {57E32F2D-A5B1-425A-B95C-5627BCD41F12} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {58F980E0-651A-4AD7-93B0-0C2DA2F88C22} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {607170FC-1AE8-4A62-A952-D410BBE48D75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {60EE5364-56AB-4CF2-B598-1C340546F4EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-21] (Microsoft Corporation)
    Task: {6D8ABCAA-545E-4874-B880-E86E52D4D900} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {6E5EC71D-2780-41A9-903E-788BC7388287} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {896DDACF-92B7-422C-AA3C-3399ED875396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
    Task: {8AAC9672-13FA-480F-84AC-95501DF16BD4} - System32\Tasks\{ABD7DBCA-CABF-4D5D-B5F2-EF22E1A4D63F} => pcalua.exe -a C:\Users\JOHNANDSUE\Downloads\F-AW110-V11W.exe -d C:\Users\JOHNANDSUE\Downloads
    Task: {974D2EF4-4FFC-4C32-8C43-14E83C2CFD45} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {9B80E84C-7E63-427C-A3EB-84DC1DA05DD9} - System32\Tasks\AdobeAAMUpdater-1.0-17INCH-JOHNANDSUE => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {A361A2ED-F823-4228-BF39-8E37AA3337F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BEE66D07-81A3-49DE-9604-F03BAB3DF01E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
    Task: {CC3806B8-580A-4396-A6DA-94619A67F3FF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4100955786-2800544736-253032312-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {D833E1FE-F69C-4575-A67D-E25BB961BBD5} - System32\Tasks\HPCeeScheduleForJOHNANDSUE => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {D8510623-DDB9-4434-95DE-54FA583708AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {DD954D8A-5F30-4C12-9140-800899754AB9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {E7426D0A-039D-4031-AEDD-FB5FCAE7A001} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJOHNANDSUE.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-09 08:08 - 2006-10-06 06:27 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
    2014-01-09 08:08 - 2006-10-06 06:24 - 00016384 _____ () C:\Program Files (x86)\Dell PC Fax\DlCtrStr.dll
    2014-01-09 08:08 - 2006-10-06 06:24 - 00081408 _____ () C:\Program Files (x86)\Dell PC Fax\ipcmt64.dll
    2014-01-09 08:11 - 2006-10-19 23:39 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcqdrpp.dll
    2014-11-20 13:42 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-03-21 12:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-07-10 20:59 - 2011-12-16 14:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2013-07-10 20:59 - 2012-01-18 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-01-09 08:09 - 2007-06-29 09:47 - 00292080 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
    2014-01-09 08:09 - 2007-06-29 09:48 - 00304368 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    2014-06-25 16:41 - 2014-09-15 12:00 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2014-11-20 13:34 - 2014-11-20 13:34 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-01-09 08:09 - 2006-08-08 13:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll
    2014-01-09 08:09 - 2006-09-06 04:12 - 00077824 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqcfg.dll
    2014-01-09 08:09 - 2006-06-09 00:39 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll
    2014-10-05 13:17 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2014-10-17 07:45 - 2014-10-17 07:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
    2013-07-10 21:04 - 2011-11-29 22:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2013-07-10 20:59 - 2011-12-16 12:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-4100955786-2800544736-253032312-500 - Administrator - Disabled)
    Guest (S-1-5-21-4100955786-2800544736-253032312-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4100955786-2800544736-253032312-1002 - Limited - Enabled)
    JOHNANDSUE (S-1-5-21-4100955786-2800544736-253032312-1000 - Administrator - Enabled) => C:\Users\JOHNANDSUE

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/22/2015 06:58:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (01/22/2015 06:58:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    Microsoft Office Sessions:
    =========================
    Error: (01/22/2015 06:58:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 22%
    Total physical RAM: 8087.31 MB
    Available physical RAM: 6250.14 MB
    Total Pagefile: 16172.8 MB
    Available Pagefile: 14159.85 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:910.15 GB) (Free:815.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery) (Fixed) (Total:21.07 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFB2BDF9)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=910.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

    ==================== End Of Log ============================

     

     

     

     

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 22/01/2015 7:12:26 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 22/01/2015 12:58:22 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 22/01/2015 12:56:24 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 22/01/2015 12:56:08 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\96cb8a4850c6.

    Log: 'System' Date/Time: 22/01/2015 12:55:27 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 22/01/2015 12:48:11 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 22/01/2015 12:47:55 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\96cb8a4850c6.

    Log: 'System' Date/Time: 22/01/2015 5:24:24 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

     

     

     

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 22/01/2015 7:13:35 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 22/01/2015 12:58:12 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 22/01/2015 12:55:22 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-4100955786-2800544736-253032312-1000:
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders

     


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Looks pretty good.

     

    Log: 'System' Date/Time: 22/01/2015 12:58:22 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

     

     

     HP Quick Launch  is not working and as far as I know hasn't worked since Vista was introduced so I would uninstall it.  

     

     

    Log: 'System' Date/Time: 22/01/2015 12:56:24 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

     

     

     

    Download the attached wininit.zip file and save it.  Right click on it and Extract All which should give you a wininit.reg file.  Right click on winit.reg and MERGE.  This should remove the above error.

     

    Error: (01/22/2015 06:58:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============

     

     

    Use IE and go to http://support.micro...b/2545227/en-us and get the Fixit and run it.

     

    Log: 'Application' Date/Time: 22/01/2015 12:55:22 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-4100955786-2800544736-253032312-1000:
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders
    Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4100955786-2800544736-253032312-1000\Software\RealNetworks\RealJukebox\1.0\Preferences\WatchFolders

     

     

    Uninstall Real Player.  If you use it then get the latest version.

     

     

    That should take care of your errors.  FRST flagged Zoompic as adware which should be removed.  Also your Java is out of date.

     

    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    You have trovi in your Google Chrome.  Our tools don't allow us to fix Chrome but now that all of the malware has been removed you should be able to open Chrome, click on the three bars in the upper right then on settings, Manage Search Engines then click on trovi or any other unwanted search engines and on the right should be an x to delete them.  Click on your favorite and make default.
     
    That should do it for you.  Time to clean up:
     
    Copy the following:
     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     
    That will get the last of the malware off the system.
     
     
     
    You can uninstall or delete any tools we had you download and their logs. 
     
     
    OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
     
    To hide hidden files again:
     
    Vista or Win7
     
    # Open the Control Panel menu and click Folder Options.
    # After the new window appears select the View tab.
    # Remove the check in the  checkbox labeled Display the contents of system folders.
    # Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
    # Check the checkbox labeled Hide protected operating system files.
    # Press the Apply button and then the OK button and exit My Computer. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  (especially Flash.  #1 target of malware these days.)
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
    Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
    (You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
    If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
     Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while.
     
     
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
    Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron
     
     
     
     

    • 0

    #7
    rockitout

    rockitout

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 140 posts

    I followed you instructions and currently have no issues with my computer.  Thank you for your time and help.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP