Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus warning scam


  • Please log in to reply

#1
tominnc06

tominnc06

    Member

  • Member
  • PipPip
  • 30 posts

Wife was surfing job app sites, and received a virus warning from: LINK REMOVED

Since then this warning showed up every time I opened Google Chrome browser. Uninstalled Chrome, took some time install a new printer, then reinstalled Chrome, but continue to get the warning page. Thanks in advance for your help. Here's the OTL log:

 

OTL logfile created on: 1/23/2015 2:09:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 38.11% Memory free
7.60 Gb Paging File | 4.51 Gb Available in Paging File | 59.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.41 Gb Total Space | 289.50 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
Drive D: | 546.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Downloads\OTL.exe
PRC - [2015/01/23 11:35:24 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
PRC - [2015/01/20 22:50:49 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/25 00:39:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/22 16:28:10 | 023,308,616 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 09:57:20 | 003,642,312 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/23 13:12:44 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._gdi_.pyd
MOD - [2015/01/23 13:12:44 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_multiprocessing.pyd
MOD - [2015/01/23 13:12:44 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\hashobjs_ext.pyd
MOD - [2015/01/23 13:12:42 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\PyWinTypes27.dll
MOD - [2015/01/23 13:12:41 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_ssl.pyd
MOD - [2015/01/23 13:12:38 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._windows_.pyd
MOD - [2015/01/23 13:12:38 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_hashlib.pyd
MOD - [2015/01/23 13:12:37 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32pipe.pyd
MOD - [2015/01/23 13:12:36 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32pdh.pyd
MOD - [2015/01/23 13:12:31 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._controls_.pyd
MOD - [2015/01/23 13:12:31 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\unicodedata.pyd
MOD - [2015/01/23 13:12:30 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pyexpat.pyd
MOD - [2015/01/23 13:12:30 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32file.pyd
MOD - [2015/01/23 13:12:30 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32security.pyd
MOD - [2015/01/23 13:12:30 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32inet.pyd
MOD - [2015/01/23 13:12:30 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32event.pyd
MOD - [2015/01/23 13:12:30 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32profile.pyd
MOD - [2015/01/23 13:12:30 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\select.pyd
MOD - [2015/01/23 13:12:28 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/23 13:12:27 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32gui.pyd
MOD - [2015/01/23 13:12:23 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_elementtree.pyd
MOD - [2015/01/23 13:12:23 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_ctypes.pyd
MOD - [2015/01/23 13:12:22 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_socket.pyd
MOD - [2015/01/23 13:12:17 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32api.pyd
MOD - [2015/01/23 13:12:17 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._html2.pyd
MOD - [2015/01/23 13:12:16 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pysqlite2._sqlite.pyd
MOD - [2015/01/23 13:12:15 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._core_.pyd
MOD - [2015/01/23 13:12:15 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pythoncom27.dll
MOD - [2015/01/23 13:12:15 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32com.shell.shell.pyd
MOD - [2015/01/23 13:12:15 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._animate.pyd
MOD - [2015/01/23 13:12:15 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32ts.pyd
MOD - [2015/01/23 13:12:14 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._misc_.pyd
MOD - [2015/01/23 13:12:14 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._wizard.pyd
MOD - [2015/01/23 13:12:14 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32crypt.pyd
MOD - [2015/01/23 13:12:12 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32process.pyd
MOD - [2015/01/23 11:35:21 | 016,844,464 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll
MOD - [2015/01/20 22:50:45 | 009,171,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
MOD - [2015/01/20 22:50:41 | 001,117,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
MOD - [2015/01/20 22:50:39 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
MOD - [2014/12/25 00:39:39 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/05/16 09:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/28 14:12:52 | 000,182,848 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV:64bit: - [2013/08/28 14:12:50 | 000,815,168 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2013/08/28 14:09:34 | 001,942,528 | ---- | M] (GlavSoft LLC.) [On_Demand | Running] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/23 11:35:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/05 03:40:26 | 003,342,608 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/28 14:09:10 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...5D1D17699&SSPV=
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
 
[2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
[2015/01/23 13:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
[2014/09/10 15:07:15 | 000,000,000 | ---D | M] (Shopper-Pro) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
[2013/12/10 12:13:06 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\[email protected]
[2013/05/14 15:22:07 | 000,554,915 | ---- | M] () (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi
[2014/12/29 16:10:13 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2013/12/05 16:08:20 | 000,002,389 | ---- | M] () -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\searchplugins\Mysearchdial.xml
[2015/01/23 11:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/27 19:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/02 08:31:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
 
O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Shop to Win) - {284171A7-2F20-7504-35E0-E1B6810714B8} - C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [16F3AE012F60FC3AEB49178160248FC66D35511C._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/14 07:43:50 | 000,000,088 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d21b125-b9a5-11e0-aabb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d21b125-b9a5-11e0-aabb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2014/07/21 17:32:24 | 001,725,448 | R--- | M] (Hewlett-Packard Development Company, LP)
O33 - MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782}\Shell - "" = AutoRun
O33 - MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/23 12:25:23 | 000,763,912 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\windows\SysNative\HPDiscoPM7112.dll
[2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2015/01/23 11:47:13 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Local\SearchProtect
[2015/01/23 11:35:33 | 000,897,960 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:35:33 | 000,818,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/01/23 11:05:58 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
[2015/01/14 10:49:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2015/01/14 10:49:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2015/01/14 10:49:06 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/01/14 10:49:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/01/14 10:49:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/01/14 10:49:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/01/14 10:49:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/01/14 10:49:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2014/12/31 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/12/25 00:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/12/25 00:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/08/05 07:38:22 | 016,268,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ITPx64_1033_8.15.406.0.exe
[2011/08/04 15:43:32 | 030,307,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IPx64_1033_8.15.406.0.exe
[2011/08/04 09:16:44 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mseinstall.exe
[2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/23 14:00:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
[2015/01/23 13:54:09 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/23 13:54:09 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/23 13:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/23 13:19:14 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 13:19:14 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 13:18:51 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 13:17:35 | 000,321,895 | ---- | M] () -- C:\windows\wininit.ini
[2015/01/23 13:10:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/23 13:09:52 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2015/01/23 11:35:24 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/01/23 11:35:24 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/23 11:11:42 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
[2015/01/23 11:04:26 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2015/01/23 11:04:20 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2015/01/23 11:04:19 | 000,897,960 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2015/01/23 11:04:19 | 000,818,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2015/01/15 12:12:55 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/15 12:12:55 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/15 12:12:55 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/08 15:47:52 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
[2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2013/12/05 10:25:52 | 000,351,124 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
[2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


Edited by Essexboy, 23 January 2015 - 01:55 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Apologies for adding to the problem, but I now have a NSA locked browser/Moneypak problem that showed up when browsing innocent sites in Firefox. Before proceeding with your first suggestions, maybe you should see the new OTL output I ran after it showed up.

     

    OTL logfile created on: 1/24/2015 3:04:38 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TomIlene\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17501)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 36.92% Memory free
    7.60 Gb Paging File | 4.42 Gb Available in Paging File | 58.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 441.41 Gb Total Space | 289.33 Gb Free Space | 65.55% Space Free | Partition Type: NTFS
    Drive D: | 546.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: TOMILENE-PC | User Name: TomIlene | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
    PRC - [2015/01/23 11:35:24 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
    PRC - [2014/12/25 00:39:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/12/22 16:28:10 | 023,308,616 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2014/11/16 13:49:41 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2014/03/31 09:30:00 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    PRC - [2013/08/28 00:26:17 | 000,142,160 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\PCCU.exe
    PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013/05/16 09:57:20 | 003,642,312 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
    PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2012/11/15 16:51:08 | 000,453,944 | ---- | M] (Khrona LLC) -- C:\Program Files (x86)\PC Checkup\AwesomiumProcess
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2015/01/23 13:12:44 | 000,805,888 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._gdi_.pyd
    MOD - [2015/01/23 13:12:44 | 000,027,136 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_multiprocessing.pyd
    MOD - [2015/01/23 13:12:44 | 000,007,168 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\hashobjs_ext.pyd
    MOD - [2015/01/23 13:12:42 | 000,110,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\PyWinTypes27.dll
    MOD - [2015/01/23 13:12:41 | 001,160,704 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_ssl.pyd
    MOD - [2015/01/23 13:12:38 | 000,811,008 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._windows_.pyd
    MOD - [2015/01/23 13:12:38 | 000,713,216 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_hashlib.pyd
    MOD - [2015/01/23 13:12:37 | 000,024,064 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32pipe.pyd
    MOD - [2015/01/23 13:12:36 | 000,025,600 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32pdh.pyd
    MOD - [2015/01/23 13:12:31 | 001,062,400 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._controls_.pyd
    MOD - [2015/01/23 13:12:31 | 000,686,080 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\unicodedata.pyd
    MOD - [2015/01/23 13:12:30 | 000,127,488 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pyexpat.pyd
    MOD - [2015/01/23 13:12:30 | 000,119,808 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32file.pyd
    MOD - [2015/01/23 13:12:30 | 000,108,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32security.pyd
    MOD - [2015/01/23 13:12:30 | 000,038,912 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32inet.pyd
    MOD - [2015/01/23 13:12:30 | 000,018,432 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32event.pyd
    MOD - [2015/01/23 13:12:30 | 000,017,408 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32profile.pyd
    MOD - [2015/01/23 13:12:30 | 000,010,240 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\select.pyd
    MOD - [2015/01/23 13:12:28 | 000,525,640 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\windows._lib_cacheinvalidation.pyd
    MOD - [2015/01/23 13:12:27 | 000,167,936 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32gui.pyd
    MOD - [2015/01/23 13:12:23 | 000,128,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_elementtree.pyd
    MOD - [2015/01/23 13:12:23 | 000,087,552 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_ctypes.pyd
    MOD - [2015/01/23 13:12:22 | 000,045,568 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\_socket.pyd
    MOD - [2015/01/23 13:12:17 | 000,098,816 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32api.pyd
    MOD - [2015/01/23 13:12:17 | 000,070,656 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._html2.pyd
    MOD - [2015/01/23 13:12:16 | 000,557,056 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pysqlite2._sqlite.pyd
    MOD - [2015/01/23 13:12:15 | 001,175,040 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._core_.pyd
    MOD - [2015/01/23 13:12:15 | 000,364,544 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\pythoncom27.dll
    MOD - [2015/01/23 13:12:15 | 000,320,512 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32com.shell.shell.pyd
    MOD - [2015/01/23 13:12:15 | 000,078,336 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._animate.pyd
    MOD - [2015/01/23 13:12:15 | 000,022,528 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32ts.pyd
    MOD - [2015/01/23 13:12:14 | 000,735,232 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._misc_.pyd
    MOD - [2015/01/23 13:12:14 | 000,122,368 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\wx._wizard.pyd
    MOD - [2015/01/23 13:12:14 | 000,011,264 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32crypt.pyd
    MOD - [2015/01/23 13:12:12 | 000,035,840 | ---- | M] () -- C:\Users\TomIlene\AppData\Local\Temp\_MEI42602\win32process.pyd
    MOD - [2015/01/23 11:35:21 | 016,844,464 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll
    MOD - [2014/12/25 00:39:39 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2014/10/18 09:28:02 | 000,399,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
    MOD - [2014/10/18 09:10:03 | 018,813,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
    MOD - [2014/10/18 09:09:49 | 011,025,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
    MOD - [2014/10/18 09:09:45 | 001,889,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
    MOD - [2014/10/18 09:09:45 | 000,241,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
    MOD - [2014/10/18 09:09:41 | 007,409,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
    MOD - [2014/10/18 09:09:39 | 000,470,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
    MOD - [2014/10/18 09:09:36 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
    MOD - [2014/10/18 09:09:33 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
    MOD - [2014/10/18 09:09:31 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
    MOD - [2014/10/18 09:09:30 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
    MOD - [2014/10/18 09:09:27 | 002,822,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
    MOD - [2014/10/18 09:09:23 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
    MOD - [2014/10/18 09:09:23 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
    MOD - [2014/10/18 09:09:21 | 010,100,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
    MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/02/18 18:05:25 | 000,190,976 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
    MOD - [2014/02/18 15:03:35 | 000,198,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
    MOD - [2014/02/18 15:03:33 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/05/16 09:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2013/08/28 14:12:52 | 000,182,848 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
    SRV:64bit: - [2013/08/28 14:12:50 | 000,815,168 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
    SRV:64bit: - [2013/08/28 14:09:34 | 001,942,528 | ---- | M] (GlavSoft LLC.) [On_Demand | Running] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2015/01/23 11:35:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2015/01/05 03:40:26 | 003,342,608 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
    SRV - [2014/12/25 00:39:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/28 00:26:19 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/08/28 14:09:10 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
    DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
    DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/04/13 14:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
    DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6D42521-42E8-49FE-81A3-809D7C26001C}
    IE:64bit: - HKLM\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}
    IE - HKLM\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...F5D1D17699=
    IE - HKCU\..\URLSearchHook:  - No CLSID value found
    IE - HKCU\..\URLSearchHook: {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
    IE - HKCU\..\SearchScopes\{C6D42521-42E8-49FE-81A3-809D7C26001C}: "URL" = https://www.google.c...?q={searchTerms}
    IE - HKCU\..\SearchScopes\{E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
    IE - HKCU\..\SearchScopes\{FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5}: "URL" = http://www.google.co...1I7TSNF_enUS443
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
     
    ========== FireFox ==========
     
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/12/25 00:39:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/08 12:11:10 | 000,000,000 | ---D | M]
     
    [2011/08/03 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Extensions
    [2015/01/23 13:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions
    [2014/09/10 15:07:15 | 000,000,000 | ---D | M] (Shopper-Pro) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
    [2013/12/10 12:13:06 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\[email protected]
    [2013/05/14 15:22:07 | 000,554,915 | ---- | M] () (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi
    [2014/12/29 16:10:13 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    [2013/12/05 16:08:20 | 000,002,389 | ---- | M] () -- C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\searchplugins\Mysearchdial.xml
    [2015/01/23 11:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/27 19:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/10/02 08:31:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2014/12/25 00:39:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2014/12/25 00:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2014/12/25 00:39:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
    ========== Chrome  ==========
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\2.0_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.1_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.6_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm\0.8_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.7.3_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.17_0\
     
    O1 HOSTS File: ([2011/08/11 22:38:20 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14938 more lines...
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O2 - BHO: (Shop to Win) - {284171A7-2F20-7504-35E0-E1B6810714B8} - C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: []  File not found
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKCU..\Run: [16F3AE012F60FC3AEB49178160248FC66D35511C._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [HP Officejet Pro 8610 (NET)] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
    O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
    O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
    O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
    O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
    O16 - DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6AA8B5-EF86-40E5-B3F4-0467A9595736}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll (Client Connect LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/02/14 07:43:50 | 000,000,088 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{2d21b125-b9a5-11e0-aabb-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d21b125-b9a5-11e0-aabb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2014/07/21 17:32:24 | 001,725,448 | R--- | M] (Hewlett-Packard Development Company, LP)
    O33 - MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782}\Shell - "" = AutoRun
    O33 - MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/01/23 14:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
    [2015/01/23 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2015/01/23 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
    [2015/01/23 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2015/01/23 12:25:23 | 000,763,912 | ---- | C] (Hewlett-Packard Development Company, LP) -- C:\windows\SysNative\HPDiscoPM7112.dll
    [2015/01/23 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2015/01/23 11:47:13 | 000,000,000 | ---D | C] -- C:\Users\TomIlene\AppData\Local\SearchProtect
    [2015/01/23 11:35:33 | 000,897,960 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
    [2015/01/23 11:35:33 | 000,818,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
    [2015/01/23 11:05:58 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    [2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
    [2015/01/23 11:05:57 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
    [2015/01/23 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2015/01/22 14:55:28 | 000,000,000 | -HSD | C] -- C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
    [2015/01/14 10:49:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
    [2015/01/14 10:49:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
    [2015/01/14 10:49:06 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2015/01/14 10:49:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2015/01/14 10:49:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2015/01/14 10:49:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
    [2015/01/14 10:49:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
    [2015/01/14 10:49:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
    [2014/12/31 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2011/08/05 07:38:22 | 016,268,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ITPx64_1033_8.15.406.0.exe
    [2011/08/04 15:43:32 | 030,307,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IPx64_1033_8.15.406.0.exe
    [2011/08/04 09:16:44 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mseinstall.exe
    [2011/08/03 11:43:04 | 013,685,936 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.1.exe
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/01/24 03:00:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
    [2015/01/24 02:54:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/01/24 02:51:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2015/01/24 02:49:06 | 000,322,115 | ---- | M] () -- C:\windows\wininit.ini
    [2015/01/24 02:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2015/01/23 14:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TomIlene\Desktop\OTL.exe
    [2015/01/23 13:54:09 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/01/23 13:19:14 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/01/23 13:19:14 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/01/23 13:18:51 | 000,002,254 | ---- | M] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2015/01/23 13:09:52 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2015/01/23 12:23:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2015/01/23 11:35:24 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2015/01/23 11:35:24 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2015/01/23 11:11:42 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
    [2015/01/23 11:04:26 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    [2015/01/23 11:04:20 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
    [2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
    [2015/01/23 11:04:20 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
    [2015/01/23 11:04:19 | 000,897,960 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
    [2015/01/23 11:04:19 | 000,818,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
    [2015/01/15 12:12:55 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2015/01/15 12:12:55 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2015/01/15 12:12:55 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2015/01/08 15:47:52 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\TomIlene\Documents\*.tmp files -> C:\Users\TomIlene\Documents\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2015/01/23 13:18:51 | 000,002,254 | ---- | C] () -- C:\Users\TomIlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2015/01/23 12:23:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2014/07/08 12:00:49 | 000,229,116 | ---- | C] () -- C:\windows\hpwins23.dat
    [2014/07/08 12:00:49 | 000,002,075 | ---- | C] () -- C:\windows\hpwmdl23.dat
    [2013/12/05 10:25:52 | 000,351,124 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    [2013/08/31 15:22:45 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2012/08/16 01:04:46 | 000,000,017 | ---- | C] () -- C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Go ahead with the other programs. I can't see much with OTL which is why I want a FRST scan.   Once you finish with those we need to get you a better anti-virus.  Avast will block most bad websites automatically.

     

    Get the free version of Avast:

     

    http://files.avast.c...virus_setup.exe

     

    Download and Save the file but don't install.  

     

    Uninstall Microsoft Security Essentials

     

    reboot

     

    Now install Avast by right clicking and Run As Admin.

     

    Watch out for and uncheck the Google tool bar, Chrome and Dropbox options.  They are harmless but slow down the install.  You want the Basic installl not the trial or demo.

     

     Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.
     
    If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
    Tonight while you sleep have it run a boot-time scan.  (This can take more than 6 hours so I always let it run while I sleep)
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

    • 0

    #5
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Here's what I got this afternoon, but I had to search for it - not where you suggested. Under Avast Scan there is no access to "historical data". Found this at C: AdwCleaner[R0].

     

    # AdwCleaner v4.108 - Report created 24/01/2015 at 03:30:02
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-23.3 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : TomIlene - TOMILENE-PC
    # Running from : C:\Users\TomIlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08C47WFQ\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : CltMngSvc
    Service Found : SPPD

    ***** [ Files / Folders ] *****

    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Found : C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    File Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    File Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\searchplugins\Mysearchdial.xml
    File Found : C:\Users\TomIlene\daemonprocess.txt
    Folder Found : C:\Program Files (x86)\BrowseSmart
    Folder Found : C:\Program Files (x86)\di9NewPlayer
    Folder Found : C:\Program Files (x86)\findopolis
    Folder Found : C:\Program Files (x86)\Free Ride Games
    Folder Found : C:\Program Files (x86)\fst_us_148
    Folder Found : C:\Program Files (x86)\jfilemanager
    Folder Found : C:\Program Files (x86)\Mobogenie
    Folder Found : C:\Program Files (x86)\PepperZip
    Folder Found : C:\Program Files (x86)\SearchProtect
    Folder Found : C:\Program Files (x86)\ShopperPro
    Folder Found : C:\Program Files (x86)\Super Optimizer
    Folder Found : C:\Program Files (x86)\ver7SpeedChecker
    Folder Found : C:\Program Files (x86)\YTDownloader
    Folder Found : C:\ProgramData\Free Ride Games
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jfilemanager
    Folder Found : C:\ProgramData\SearchModule
    Folder Found : C:\ProgramData\ShopperPro
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\Public\Documents\ShopperPro
    Folder Found : C:\Users\TomIlene\AppData\Local\CrashRpt
    Folder Found : C:\Users\TomIlene\AppData\Local\fst_us_148
    Folder Found : C:\Users\TomIlene\AppData\Local\jfilemanager
    Folder Found : C:\Users\TomIlene\AppData\Local\Mobogenie
    Folder Found : C:\Users\TomIlene\AppData\Local\SearchProtect
    Folder Found : C:\Users\TomIlene\AppData\Local\WeatherAlerts
    Folder Found : C:\Users\TomIlene\AppData\LocalLow\HPAppData
    Folder Found : C:\Users\TomIlene\AppData\LocalLow\Mysearchdial
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected]
    Folder Found : C:\Users\TomIlene\AppData\Roaming\pccustubinstaller
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Super Optimizer
    Folder Found : C:\Users\TomIlene\Documents\Mobogenie
    Folder Found : C:\Users\TomIlene\Documents\Super Optimizer
    Folder Found : C:\Users\wangzhisong\AppData\Local\Mobogenie

    ***** [ Scheduled Tasks ] *****

    Task Found : MySearchDial

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos.1
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl.1
    Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Found : HKLM\SOFTWARE\SearchProtect
    Key Found : HKLM\SOFTWARE\SPPDCOM
    Key Found : HKLM\SOFTWARE\Trymedia Systems
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M41CEF66C-931D-43FC-8225-201BA9FFE869&SearchSource=55&CUI=&UM=6&UP=SP1AB2B2A9-D9E1-47A6-BBD3-28F5D1D17699&SSPV=

    -\\ Mozilla Firefox v12.0 (en-US)

    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.AutoSearchEventData", "auto%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.ClearCacheDate", 18);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DNSCatch", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DisplayEULA", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DnsCatchEventData", "dns%20catch");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EBOMode", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EnableDCAData_xx", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EnableDCA_xx", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.FirstLaunchShown", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.InstallDomain", "freecause.com");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.InstallType", "standard");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.LoadLayoutDate.100573", 18);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.NewTabSearchEventData", "tab%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.ShowRecommendedOptions", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.StateReportDate", "1418843307625");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.TopRightSearchEventData", "top%20right%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeInstallSaved", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.search", "Google");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.customNewTab", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaDefaultMode", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaShowInstallerPage", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaShowSurvey", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.helpUsImprove", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.hideOthers", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.partnerauth", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.processAddrBar", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.restoreSearch", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.searchHistory", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.session", "887A3F39368B4E7B3E85C20C1E9AED41BA3BCB67CEC131B85D9BEC411B1C0969588582257C63B253B023FEF1A62581EC1D8DD8736FF2475070C258646B646D866C94A8F1[...]
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.showFirstLaunchOptions", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.tb_lang", "en");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.tool_id", "100573");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_id", "124959010");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_key", "c42aaeaae8b810a256b9a15bc41ea5f2a58715ce");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_layouts", "100573");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_lnames", "Shop%20to%20Win%2031");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.vars.disablecuidinject", "1");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.yahooSearch", false);

    -\\ Google Chrome v40.0.2214.91

    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.cpcc.edu/search?SearchableText={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyzyyE0EyBzztB0BtDzytCtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1096520625&ir=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP69339B41-339A-40DE-9B91-6E58F74EE03D&q={searchTerms}&SSPV=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP69339B41-339A-40DE-9B91-6E58F74EE03D&q={searchTerms}&SSPV=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,&q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,&q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8

    *************************

    AdwCleaner[R0].txt - [13517 octets] - [24/01/2015 03:30:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13578 octets] ##########


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Not sure what you are trying to say.  This is the log from AdwCleaner.  Did you run Junkware Removlal Tool and FRST?  Where are their logs?

     

    If you have trouble seeing the avast log at  C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

     

    Close all programs so that you are at your desktop.
        Open the Control Panel menu and click Folder Options.
        After the new window appears select the View tab.
        Put a checkmark in the checkbox labeled Display the contents of system folders.
        Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
        Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
        Remove the checkmark from the checkbox labeled Hide protected operating system files.
        Press the Apply button and then the OK button 

    • 0

    #7
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    OK, I haven't been to geekstogo for awhile, and didn't pick up on the FRST and Junk Removal Tool.

     

    I've followed your instructions re: system folders. Now just confirm that I run the following in sequence FRST, then Junk Removal Tool, then Avast?


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Junk then FRST then Avast.


    • 0

    #9
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Here are the various output logs. By the way, in addition to disabling the Microsoft protection, I also uninstalled Spybot S&D before running these.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by TomIlene on Sun 01/25/2015 at 12:19:51.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 01/25/2015 at 12:26:35.21
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by TomIlene (administrator) on TOMILENE-PC on 25-01-2015 12:31:52
    Running from C:\Users\TomIlene\Downloads
    Loaded Profiles: TomIlene (Available profiles: TomIlene)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
    (Soluto) C:\Program Files\Soluto\SolutoService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (GlavSoft LLC.) C:\Program Files\Soluto\SolutoRemoteService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Soluto) C:\Program Files\Soluto\Soluto.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873288 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [16F3AE012F60FC3AEB49178160248FC66D35511C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-08-29] ()
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [Google Update] => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-08] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\MountPoints2: {310a34ae-6eab-11e1-a29f-60eb6994e782} - E:\ToolLauncher-Bootstrap.exe
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - Default Value = {5963db80-6910-e734-3d61-9e997c263db5}
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - FCToolbarURLSearchHook Class - {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
    SearchScopes: HKLM -> DefaultScope {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> DefaultScope {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...1I7TSNF_enUS443
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Shop to Win -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default
    FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/O1DPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: mysearchdial.com - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] [2013-12-05]
    FF Extension: Shopper-Pro - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-09-10]
    FF Extension: Shop to Win 31 - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi [2012-11-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-08]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
    FF HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,
    CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2011-08-04]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2011-10-06]
    CHR Extension: (Google Calendar) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2011-09-01]
    CHR Extension: (Digital Clock) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-06-07]
    CHR Extension: (Avast Online Security) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
    CHR Extension: (Do Not Disturb!) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-06-26]
    CHR Extension: (Clearly) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-09-19]
    CHR Extension: (My Browser Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-12-05]
    CHR Extension: (HuffingtonPost NewsGlide) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef [2011-08-04]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
    CHR Extension: (Sooner) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm [2011-10-06]
    CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2011-08-04]
    CHR Extension: (Google Wallet) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Neat Bookmarks) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp [2011-08-04]
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [pdjaaibbgfdnolpgkmgbdebhhpddkokk] - C:\Users\TomIlene\AppData\Roaming\Shop to Win 31\Toolbar_production_100573_31.crx [2012-08-29]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-28] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-08-28] (Soluto)
    R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-08-28] (GlavSoft LLC.) [File not signed]
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
    R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
    S3 SPPD; C:\windows\system32\drivers\SPPD.sys [21976 2015-01-24] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)
    R3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 12:31 - 2015-01-25 12:32 - 00028617 _____ () C:\Users\TomIlene\Downloads\FRST.txt
    2015-01-25 12:26 - 2015-01-25 12:27 - 00000636 _____ () C:\Users\TomIlene\Desktop\JRT.txt
    2015-01-25 09:09 - 2015-01-25 09:09 - 00000197 _____ () C:\windows\system32\2015-01-25-14-09-01.079-AvastVBoxSVC.exe-3016.log
    2015-01-25 00:06 - 2015-01-25 00:06 - 00000000 ____D () C:\windows\ERUNT
    2015-01-25 00:02 - 2015-01-25 00:02 - 01707939 _____ (Thisisu) C:\Users\TomIlene\Downloads\JRT.exe
    2015-01-25 00:00 - 2015-01-25 12:31 - 00000000 ____D () C:\FRST
    2015-01-25 00:00 - 2015-01-25 00:00 - 02129920 _____ (Farbar) C:\Users\TomIlene\Downloads\FRST64.exe
    2015-01-24 19:59 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-59-27.019-aswFe.exe-3940.log
    2015-01-24 19:53 - 2015-01-24 19:53 - 00930200 _____ (Install Manager ) C:\Users\TomIlene\Downloads\setup.exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00412024 _____ (Premium Installer ) C:\Users\TomIlene\Downloads\fl_setup.exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00341368 _____ (Swift Installer ) C:\Users\TomIlene\Downloads\fl_setup (2).exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00341368 _____ (Swift Installer ) C:\Users\TomIlene\Downloads\fl_setup (1).exe
    2015-01-24 19:49 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-49-39.082-aswFe.exe-5620.log
    2015-01-24 19:49 - 2015-01-24 19:49 - 00000197 _____ () C:\windows\system32\2015-01-25-00-49-31.071-AvastVBoxSVC.exe-2992.log
    2015-01-24 16:52 - 2015-01-24 16:52 - 00021976 _____ () C:\windows\system32\Drivers\SPPD.sys
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\SysWOW64\vbox
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\system32\vbox
    2015-01-24 16:27 - 2015-01-24 16:27 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Roaming\AVAST Software
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-01-24 16:26 - 2015-01-24 16:27 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-01-24 16:26 - 2015-01-24 16:26 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-01-24 16:26 - 2015-01-24 16:26 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00087912 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-01-24 16:26 - 2015-01-24 16:26 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2015-01-24 16:25 - 2015-01-24 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-01-24 16:22 - 2015-01-24 16:25 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-24 10:03 - 2015-01-24 10:04 - 132469808 _____ (AVAST Software) C:\Users\TomIlene\Downloads\avast_free_antivirus_setup.exe
    2015-01-24 03:28 - 2015-01-24 03:31 - 00000000 ____D () C:\AdwCleaner
    2015-01-24 03:12 - 2015-01-24 03:12 - 00124330 _____ () C:\Users\TomIlene\Desktop\OTL.Txt
    2015-01-23 14:53 - 2015-01-23 14:53 - 00118080 _____ () C:\Users\TomIlene\Documents\Computer Virus Warning, OTL.Txt
    2015-01-23 14:09 - 2015-01-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\TomIlene\Desktop\OTL.exe
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Evernote
    2015-01-23 13:18 - 2015-01-23 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-23 12:25 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7112.dll
    2015-01-23 12:24 - 2015-01-23 12:24 - 00000000 ____D () C:\Program Files\HP
    2015-01-23 12:23 - 2015-01-23 12:23 - 00000057 _____ () C:\ProgramData\Ament.ini
    2015-01-23 11:35 - 2015-01-23 11:04 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
    2015-01-23 11:35 - 2015-01-23 11:04 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-22 14:55 - 2015-01-22 14:55 - 00000000 __SHD () C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
    2015-01-15 13:28 - 2015-01-15 13:28 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-14 10:49 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-14 10:49 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-14 10:49 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-01-14 10:49 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-01-14 10:49 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 10:49 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-01-14 10:49 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-14 10:49 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-13 11:41 - 2015-01-13 11:41 - 00030194 _____ () C:\Users\TomIlene\Downloads\1421163004.html
    2015-01-12 10:54 - 2015-01-12 10:54 - 12927067 _____ () C:\Users\TomIlene\Downloads\20150110_113404.mp4
    2015-01-07 11:35 - 2015-01-07 11:35 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (4).xlsx
    2015-01-07 11:35 - 2015-01-07 11:35 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (3).xlsx
    2015-01-07 11:32 - 2015-01-07 11:32 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (2).xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule.xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (1).xlsx
    2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-12-31 12:45 - 2014-12-31 12:46 - 16409960 _____ (Safer Networking Limited ) C:\Users\TomIlene\Downloads\spybotsd162 (2).exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 12:15 - 2014-08-08 18:56 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
    2015-01-25 12:15 - 2014-08-08 18:56 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
    2015-01-25 12:15 - 2012-04-16 07:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-25 12:15 - 2011-07-29 00:36 - 01651369 _____ () C:\windows\WindowsUpdate.log
    2015-01-25 12:15 - 2010-10-14 23:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-25 09:52 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-01-25 09:50 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 09:50 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 09:49 - 2014-09-25 16:04 - 00000000 ___RD () C:\Users\TomIlene\iCloudDrive
    2015-01-25 09:49 - 2013-10-24 16:09 - 00000000 ___RD () C:\Users\TomIlene\Google Drive
    2015-01-25 09:49 - 2010-10-14 23:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-25 09:07 - 2012-11-14 09:21 - 00011946 _____ () C:\windows\setupact.log
    2015-01-25 09:07 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-25 02:12 - 2011-09-13 16:24 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2015-01-24 16:39 - 2010-10-14 23:32 - 00574224 _____ () C:\windows\PFRO.log
    2015-01-24 16:22 - 2012-02-14 12:13 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{83EECBD0-378C-413E-A84D-0137D0FD82C4}
    2015-01-24 15:46 - 2011-08-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-01-24 15:45 - 2011-09-13 16:24 - 00001945 _____ () C:\windows\epplauncher.mif
    2015-01-24 02:49 - 2011-08-03 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 01:17 - 2012-11-28 12:34 - 00003970 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
    2015-01-23 13:18 - 2010-10-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-23 13:06 - 2014-07-08 12:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\HP
    2015-01-23 13:04 - 2014-07-08 12:02 - 00000000 ____D () C:\Program Files (x86)\HP
    2015-01-23 12:25 - 2014-07-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-01-23 12:24 - 2014-07-08 12:00 - 00000000 ____D () C:\ProgramData\HP
    2015-01-23 11:42 - 2011-07-29 00:43 - 00032904 _____ () C:\windows\DPINST.LOG
    2015-01-23 11:36 - 2013-11-14 18:39 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-23 11:36 - 2012-06-27 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-23 11:35 - 2012-04-16 07:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-23 11:35 - 2012-04-16 07:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-23 11:35 - 2011-11-09 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-23 11:04 - 2014-08-16 15:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2015-01-15 13:32 - 2014-09-25 16:05 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\592F94FA-5DCE-4604-B5A4-57E4BD30ECF2.aplzod
    2015-01-15 12:34 - 2013-08-07 09:51 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-15 12:11 - 2011-08-08 12:11 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-13 14:29 - 2011-10-25 12:18 - 00000000 ____D () C:\Users\TomIlene\Documents\Outlook Files
    2015-01-08 15:47 - 2013-10-24 15:21 - 00002001 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-01-08 15:47 - 2013-10-24 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-08 09:55 - 2011-08-04 09:40 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-12-28 03:29 - 2011-08-01 20:26 - 00000000 ____D () C:\windows\System32\Tasks\Games
    2014-12-27 17:58 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

    ==================== Files in the root of some directories =======

    2011-08-03 11:43 - 2011-08-03 11:43 - 13685936 _____ (Mozilla) C:\Program Files\Firefox Setup 5.0.1.exe
    2011-08-04 15:43 - 2011-08-04 15:43 - 30307728 _____ (Microsoft Corporation) C:\Program Files\IPx64_1033_8.15.406.0.exe
    2011-08-05 07:38 - 2011-08-05 07:38 - 16268176 _____ (Microsoft Corporation) C:\Program Files\ITPx64_1033_8.15.406.0.exe
    2011-08-04 09:16 - 2011-08-04 09:18 - 10165440 _____ (Microsoft Corporation) C:\Program Files\mseinstall.exe
    2014-07-08 12:27 - 2014-07-08 12:27 - 0001004 _____ () C:\Users\TomIlene\AppData\Roaming\ConvAPIPlugin.log
    2013-12-05 10:25 - 2013-12-05 10:25 - 0351124 _____ () C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    2012-08-16 01:04 - 2012-08-16 01:04 - 0000017 _____ () C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
    2015-01-23 12:23 - 2015-01-23 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-08 12:00 - 2014-07-08 12:28 - 0000960 _____ () C:\ProgramData\hpzinstall.log
    2013-08-31 15:22 - 2013-08-31 15:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\TomIlene\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\TomIlene\AppData\Local\Temp\Quarantine.exe
    C:\Users\TomIlene\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-27 17:08

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by TomIlene at 2015-01-25 12:33:03
    Running from C:\Users\TomIlene\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    App Client version 2.57 (HKLM-x32\...\{B28D9C36-91CF-4DDD-A114-B78F27FEDCCF}}_is1) (Version: 2.57 - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
    Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HTC Sync (HKLM-x32\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.49.0 - Symantec Corporation)
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
    Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Shop To Win (HKLM-x32\...\{1220BDA0-E418-4789-BFF5-072062B29D01}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)
    Shop to Win 31 (HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Shop to Win 31) (Version:  - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Soluto (HKLM\...\{3D221DF4-18AB-4876-A825-57E2D2CC2429}) (Version: 1.3.1444.0 - Soluto)
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
    The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.5.60 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.2 - WildTangent)
    Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TomIlene\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points  =========================

    24-10-2014 10:38:37 Windows Update
    30-10-2014 12:49:48 Windows Update
    02-11-2014 17:38:03 Windows Update
    06-11-2014 01:19:53 Windows Update
    09-11-2014 16:29:51 Windows Update
    12-11-2014 12:35:15 Windows Update
    16-11-2014 14:00:14 Windows Update
    19-11-2014 15:39:19 Windows Update
    19-11-2014 23:49:27 Windows Update
    24-11-2014 18:12:21 Windows Update
    28-11-2014 00:59:15 Windows Update
    01-12-2014 17:35:00 Windows Update
    05-12-2014 02:21:41 Windows Update
    09-12-2014 09:45:02 Windows Update
    11-12-2014 11:16:46 Windows Update
    13-12-2014 09:13:23 Windows Update
    17-12-2014 14:20:04 Windows Update
    19-12-2014 10:11:55 Windows Update
    23-12-2014 10:16:26 Windows Update
    26-12-2014 16:04:01 Windows Update
    30-12-2014 01:15:08 Windows Update
    02-01-2015 11:00:37 C
    03-01-2015 08:23:27 Windows Update
    06-01-2015 12:12:53 Windows Update
    09-01-2015 16:37:34 Windows Update
    13-01-2015 11:03:31 Windows Update
    15-01-2015 12:10:06 Windows Update
    19-01-2015 12:07:31 Windows Update
    22-01-2015 14:50:29 C
    23-01-2015 11:41:24 Removed HTC Driver Installer.
    23-01-2015 11:49:20 C
    23-01-2015 13:24:31 Windows Update
    24-01-2015 16:25:00 avast! antivirus system restore point
    25-01-2015 02:07:48 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2011-08-11 22:38 - 00434097 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0BE04743-17AA-4857-B017-D609D0B0575B} - System32\Tasks\{83EF2759-EF39-4807-A920-6C1BACD5FA1D} => pcalua.exe -a "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads\documentstogopro7006-en.exe" -d "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads"
    Task: {106510A5-C9BA-41DF-BD58-283306415073} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {14047A40-99AB-4616-B1B9-C4C7D7167996} - System32\Tasks\SolutoTask_a36c3598-c5e7-4759-a120-1aadcbf0a77e => C:\ProgramData\Soluto\Temp\ninite.googleearth_7_1_2_2041.setup-22f963ca-fd60-88d1-bf8a-ef3ecca5692c.exe <==== ATTENTION
    Task: {1DC69D13-7876-4654-B4AE-973430DE9805} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {315242EF-15A3-40A6-81B3-61BD412DA754} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
    Task: {44ACCCA2-B485-4FFC-A4E5-49EFB15B3377} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-28] (Symantec Corporation)
    Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {54F5C15D-5961-40D9-807C-D1C1B6DE5E92} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {69574AE5-47BD-4AB1-A2D9-FDE01983FAD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft..../?LinkId=116866
    Task: {71909F83-451C-492E-844B-37B616F32DD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-24] (AVAST Software)
    Task: {7393C912-0485-48C7-9780-1A79EA538960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {8512FBC1-0871-4633-B6CC-1DDEC1FA3417} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)
    Task: {995FBF71-5898-4304-8361-8216FE777133} - System32\Tasks\{12D77EA9-5EE1-4830-8B68-ADED66A1B417} => pcalua.exe -a C:\Users\TomIlene\Downloads\CAInstall.exe -d C:\windows\system32
    Task: {CC2B3965-4ED3-43CE-8FD0-18DF706D677B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {E25F97D8-2CAB-4342-B622-D91087C70162} - System32\Tasks\SolutoTask_dee78a02-bb27-445f-bec3-c9560f01447b => C:\ProgramData\Soluto\Temp\ninite.evernote_5_0_3_1614.setup-22f963cb-0448-1602-80f4-41ccf2900b5e.exe <==== ATTENTION
    Task: {EFB9825D-5A54-4D89-864C-72BCE297F0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\MySearchDial.job => C:\Users\TomIlene\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2014-10-18 10:10 - 2014-10-18 10:10 - 03667968 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\0a3db4ed902293be113f2ab36409f62f\PCGPreCompiled.ni.dll
    2014-10-18 10:12 - 2014-10-18 10:12 - 00267264 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\b156a891fc52ac22e7b03f6c58474ceb\PCGAppControlPluginLoader.ni.dll
    2014-10-18 10:12 - 2014-10-18 10:12 - 00068096 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\SignalRWrapper\e6a73f2f55939b246043277edd600b85\SignalRWrapper.ni.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00090688 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00090688 _____ () c:\program files\soluto\PCGDllExportInspector.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00048640 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    2014-08-29 08:23 - 2014-08-29 08:23 - 01158144 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00253440 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00109056 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
    2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2015-01-24 16:29 - 2015-01-24 16:29 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-25 09:08 - 2015-01-25 09:08 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-24 16:26 - 2015-01-24 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-25 09:48 - 2015-01-25 09:48 - 00098816 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32api.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00110080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\pywintypes27.dll
    2015-01-25 09:48 - 2015-01-25 09:48 - 00364544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\pythoncom27.dll
    2015-01-25 09:48 - 2015-01-25 09:48 - 00045568 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_socket.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 01160704 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_ssl.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00320512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32com.shell.shell.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00713216 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_hashlib.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 01175040 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._core_.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00805888 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._gdi_.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00811008 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._windows_.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 01062400 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._controls_.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00735232 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._misc_.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00557056 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\pysqlite2._sqlite.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00128512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_elementtree.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00127488 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\pyexpat.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00087552 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_ctypes.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00119808 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32file.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00108544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32security.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00007168 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\hashobjs_ext.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00167936 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32gui.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00018432 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32event.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00038912 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32inet.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00011264 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32crypt.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00070656 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._html2.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00027136 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\_multiprocessing.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00035840 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32process.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00686080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\unicodedata.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00122368 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._wizard.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00024064 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32pipe.pyd
    2015-01-25 09:49 - 2015-01-25 09:49 - 00025600 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32pdh.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00525640 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\windows._lib_cacheinvalidation.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00010240 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\select.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00017408 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32profile.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00022528 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\win32ts.pyd
    2015-01-25 09:48 - 2015-01-25 09:48 - 00078336 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI52962\wx._animate.pyd

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1743895207-3571410941-3749681116-500 - Administrator - Disabled)
    Guest (S-1-5-21-1743895207-3571410941-3749681116-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1743895207-3571410941-3749681116-1002 - Limited - Enabled)
    TomIlene (S-1-5-21-1743895207-3571410941-3749681116-1000 - Administrator - Enabled) => C:\Users\TomIlene

    ==================== Faulty Device Manager Devices =============

    Name: HP Officejet Pro 8610
    Description: HP Officejet Pro 8610
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2012-09-24 16:17:09.196
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-24 15:42:02.920
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 18:50:49.159
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 13:45:59.531
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 18:56:39.978
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:27:59.522
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:19:26.898
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 14:06:34.392
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 13:55:16.304
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 12:46:30.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 54%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1757.57 MB
    Total Pagefile: 7785.9 MB
    Available Pagefile: 5326.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (TI106033W0C) (Fixed) (Total:441.41 GB) (Free:285.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31E79F94)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=441.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=22.9 GB) - (Type=17)

    ==================== End Of Log ============================

     

     

    # AdwCleaner v4.108 - Report created 24/01/2015 at 03:30:02
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-23.3 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : TomIlene - TOMILENE-PC
    # Running from : C:\Users\TomIlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08C47WFQ\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : CltMngSvc
    Service Found : SPPD

    ***** [ Files / Folders ] *****

    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Found : C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Found : C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    File Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    File Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\searchplugins\Mysearchdial.xml
    File Found : C:\Users\TomIlene\daemonprocess.txt
    Folder Found : C:\Program Files (x86)\BrowseSmart
    Folder Found : C:\Program Files (x86)\di9NewPlayer
    Folder Found : C:\Program Files (x86)\findopolis
    Folder Found : C:\Program Files (x86)\Free Ride Games
    Folder Found : C:\Program Files (x86)\fst_us_148
    Folder Found : C:\Program Files (x86)\jfilemanager
    Folder Found : C:\Program Files (x86)\Mobogenie
    Folder Found : C:\Program Files (x86)\PepperZip
    Folder Found : C:\Program Files (x86)\SearchProtect
    Folder Found : C:\Program Files (x86)\ShopperPro
    Folder Found : C:\Program Files (x86)\Super Optimizer
    Folder Found : C:\Program Files (x86)\ver7SpeedChecker
    Folder Found : C:\Program Files (x86)\YTDownloader
    Folder Found : C:\ProgramData\Free Ride Games
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jfilemanager
    Folder Found : C:\ProgramData\SearchModule
    Folder Found : C:\ProgramData\ShopperPro
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\Public\Documents\ShopperPro
    Folder Found : C:\Users\TomIlene\AppData\Local\CrashRpt
    Folder Found : C:\Users\TomIlene\AppData\Local\fst_us_148
    Folder Found : C:\Users\TomIlene\AppData\Local\jfilemanager
    Folder Found : C:\Users\TomIlene\AppData\Local\Mobogenie
    Folder Found : C:\Users\TomIlene\AppData\Local\SearchProtect
    Folder Found : C:\Users\TomIlene\AppData\Local\WeatherAlerts
    Folder Found : C:\Users\TomIlene\AppData\LocalLow\HPAppData
    Folder Found : C:\Users\TomIlene\AppData\LocalLow\Mysearchdial
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected]
    Folder Found : C:\Users\TomIlene\AppData\Roaming\pccustubinstaller
    Folder Found : C:\Users\TomIlene\AppData\Roaming\Super Optimizer
    Folder Found : C:\Users\TomIlene\Documents\Mobogenie
    Folder Found : C:\Users\TomIlene\Documents\Super Optimizer
    Folder Found : C:\Users\wangzhisong\AppData\Local\Mobogenie

    ***** [ Scheduled Tasks ] *****

    Task Found : MySearchDial

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos.1
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl
    Key Found : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl.1
    Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Found : HKLM\SOFTWARE\SearchProtect
    Key Found : HKLM\SOFTWARE\SPPDCOM
    Key Found : HKLM\SOFTWARE\Trymedia Systems
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M41CEF66C-931D-43FC-8225-201BA9FFE869&SearchSource=55&CUI=&UM=6&UP=SP1AB2B2A9-D9E1-47A6-BBD3-28F5D1D17699&SSPV=

    -\\ Mozilla Firefox v12.0 (en-US)

    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.AutoSearchEventData", "auto%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.ClearCacheDate", 18);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DNSCatch", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DisplayEULA", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.DnsCatchEventData", "dns%20catch");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EBOMode", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EnableDCAData_xx", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.EnableDCA_xx", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.FirstLaunchShown", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.InstallDomain", "freecause.com");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.InstallType", "standard");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.LoadLayoutDate.100573", 18);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.NewTabSearchEventData", "tab%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.ShowRecommendedOptions", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.StateReportDate", "1418843307625");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.TopRightSearchEventData", "top%20right%20search");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeInstallSaved", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.search", "Google");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.customNewTab", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaDefaultMode", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaShowInstallerPage", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.dcaShowSurvey", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.helpUsImprove", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.hideOthers", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.partnerauth", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.processAddrBar", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.restoreSearch", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.searchHistory", true);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.session", "887A3F39368B4E7B3E85C20C1E9AED41BA3BCB67CEC131B85D9BEC411B1C0969588582257C63B253B023FEF1A62581EC1D8DD8736FF2475070C258646B646D866C94A8F1[...]
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.showFirstLaunchOptions", false);
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.tb_lang", "en");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.tool_id", "100573");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_id", "124959010");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_key", "c42aaeaae8b810a256b9a15bc41ea5f2a58715ce");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_layouts", "100573");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.user_lnames", "Shop%20to%20Win%2031");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.vars.disablecuidinject", "1");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
    [nxphnce1.default] - Line Found : user_pref("freecause678881e15812e8d4c5b35902ec5dbf68.yahooSearch", false);

    -\\ Google Chrome v40.0.2214.91

    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.cpcc.edu/search?SearchableText={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyzyyE0EyBzztB0BtDzytCtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1096520625&ir=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP69339B41-339A-40DE-9B91-6E58F74EE03D&q={searchTerms}&SSPV=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP69339B41-339A-40DE-9B91-6E58F74EE03D&q={searchTerms}&SSPV=
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,&q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,&q={searchTerms}
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
    [C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8

    *************************

    AdwCleaner[R0].txt - [13517 octets] - [24/01/2015 03:30:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13578 octets] ##########


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     

     


    • 0

    Advertisements


    #11
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Not sure if I did all this correctly. After reboot, the screen after running Command Prompt sfc  /scannow said 'scannow' is not recognized as an iinternal or external command, operable program or batch file. All else seems to have generated the various .txt files, except the junk.txt file was empty. Here they are.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
    Ran by TomIlene at 2015-01-26 09:57:55 Run:1
    Running from C:\Users\TomIlene\Downloads
    Loaded Profiles: TomIlene (Available profiles: TomIlene)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [16F3AE012F60FC3AEB49178160248FC66D35511C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\MountPoints2: {310a34ae-6eab-11e1-a29f-60eb6994e782} - E:\ToolLauncher-Bootstrap.exe
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - Default Value = {5963db80-6910-e734-3d61-9e997c263db5}
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - FCToolbarURLSearchHook Class - {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Shop to Win -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Extension: mysearchdial.com - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] [2013-12-05]
    FF Extension: Shopper-Pro - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-09-10]
    FF Extension: Shop to Win 31 - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi [2012-11-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-02]
    S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]
    S3 SPPD; C:\windows\system32\drivers\SPPD.sys [21976 2015-01-24] ()
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-08-28] (Soluto)
    R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-08-28] (GlavSoft LLC.) [File not signed]
    R3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TomIlene\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    Task: C:\windows\Tasks\MySearchDial.job => C:\Users\TomIlene\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {E25F97D8-2CAB-4342-B622-D91087C70162} - System32\Tasks\SolutoTask_dee78a02-bb27-445f-bec3-c9560f01447b => C:\ProgramData\Soluto\Temp\ninite.evernote_5_0_3_1614.setup-22f963cb-0448-1602-80f4-41ccf2900b5e.exe <==== ATTENTION

    *****************

    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Run\\16F3AE012F60FC3AEB49178160248FC66D35511C._service_run => value deleted successfully.
    "HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782}" => Key deleted successfully.
    HKCR\CLSID\{310a34ae-6eab-11e1-a29f-60eb6994e782} => Key not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data removed successfully.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5963db80-6910-e734-3d61-9e997c263db5} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{5963db80-6910-e734-3d61-9e997c263db5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => Key deleted successfully.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] => Moved successfully.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => Moved successfully.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi => Moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
    HPSupportSolutionsFrameworkService => Service deleted successfully.
    SPPD => Service deleted successfully.
    SolutoLauncherService => Service stopped successfully.
    SolutoLauncherService => Service deleted successfully.
    SolutoRemoteService => Service stopped successfully.
    SolutoRemoteService => Service deleted successfully.
    cpuz136 => Service stopped successfully.
    cpuz136 => Service deleted successfully.
    "HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
    "HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    C:\windows\Tasks\MySearchDial.job => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E25F97D8-2CAB-4342-B622-D91087C70162}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E25F97D8-2CAB-4342-B622-D91087C70162}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SolutoTask_dee78a02-bb27-445f-bec3-c9560f01447b => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SolutoTask_dee78a02-bb27-445f-bec3-c9560f01447b" => Key deleted successfully.

    ==== End of Fixlog 09:57:59 ====

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by TomIlene (administrator) on TOMILENE-PC on 25-01-2015 12:31:52
    Running from C:\Users\TomIlene\Downloads
    Loaded Profiles: TomIlene (Available profiles: TomIlene)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
    (Soluto) C:\Program Files\Soluto\SolutoService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (GlavSoft LLC.) C:\Program Files\Soluto\SolutoRemoteService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Soluto) C:\Program Files\Soluto\Soluto.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873288 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [16F3AE012F60FC3AEB49178160248FC66D35511C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-08-29] ()
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [Google Update] => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-08] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\MountPoints2: {310a34ae-6eab-11e1-a29f-60eb6994e782} - E:\ToolLauncher-Bootstrap.exe
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - Default Value = {5963db80-6910-e734-3d61-9e997c263db5}
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - FCToolbarURLSearchHook Class - {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
    SearchScopes: HKLM -> DefaultScope {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> DefaultScope {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...1I7TSNF_enUS443
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Shop to Win -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default
    FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/O1DPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: mysearchdial.com - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] [2013-12-05]
    FF Extension: Shopper-Pro - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-09-10]
    FF Extension: Shop to Win 31 - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi [2012-11-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-08]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
    FF HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,
    CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2011-08-04]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2011-10-06]
    CHR Extension: (Google Calendar) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2011-09-01]
    CHR Extension: (Digital Clock) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-06-07]
    CHR Extension: (Avast Online Security) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
    CHR Extension: (Do Not Disturb!) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-06-26]
    CHR Extension: (Clearly) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-09-19]
    CHR Extension: (My Browser Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-12-05]
    CHR Extension: (HuffingtonPost NewsGlide) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef [2011-08-04]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
    CHR Extension: (Sooner) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm [2011-10-06]
    CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2011-08-04]
    CHR Extension: (Google Wallet) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Neat Bookmarks) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp [2011-08-04]
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [pdjaaibbgfdnolpgkmgbdebhhpddkokk] - C:\Users\TomIlene\AppData\Roaming\Shop to Win 31\Toolbar_production_100573_31.crx [2012-08-29]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-28] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-08-28] (Soluto)
    R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-08-28] (GlavSoft LLC.) [File not signed]
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
    R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
    S3 SPPD; C:\windows\system32\drivers\SPPD.sys [21976 2015-01-24] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)
    R3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 12:31 - 2015-01-25 12:32 - 00028617 _____ () C:\Users\TomIlene\Downloads\FRST.txt
    2015-01-25 12:26 - 2015-01-25 12:27 - 00000636 _____ () C:\Users\TomIlene\Desktop\JRT.txt
    2015-01-25 09:09 - 2015-01-25 09:09 - 00000197 _____ () C:\windows\system32\2015-01-25-14-09-01.079-AvastVBoxSVC.exe-3016.log
    2015-01-25 00:06 - 2015-01-25 00:06 - 00000000 ____D () C:\windows\ERUNT
    2015-01-25 00:02 - 2015-01-25 00:02 - 01707939 _____ (Thisisu) C:\Users\TomIlene\Downloads\JRT.exe
    2015-01-25 00:00 - 2015-01-25 12:31 - 00000000 ____D () C:\FRST
    2015-01-25 00:00 - 2015-01-25 00:00 - 02129920 _____ (Farbar) C:\Users\TomIlene\Downloads\FRST64.exe
    2015-01-24 19:59 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-59-27.019-aswFe.exe-3940.log
    2015-01-24 19:53 - 2015-01-24 19:53 - 00930200 _____ (Install Manager ) C:\Users\TomIlene\Downloads\setup.exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00412024 _____ (Premium Installer ) C:\Users\TomIlene\Downloads\fl_setup.exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00341368 _____ (Swift Installer ) C:\Users\TomIlene\Downloads\fl_setup (2).exe
    2015-01-24 19:53 - 2015-01-24 19:53 - 00341368 _____ (Swift Installer ) C:\Users\TomIlene\Downloads\fl_setup (1).exe
    2015-01-24 19:49 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-49-39.082-aswFe.exe-5620.log
    2015-01-24 19:49 - 2015-01-24 19:49 - 00000197 _____ () C:\windows\system32\2015-01-25-00-49-31.071-AvastVBoxSVC.exe-2992.log
    2015-01-24 16:52 - 2015-01-24 16:52 - 00021976 _____ () C:\windows\system32\Drivers\SPPD.sys
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\SysWOW64\vbox
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\system32\vbox
    2015-01-24 16:27 - 2015-01-24 16:27 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Roaming\AVAST Software
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-01-24 16:26 - 2015-01-24 16:27 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-01-24 16:26 - 2015-01-24 16:26 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-01-24 16:26 - 2015-01-24 16:26 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00087912 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-01-24 16:26 - 2015-01-24 16:26 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2015-01-24 16:25 - 2015-01-24 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-01-24 16:22 - 2015-01-24 16:25 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-24 10:03 - 2015-01-24 10:04 - 132469808 _____ (AVAST Software) C:\Users\TomIlene\Downloads\avast_free_antivirus_setup.exe
    2015-01-24 03:28 - 2015-01-24 03:31 - 00000000 ____D () C:\AdwCleaner
    2015-01-24 03:12 - 2015-01-24 03:12 - 00124330 _____ () C:\Users\TomIlene\Desktop\OTL.Txt
    2015-01-23 14:53 - 2015-01-23 14:53 - 00118080 _____ () C:\Users\TomIlene\Documents\Computer Virus Warning, OTL.Txt
    2015-01-23 14:09 - 2015-01-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\TomIlene\Desktop\OTL.exe
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Evernote
    2015-01-23 13:18 - 2015-01-23 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-23 12:25 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7112.dll
    2015-01-23 12:24 - 2015-01-23 12:24 - 00000000 ____D () C:\Program Files\HP
    2015-01-23 12:23 - 2015-01-23 12:23 - 00000057 _____ () C:\ProgramData\Ament.ini
    2015-01-23 11:35 - 2015-01-23 11:04 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
    2015-01-23 11:35 - 2015-01-23 11:04 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-22 14:55 - 2015-01-22 14:55 - 00000000 __SHD () C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
    2015-01-15 13:28 - 2015-01-15 13:28 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-14 10:49 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-14 10:49 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-14 10:49 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-01-14 10:49 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-01-14 10:49 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 10:49 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-01-14 10:49 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-14 10:49 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-13 11:41 - 2015-01-13 11:41 - 00030194 _____ () C:\Users\TomIlene\Downloads\1421163004.html
    2015-01-12 10:54 - 2015-01-12 10:54 - 12927067 _____ () C:\Users\TomIlene\Downloads\20150110_113404.mp4
    2015-01-07 11:35 - 2015-01-07 11:35 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (4).xlsx
    2015-01-07 11:35 - 2015-01-07 11:35 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (3).xlsx
    2015-01-07 11:32 - 2015-01-07 11:32 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (2).xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule.xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (1).xlsx
    2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-12-31 12:45 - 2014-12-31 12:46 - 16409960 _____ (Safer Networking Limited ) C:\Users\TomIlene\Downloads\spybotsd162 (2).exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 12:15 - 2014-08-08 18:56 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
    2015-01-25 12:15 - 2014-08-08 18:56 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
    2015-01-25 12:15 - 2012-04-16 07:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-25 12:15 - 2011-07-29 00:36 - 01651369 _____ () C:\windows\WindowsUpdate.log
    2015-01-25 12:15 - 2010-10-14 23:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-25 09:52 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-01-25 09:50 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 09:50 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-25 09:49 - 2014-09-25 16:04 - 00000000 ___RD () C:\Users\TomIlene\iCloudDrive
    2015-01-25 09:49 - 2013-10-24 16:09 - 00000000 ___RD () C:\Users\TomIlene\Google Drive
    2015-01-25 09:49 - 2010-10-14 23:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-25 09:07 - 2012-11-14 09:21 - 00011946 _____ () C:\windows\setupact.log
    2015-01-25 09:07 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-25 02:12 - 2011-09-13 16:24 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2015-01-24 16:39 - 2010-10-14 23:32 - 00574224 _____ () C:\windows\PFRO.log
    2015-01-24 16:22 - 2012-02-14 12:13 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{83EECBD0-378C-413E-A84D-0137D0FD82C4}
    2015-01-24 15:46 - 2011-08-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-01-24 15:45 - 2011-09-13 16:24 - 00001945 _____ () C:\windows\epplauncher.mif
    2015-01-24 02:49 - 2011-08-03 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 01:17 - 2012-11-28 12:34 - 00003970 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
    2015-01-23 13:18 - 2010-10-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-23 13:06 - 2014-07-08 12:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\HP
    2015-01-23 13:04 - 2014-07-08 12:02 - 00000000 ____D () C:\Program Files (x86)\HP
    2015-01-23 12:25 - 2014-07-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-01-23 12:24 - 2014-07-08 12:00 - 00000000 ____D () C:\ProgramData\HP
    2015-01-23 11:42 - 2011-07-29 00:43 - 00032904 _____ () C:\windows\DPINST.LOG
    2015-01-23 11:36 - 2013-11-14 18:39 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-23 11:36 - 2012-06-27 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-23 11:35 - 2012-04-16 07:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-23 11:35 - 2012-04-16 07:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-23 11:35 - 2011-11-09 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-23 11:04 - 2014-08-16 15:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2015-01-15 13:32 - 2014-09-25 16:05 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\592F94FA-5DCE-4604-B5A4-57E4BD30ECF2.aplzod
    2015-01-15 12:34 - 2013-08-07 09:51 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-15 12:11 - 2011-08-08 12:11 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-13 14:29 - 2011-10-25 12:18 - 00000000 ____D () C:\Users\TomIlene\Documents\Outlook Files
    2015-01-08 15:47 - 2013-10-24 15:21 - 00002001 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-01-08 15:47 - 2013-10-24 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-08 09:55 - 2011-08-04 09:40 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-12-28 03:29 - 2011-08-01 20:26 - 00000000 ____D () C:\windows\System32\Tasks\Games
    2014-12-27 17:58 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

    ==================== Files in the root of some directories =======

    2011-08-03 11:43 - 2011-08-03 11:43 - 13685936 _____ (Mozilla) C:\Program Files\Firefox Setup 5.0.1.exe
    2011-08-04 15:43 - 2011-08-04 15:43 - 30307728 _____ (Microsoft Corporation) C:\Program Files\IPx64_1033_8.15.406.0.exe
    2011-08-05 07:38 - 2011-08-05 07:38 - 16268176 _____ (Microsoft Corporation) C:\Program Files\ITPx64_1033_8.15.406.0.exe
    2011-08-04 09:16 - 2011-08-04 09:18 - 10165440 _____ (Microsoft Corporation) C:\Program Files\mseinstall.exe
    2014-07-08 12:27 - 2014-07-08 12:27 - 0001004 _____ () C:\Users\TomIlene\AppData\Roaming\ConvAPIPlugin.log
    2013-12-05 10:25 - 2013-12-05 10:25 - 0351124 _____ () C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    2012-08-16 01:04 - 2012-08-16 01:04 - 0000017 _____ () C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
    2015-01-23 12:23 - 2015-01-23 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-08 12:00 - 2014-07-08 12:28 - 0000960 _____ () C:\ProgramData\hpzinstall.log
    2013-08-31 15:22 - 2013-08-31 15:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\TomIlene\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\TomIlene\AppData\Local\Temp\Quarantine.exe
    C:\Users\TomIlene\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-27 17:08

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by TomIlene at 2015-01-26 10:00:34
    Running from C:\Users\TomIlene\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    App Client version 2.57 (HKLM-x32\...\{B28D9C36-91CF-4DDD-A114-B78F27FEDCCF}}_is1) (Version: 2.57 - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
    Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HTC Sync (HKLM-x32\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.49.0 - Symantec Corporation)
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
    Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Shop To Win (HKLM-x32\...\{1220BDA0-E418-4789-BFF5-072062B29D01}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)
    Shop to Win 31 (HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Shop to Win 31) (Version:  - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Soluto (HKLM\...\{3D221DF4-18AB-4876-A825-57E2D2CC2429}) (Version: 1.3.1444.0 - Soluto)
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
    The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.5.60 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.2 - WildTangent)
    Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points  =========================

    24-10-2014 10:38:37 Windows Update
    30-10-2014 12:49:48 Windows Update
    02-11-2014 17:38:03 Windows Update
    06-11-2014 01:19:53 Windows Update
    09-11-2014 16:29:51 Windows Update
    12-11-2014 12:35:15 Windows Update
    16-11-2014 14:00:14 Windows Update
    19-11-2014 15:39:19 Windows Update
    19-11-2014 23:49:27 Windows Update
    24-11-2014 18:12:21 Windows Update
    28-11-2014 00:59:15 Windows Update
    01-12-2014 17:35:00 Windows Update
    05-12-2014 02:21:41 Windows Update
    09-12-2014 09:45:02 Windows Update
    11-12-2014 11:16:46 Windows Update
    13-12-2014 09:13:23 Windows Update
    17-12-2014 14:20:04 Windows Update
    19-12-2014 10:11:55 Windows Update
    23-12-2014 10:16:26 Windows Update
    26-12-2014 16:04:01 Windows Update
    30-12-2014 01:15:08 Windows Update
    02-01-2015 11:00:37 C
    03-01-2015 08:23:27 Windows Update
    06-01-2015 12:12:53 Windows Update
    09-01-2015 16:37:34 Windows Update
    13-01-2015 11:03:31 Windows Update
    15-01-2015 12:10:06 Windows Update
    19-01-2015 12:07:31 Windows Update
    22-01-2015 14:50:29 C
    23-01-2015 11:41:24 Removed HTC Driver Installer.
    23-01-2015 11:49:20 C
    23-01-2015 13:24:31 Windows Update
    24-01-2015 16:25:00 avast! antivirus system restore point
    25-01-2015 02:07:48 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2011-08-11 22:38 - 00434097 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0BE04743-17AA-4857-B017-D609D0B0575B} - System32\Tasks\{83EF2759-EF39-4807-A920-6C1BACD5FA1D} => pcalua.exe -a "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads\documentstogopro7006-en.exe" -d "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads"
    Task: {106510A5-C9BA-41DF-BD58-283306415073} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {14047A40-99AB-4616-B1B9-C4C7D7167996} - System32\Tasks\SolutoTask_a36c3598-c5e7-4759-a120-1aadcbf0a77e => C:\ProgramData\Soluto\Temp\ninite.googleearth_7_1_2_2041.setup-22f963ca-fd60-88d1-bf8a-ef3ecca5692c.exe <==== ATTENTION
    Task: {1DC69D13-7876-4654-B4AE-973430DE9805} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {315242EF-15A3-40A6-81B3-61BD412DA754} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
    Task: {44ACCCA2-B485-4FFC-A4E5-49EFB15B3377} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-28] (Symantec Corporation)
    Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {54F5C15D-5961-40D9-807C-D1C1B6DE5E92} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {69574AE5-47BD-4AB1-A2D9-FDE01983FAD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft..../?LinkId=116866
    Task: {71909F83-451C-492E-844B-37B616F32DD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-24] (AVAST Software)
    Task: {7393C912-0485-48C7-9780-1A79EA538960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {8512FBC1-0871-4633-B6CC-1DDEC1FA3417} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {995FBF71-5898-4304-8361-8216FE777133} - System32\Tasks\{12D77EA9-5EE1-4830-8B68-ADED66A1B417} => pcalua.exe -a C:\Users\TomIlene\Downloads\CAInstall.exe -d C:\windows\system32
    Task: {CC2B3965-4ED3-43CE-8FD0-18DF706D677B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {EFB9825D-5A54-4D89-864C-72BCE297F0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-10-18 10:10 - 2014-10-18 10:10 - 03667968 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\0a3db4ed902293be113f2ab36409f62f\PCGPreCompiled.ni.dll
    2014-10-18 10:12 - 2014-10-18 10:12 - 00267264 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\b156a891fc52ac22e7b03f6c58474ceb\PCGAppControlPluginLoader.ni.dll
    2014-10-18 10:12 - 2014-10-18 10:12 - 00068096 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\SignalRWrapper\e6a73f2f55939b246043277edd600b85\SignalRWrapper.ni.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00090688 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2013-08-28 14:09 - 2013-08-28 14:09 - 00090688 _____ () c:\program files\soluto\PCGDllExportInspector.dll
    2015-01-25 09:08 - 2015-01-25 09:08 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-26 09:47 - 2015-01-26 09:47 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012600\algo.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-24 16:26 - 2015-01-24 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-25 16:00 - 2015-01-25 16:00 - 00098816 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32api.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00110080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\pywintypes27.dll
    2015-01-25 16:00 - 2015-01-25 16:00 - 00364544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\pythoncom27.dll
    2015-01-25 16:00 - 2015-01-25 16:00 - 00045568 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_socket.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 01160704 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_ssl.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00320512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32com.shell.shell.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00713216 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_hashlib.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 01175040 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._core_.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00805888 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._gdi_.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00811008 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._windows_.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 01062400 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._controls_.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00735232 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._misc_.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00557056 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\pysqlite2._sqlite.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00128512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_elementtree.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00127488 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\pyexpat.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00087552 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_ctypes.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00119808 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32file.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00108544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32security.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00007168 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\hashobjs_ext.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00167936 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32gui.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00018432 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32event.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00038912 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32inet.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00011264 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32crypt.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00070656 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._html2.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00027136 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\_multiprocessing.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00035840 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32process.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00686080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\unicodedata.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00122368 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._wizard.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00024064 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32pipe.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00025600 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32pdh.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00525640 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\windows._lib_cacheinvalidation.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00010240 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\select.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00017408 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32profile.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00022528 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\win32ts.pyd
    2015-01-25 16:00 - 2015-01-25 16:00 - 00078336 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI47122\wx._animate.pyd

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1743895207-3571410941-3749681116-500 - Administrator - Disabled)
    Guest (S-1-5-21-1743895207-3571410941-3749681116-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1743895207-3571410941-3749681116-1002 - Limited - Enabled)
    TomIlene (S-1-5-21-1743895207-3571410941-3749681116-1000 - Administrator - Enabled) => C:\Users\TomIlene

    ==================== Faulty Device Manager Devices =============

    Name: HP Officejet Pro 8610
    Description: HP Officejet Pro 8610
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/26/2015 09:46:30 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (01/25/2015 04:28:38 PM) (Source: Application) (EventID: 0) (User: )
    Description: Object reference not set to an instance of an object.

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 770239

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 770239

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2153

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2153

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2015 04:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1139

    Error: (01/25/2015 04:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1139

    System errors:
    =============
    Error: (01/26/2015 09:58:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The cpuz136 service failed to start due to the following error:
    %%2

    Error: (01/25/2015 04:02:46 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

    Error: (01/25/2015 04:02:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/25/2015 04:00:37 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (01/25/2015 03:23:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    %%2

    Error: (01/25/2015 03:22:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\windows\system32\Rtlihvs.dll
    Error Code: 126

    Microsoft Office Sessions:
    =========================
    Error: (01/26/2015 09:46:30 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (01/25/2015 04:28:38 PM) (Source: Application) (EventID: 0) (User: )
    Description: Object reference not set to an instance of an object.

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 770239

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 770239

    Error: (01/25/2015 04:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2153

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2153

    Error: (01/25/2015 04:15:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2015 04:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1139

    Error: (01/25/2015 04:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1139

    CodeIntegrity Errors:
    ===================================
      Date: 2012-09-24 16:17:09.196
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-24 15:42:02.920
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 18:50:49.159
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 13:45:59.531
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 18:56:39.978
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:27:59.522
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:19:26.898
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 14:06:34.392
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 13:55:16.304
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 12:46:30.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 73%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1043.68 MB
    Total Pagefile: 7785.9 MB
    Available Pagefile: 4703.06 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (TI106033W0C) (Fixed) (Total:441.41 GB) (Free:285.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31E79F94)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=441.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=22.9 GB) - (Type=17)

    ==================== End Of Log ============================

     

    Process CPU Private Bytes Working Set PID Description Company Name
    System Idle Process 91.76 0 K 24 K 0  
    System 0.13 376 K 3,984 K 4  
     Interrupts 0.39 0 K 0 K n/a Hardware Interrupts and DPCs 
     smss.exe  548 K 1,168 K 408  
    csrss.exe < 0.01 2,752 K 7,156 K 568  
    csrss.exe 0.06 13,340 K 11,548 K 684  
    wininit.exe  1,676 K 4,436 K 692  
     services.exe  7,276 K 10,840 K 788  
      svchost.exe 0.02 4,960 K 9,976 K 900 Host Process for Windows Services Microsoft Corporation
       WmiPrvSE.exe 2.94 6,936 K 12,140 K 2932  
       APSDaemon.exe  4,788 K 13,628 K 5028 Apple Push Apple Inc.
       HPNetworkCommunicatorCom.exe 0.01 4,192 K 10,712 K 532 HPNetworkCommunicatorCom Hewlett-Packard Development Company, LP
       unsecapp.exe  2,464 K 6,596 K 6560 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
       hpswp_clipbook.exe  2,000 K 5,548 K 1288 HP Smart Web Printing add-on for Internet Explorer Hewlett-Packard Co.
       FlashUtil64_16_0_0_296_ActiveX.exe  4,416 K 10,020 K 6696 Adobe® Flash® Player Installer/Uninstaller 16.0 r0 Adobe Systems Incorporated
      PresentationFontCache.exe  28,064 K 17,440 K 996 PresentationFontCache.exe Microsoft Corporation
      svchost.exe < 0.01 8,340 K 11,788 K 128 Host Process for Windows Services Microsoft Corporation
      svchost.exe  21,800 K 24,092 K 580 Host Process for Windows Services Microsoft Corporation
       audiodg.exe 0.01 18,156 K 18,576 K 8044  
      svchost.exe < 0.01 171,936 K 178,764 K 612 Host Process for Windows Services Microsoft Corporation
       dwm.exe  1,992 K 5,712 K 3332 Desktop Window Manager Microsoft Corporation
      svchost.exe < 0.01 14,936 K 22,880 K 564 Host Process for Windows Services Microsoft Corporation
      svchost.exe 0.15 35,004 K 50,948 K 864 Host Process for Windows Services Microsoft Corporation
      svchost.exe  3,092 K 6,120 K 1040 Host Process for Windows Services Microsoft Corporation
      svchost.exe < 0.01 26,252 K 27,904 K 1140 Host Process for Windows Services Microsoft Corporation
      AvastSvc.exe 0.02 95,688 K 40,960 K 1312 avast! Service AVAST Software
       ngservice.exe  1,344 K 3,308 K 3604  
      spoolsv.exe  12,804 K 21,308 K 1560 Spooler SubSystem App Microsoft Corporation
      svchost.exe  14,816 K 17,816 K 1620 Host Process for Windows Services Microsoft Corporation
      armsvc.exe  1,216 K 3,856 K 1708 Adobe Acrobat Update Service Adobe Systems Incorporated
      AppleMobileDeviceService.exe < 0.01 3,552 K 9,428 K 1752 MobileDeviceService Apple Inc.
      mDNSResponder.exe  2,688 K 5,884 K 1808 Bonjour Service Apple Inc.
      svchost.exe  3,480 K 8,156 K 1916 Host Process for Windows Services Microsoft Corporation
      LMS.exe 0.03 2,800 K 4,944 K 1952 Local Manageability Service Intel Corporation
      SymcPCCULaunchSvc.exe  1,940 K 5,496 K 2032 Norton PC Checkup Launcher Service Symantec Corporation
      ccSvcHst.exe < 0.01 3,924 K 10,644 K 1168 Symantec Service Framework Symantec Corporation
       ccSvcHst.exe < 0.01 3,308 K 9,240 K 4108  
      PsiService_2.exe  1,100 K 3,456 K 1400 PsiService PsiService Protexis Inc.
      SolutoService.exe 0.21 128,696 K 54,056 K 1668 Soluto Soluto
      TosCoSrv.exe  3,016 K 5,192 K 2264 TOSHIBA Power Saver TOSHIBA Corporation
      TecoService.exe 0.03 2,320 K 4,424 K 2380 TOSHIBA eco Utility Service TOSHIBA Corporation
      WLIDSVC.EXE < 0.01 7,324 K 14,524 K 2440  
       WLIDSVCM.EXE  1,512 K 3,472 K 2536  
      svchost.exe < 0.01 4,352 K 8,372 K 2972 Host Process for Windows Services Microsoft Corporation
      AvastVBoxSVC.exe < 0.01 7,892 K 14,420 K 3032 AvastVirtualBox Interface Avast Software
      svchost.exe  2,736 K 6,036 K 3380 Host Process for Windows Services Microsoft Corporation
      svchost.exe 0.01 7,648 K 13,536 K 3664 Host Process for Windows Services Microsoft Corporation
      iviRegMgr.exe  1,140 K 3,944 K 2064 RegMgr Module InterVideo
      UNS.exe  4,900 K 9,816 K 2868 User Notification Service Intel Corporation
      svchost.exe < 0.01 46,568 K 13,776 K 3772 Host Process for Windows Services Microsoft Corporation
      wmpnetwk.exe < 0.01 12,096 K 12,980 K 3812 Windows Media Player Network Sharing Service Microsoft Corporation
      SearchIndexer.exe  40,604 K 27,660 K 3852 Microsoft Windows Search Indexer Microsoft Corporation
      svchost.exe  2,024 K 5,308 K 3156 Host Process for Windows Services Microsoft Corporation
      taskhost.exe < 0.01 19,348 K 19,052 K 2732 Host Process for Windows Tasks Microsoft Corporation
      iPodService.exe 0.01 2,540 K 6,900 K 5592 iPodService Module (64-bit) Apple Inc.
      svchost.exe < 0.01 12,148 K 15,364 K 6032 Host Process for Windows Services Microsoft Corporation
      TMachInfo.exe < 0.01 32,836 K 31,676 K 6284 TSS TMachInfo Service TOSHIBA Corporation
      TODDSrv.exe < 0.01 1,812 K 4,424 K 6368 TDCSrv Application TOSHIBA Corporation
      TosSmartSrv.exe  1,768 K 4,380 K 7092 TosSmartSrv.exe TOSHIBA Corporation
      svchost.exe  4,188 K 4,324 K 3516 Host Process for Windows Services Microsoft Corporation
      VSSVC.exe  2,324 K 6,880 K 6372 Microsoft® Volume Shadow Copy Service Microsoft Corporation
      taskhost.exe  3,956 K 5,272 K 6572  
     lsass.exe 0.01 8,780 K 16,724 K 796 Local Security Authority Process Microsoft Corporation
     lsm.exe  3,056 K 4,744 K 804  
    winlogon.exe  3,332 K 7,288 K 748  
     Soluto.exe 0.25 50,536 K 35,852 K 3144 Soluto Soluto
    GoogleCrashHandler.exe  1,780 K 528 K 2052  
    GoogleCrashHandler64.exe  1,980 K 528 K 2872  
    explorer.exe 0.03 52,568 K 71,192 K 3172 Windows Explorer Microsoft Corporation
     igfxtray.exe  2,972 K 6,932 K 4152 igfxTray Module Intel Corporation
     hkcmd.exe  3,592 K 10,564 K 4180 hkcmd Module Intel Corporation
     igfxpers.exe  2,668 K 7,380 K 4192 persistence Module Intel Corporation
     cAudioFilterAgent64.exe  2,324 K 5,960 K 4204 Conexant High Definition Audio Filter Agent Conexant Systems, Inc.
     SynTPEnh.exe < 0.01 8,812 K 14,176 K 4272 Synaptics TouchPad Enhancements Synaptics Incorporated
      SynTPHelper.exe  1,580 K 3,664 K 5036  
     SmoothView.exe  1,560 K 3,516 K 4344 SmoothView TOSHIBA Corporation
     Teco.exe  3,456 K 8,912 K 4452 TOSHIBA eco Utility TOSHIBA Corporation
     TosNcCore.exe  2,900 K 8,088 K 4508 Message Center TOSHIBA Corporation
     itype.exe  7,408 K 16,280 K 4528 IType.exe Microsoft Corporation
      dpupdchk.exe  2,008 K 4,692 K 4916 dpupdchk.exe Microsoft Corporation
     ipoint.exe  8,820 K 18,556 K 4548 IPoint.exe Microsoft Corporation
     sidebar.exe 0.64 49,620 K 51,440 K 4588 Windows Desktop Gadgets Microsoft Corporation
     googledrivesync.exe  1,336 K 3,412 K 4712 Google Drive Google
      googledrivesync.exe 0.23 58,480 K 70,092 K 5428 Google Drive Google
     iCloudServices.exe  8,248 K 22,616 K 4804 iCloud Apple Inc.
     ApplePhotoStreams.exe  10,764 K 26,796 K 4820 iCloud Photos Apple Inc.
     iCloudDrive.exe  11,928 K 26,540 K 4832 iCloud Drive Apple Inc.
     ScanToPCActivationApp.exe < 0.01 5,696 K 14,620 K 4864 ScanToPCActivationApp Hewlett-Packard Development Company, LP
     iexplore.exe 0.02 31,668 K 60,872 K 7364 Internet Explorer Microsoft Corporation
      iexplore.exe 0.67 253,216 K 271,900 K 8084 Internet Explorer Microsoft Corporation
      GoogleToolbarUser_32.exe  5,700 K 12,404 K 7704 Google Toolbar Broker Google Inc.
      iexplore.exe 0.60 246,844 K 263,492 K 6760 Internet Explorer Microsoft Corporation
      iexplore.exe 0.81 165,956 K 171,740 K 3076 Internet Explorer Microsoft Corporation
      googletalkplugin.exe 0.02 11,400 K 15,448 K 4616 Hangouts Plugin Google
     procexp.exe  2,404 K 7,132 K 8176  
      procexp64.exe 0.38 31,932 K 54,520 K 1092  
     procexp.exe  2,408 K 5,836 K 1128 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
      procexp64.exe 0.52 22,992 K 41,512 K 8100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
    ToshibaServiceStation.exe  51,508 K 72,356 K 5048 TOSHIBA Service Station TOSHIBA Corporation
    hpwuschd2.exe  1,044 K 3,620 K 2284 hpwuSchd Application Hewlett-Packard
    iTunesHelper.exe < 0.01 3,860 K 11,748 K 336 iTunesHelper Apple Inc.
    avastui.exe 0.01 24,156 K 25,328 K 840 avast! Antivirus AVAST Software
    notepad.exe  1,980 K 6,932 K 2960  
    notepad.exe  2,048 K 6,684 K 936  
    notepad.exe  2,112 K 6,736 K 6412  

     

     

    -------------------------------------------------------------------------------------------------------

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 26/01/2015 11:10:34 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/01/2015 3:32:20 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 26/01/2015 3:31:53 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The cpuz136 service failed to start due to the following error:  The system cannot find the file specified.

    Log: 'System' Date/Time: 26/01/2015 3:31:53 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 26/01/2015 3:26:57 PM
    Type: Error Category: 0
    Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has failed to start.  Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/01/2015 3:26:48 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 26/01/2015 3:24:24 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 26/01/2015 11:11:55 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/01/2015 3:31:52 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x1a6c Faulting application start time: 0x01d0397d342a0404 Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll Report Id: 72fd217d-a570-11e4-9579-60eb6994e782

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/01/2015 3:24:09 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes:
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000_CLASSES
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000_CLASSES

    Log: 'Application' Date/Time: 26/01/2015 3:24:08 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   29 user registry handles leaked from \Registry\User\S-1-5-21-1743895207-3571410941-3749681116-1000:
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows NT\CurrentVersion
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\My
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Policies
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\CA
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\Root
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop to Win 31
    Process 1668 (\Device\HarddiskVolume2\Program Files\Soluto\SolutoService.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop to Win 31
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Policies\Microsoft\SystemCertificates
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\trust
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 840 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\SystemCertificates\Disallowed

     


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    The junk file will be empty if sfc /scannow does not run.  It sounds like you may have typed it wrong.  Note the space after sfc and the forward slash in front of scannow.  Try it again.
     
    Even if you can't get it to work doe the VEW step.
     
     
     
     

    • 0

    #13
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Is sfc on a separate line, then /scannow after ... and if they are to be together, is that 2 spaces after sfc?


    • 0

    #14
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    Here's the FRST output. Will take another run at the Command Prompt procedure.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
    Ran by TomIlene at 2015-01-26 13:36:20 Run:2
    Running from C:\Users\TomIlene\Downloads
    Loaded Profiles: TomIlene (Available profiles: TomIlene)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\MountPoints2: {310a34ae-6eab-11e1-a29f-60eb6994e782} - E:\ToolLauncher-Bootstrap.exe
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - Default Value = {5963db80-6910-e734-3d61-9e997c263db5}
    URLSearchHook: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 - FCToolbarURLSearchHook Class - {5963db80-6910-e734-3d61-9e997c263db5} - C:\Program Files (x86)\Shop to Win 31\Helper.dll ()
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Shop to Win -> {284171A7-2F20-7504-35E0-E1B6810714B8} -> C:\Program Files (x86)\Shop to Win 31\Shop to Win 31.dll (Shop To Win, LLC)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Extension: mysearchdial.com - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] [2013-12-05]
    FF Extension: Shopper-Pro - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-09-10]
    FF Extension: Shop to Win 31 - C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi [2012-11-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-02]
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-08-28] (Soluto)
    R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-08-28] (GlavSoft LLC.) [File not signed]
    R3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    Task: {14047A40-99AB-4616-B1B9-C4C7D7167996} - System32\Tasks\SolutoTask_a36c3598-c5e7-4759-a120-1aadcbf0a77e => C:\ProgramData\Soluto\Temp\ninite.googleearth_7_1_2_2041.setup-22f963ca-fd60-88d1-bf8a-ef3ecca5692c.exe <==== ATTENTION
    2011-08-04 15:43 - 2011-08-04 15:43 - 30307728 _____ (Microsoft Corporation) C:\Program Files\IPx64_1033_8.15.406.0.exe
    2011-08-05 07:38 - 2011-08-05 07:38 - 16268176 _____ (Microsoft Corporation) C:\Program Files\ITPx64_1033_8.15.406.0.exe
    2011-08-04 09:16 - 2011-08-04 09:18 - 10165440 _____ (Microsoft Corporation) C:\Program Files\mseinstall.exe
    2013-12-05 10:25 - 2013-12-05 10:25 - 0351124 _____ () C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx
    C:\Program Files\Soluto
    *****************

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310a34ae-6eab-11e1-a29f-60eb6994e782} => Key not found.
    HKCR\CLSID\{310a34ae-6eab-11e1-a29f-60eb6994e782} => Key not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5963db80-6910-e734-3d61-9e997c263db5} => Value not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8} => Key not found.
    HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found.
    HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value not found.
    HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\[email protected] not found.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} not found.
    C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default\Extensions\{678881e1-5812-e8d4-c5b3-5902ec5dbf68}.xpi not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} not found.
    SolutoLauncherService => Service not found.
    SolutoRemoteService => Service not found.
    cpuz136 => Service not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14047A40-99AB-4616-B1B9-C4C7D7167996}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14047A40-99AB-4616-B1B9-C4C7D7167996}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SolutoTask_a36c3598-c5e7-4759-a120-1aadcbf0a77e => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SolutoTask_a36c3598-c5e7-4759-a120-1aadcbf0a77e" => Key deleted successfully.
    C:\Program Files\IPx64_1033_8.15.406.0.exe => Moved successfully.
    C:\Program Files\ITPx64_1033_8.15.406.0.exe => Moved successfully.
    C:\Program Files\mseinstall.exe => Moved successfully.
    C:\Users\TomIlene\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.

    "C:\Program Files\Soluto" directory move:

    C:\Program Files\Soluto\AllowKernelDump.reg => Moved successfully.
    C:\Program Files\Soluto\AllowMachineName.reg => Moved successfully.
    C:\Program Files\Soluto\AmCharts.Windows.Design.dll => Moved successfully.
    C:\Program Files\Soluto\AmCharts.Windows.dll => Moved successfully.
    C:\Program Files\Soluto\Community.CsharpSqlite.dll => Moved successfully.
    C:\Program Files\Soluto\cpuidsdk64.dll => Moved successfully.
    C:\Program Files\Soluto\Interop.IWshRuntimeLibrary.dll => Moved successfully.
    C:\Program Files\Soluto\Interop.NetFwTypeLib.dll => Moved successfully.
    C:\Program Files\Soluto\Ionic.Zip.Reduced.dll => Moved successfully.
    C:\Program Files\Soluto\License.txt => Moved successfully.
    C:\Program Files\Soluto\LocalGenome.sdf => Moved successfully.
    C:\Program Files\Soluto\Microsoft.ServiceHosting.ServiceRuntime.dll => Moved successfully.
    C:\Program Files\Soluto\Newtonsoft.Json.dll => Moved successfully.
    C:\Program Files\Soluto\Newtonsoft.Json.Net35.dll => Moved successfully.
    C:\Program Files\Soluto\PCGAppControlPluginLoader.exe => Moved successfully.
    C:\Program Files\Soluto\PCGAzureEntityFramework.dll => Moved successfully.
    C:\Program Files\Soluto\PCGAzureShared.dll => Moved successfully.
    C:\Program Files\Soluto\PCGBootVisualizingCommon.dll => Moved successfully.
    C:\Program Files\Soluto\PCGBootVisualizingCore.dll => Moved successfully.
    C:\Program Files\Soluto\PCGBrowsersProbe.dll => Moved successfully.
    C:\Program Files\Soluto\PCGCatalogItemCache.dll => Moved successfully.
    C:\Program Files\Soluto\PCGCatalogItemFootprint.dll => Moved successfully.
    C:\Program Files\Soluto\PCGClientCommon.dll => Moved successfully.
    C:\Program Files\Soluto\PCGClientCommunication.dll => Moved successfully.
    C:\Program Files\Soluto\PCGCommunication.dll => Moved successfully.
    C:\Program Files\Soluto\PCGConfiguration.dll => Moved successfully.
    C:\Program Files\Soluto\PCGDataAggregation.dll => Moved successfully.
    C:\Program Files\Soluto\PCGDatabase.dll => Moved successfully.
    C:\Program Files\Soluto\PCGDeviceScanLib.dll => Moved successfully.
    C:\Program Files\Soluto\PCGDllExportInspector.dll => Moved successfully.
    C:\Program Files\Soluto\PCGDriverProbe.dll => Moved successfully.
    C:\Program Files\Soluto\PCGEntities.dll => Moved successfully.
    C:\Program Files\Soluto\PCGFramework.dll => Moved successfully.
    C:\Program Files\Soluto\PCGHIDProbe.dll => Moved successfully.
    C:\Program Files\Soluto\PCGPostBootResources.dll => Moved successfully.
    C:\Program Files\Soluto\PCGPreCompiled.dll => Moved successfully.
    C:\Program Files\Soluto\PCGPrestoSerializer.dll => Moved successfully.
    C:\Program Files\Soluto\PCGRSPProbe.dll => Moved successfully.
    C:\Program Files\Soluto\PCGSAProbe.dll => Moved successfully.
    C:\Program Files\Soluto\PCGUpgrader.dll => Moved successfully.
    C:\Program Files\Soluto\PCGUsersCenter.dll => Moved successfully.
    C:\Program Files\Soluto\PCGWuInfo.dll => Moved successfully.
    C:\Program Files\Soluto\sas.dll => Moved successfully.
    C:\Program Files\Soluto\SignalRWrapper.dll => Moved successfully.
    C:\Program Files\Soluto\Soluto.cat => Moved successfully.
    C:\Program Files\Soluto\Soluto.exe => Moved successfully.
    C:\Program Files\Soluto\Soluto.exe.config => Moved successfully.
    C:\Program Files\Soluto\Soluto.ico => Moved successfully.
    C:\Program Files\Soluto\Soluto.inf => Moved successfully.
    C:\Program Files\Soluto\Soluto.lnk => Moved successfully.
    C:\Program Files\Soluto\Soluto.SignalR.Client35.dll => Moved successfully.
    C:\Program Files\Soluto\Soluto.sys => Moved successfully.
    C:\Program Files\Soluto\SolutoCleanup.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoCleanup.exe.config => Moved successfully.
    C:\Program Files\Soluto\SolutoConsole.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoLauncherService.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoRemoteDirect.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoRemoteService.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoService.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoService.exe.config => Moved successfully.
    C:\Program Files\Soluto\SolutoSleep.ico => Moved successfully.
    C:\Program Files\Soluto\SolutoTray.ico => Moved successfully.
    C:\Program Files\Soluto\SolutoUninstall.exe => Moved successfully.
    C:\Program Files\Soluto\SolutoUpdateService.exe => Moved successfully.
    C:\Program Files\Soluto\sqlceca35.dll => Moved successfully.
    C:\Program Files\Soluto\sqlcecompact35.dll => Moved successfully.
    C:\Program Files\Soluto\sqlceer35EN.dll => Moved successfully.
    C:\Program Files\Soluto\sqlceme35.dll => Moved successfully.
    C:\Program Files\Soluto\sqlceoledb35.dll => Moved successfully.
    C:\Program Files\Soluto\sqlceqp35.dll => Moved successfully.
    C:\Program Files\Soluto\sqlcese35.dll => Moved successfully.
    C:\Program Files\Soluto\System.Data.SqlServerCe.dll => Moved successfully.
    C:\Program Files\Soluto\System.Data.SqlServerCe.Entity.dll => Moved successfully.
    C:\Program Files\Soluto\System.Threading.dll => Moved successfully.
    C:\Program Files\Soluto\Debugger\x86\cdb.exe => Moved successfully.
    C:\Program Files\Soluto\Debugger\x86\dbgeng.dll => Moved successfully.
    C:\Program Files\Soluto\Debugger\x86\dbghelp.dll => Moved successfully.
    C:\Program Files\Soluto\Debugger\x86\ntsd.exe => Moved successfully.
    C:\Program Files\Soluto\Debugger\x64\cdb.exe => Moved successfully.
    C:\Program Files\Soluto\Debugger\x64\dbgeng.dll => Moved successfully.
    C:\Program Files\Soluto\Debugger\x64\dbghelp.dll => Moved successfully.
    C:\Program Files\Soluto\Debugger\x64\ntsd.exe => Moved successfully.
    Could not move "C:\Program Files\Soluto" directory. => Scheduled to move on reboot.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-26 13:39:56)<=

    C:\Program Files\Soluto => Is moved successfully.

    ==== End of Fixlog 13:39:56 ====

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by TomIlene (administrator) on TOMILENE-PC on 26-01-2015 13:44:11
    Running from C:\Users\TomIlene\Downloads
    Loaded Profiles: TomIlene (Available profiles: TomIlene)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    (Google) C:\Users\TomIlene\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873288 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-08-29] ()
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [Google Update] => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-08] (Google Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    SearchScopes: HKLM -> DefaultScope {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> DefaultScope {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {C6D42521-42E8-49FE-81A3-809D7C26001C} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {E9ED59E7-DDC1-46D9-9EC9-EF31549ED08F} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> {FCCB31AA-D0ED-49BB-A85B-D05C1629B7F5} URL = http://www.google.co...1I7TSNF_enUS443
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\TomIlene\AppData\Roaming\Mozilla\Firefox\Profiles\nxphnce1.default
    FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @talk.google.com/O1DPlugin -> C:\Users\TomIlene\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1743895207-3571410941-3749681116-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\TomIlene\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-08]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
    FF HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,
    CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E9Aztugdu0345,5a37dd10-f883-4bc9-bef2-2514e9f2037a,"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2011-08-04]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2011-10-06]
    CHR Extension: (Google Calendar) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2011-09-01]
    CHR Extension: (Digital Clock) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-06-07]
    CHR Extension: (Avast Online Security) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
    CHR Extension: (Do Not Disturb!) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-06-26]
    CHR Extension: (Clearly) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-09-19]
    CHR Extension: (My Browser Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-12-05]
    CHR Extension: (HuffingtonPost NewsGlide) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef [2011-08-04]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
    CHR Extension: (Sooner) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifafnghbieophofjinbniahjpiodpnm [2011-10-06]
    CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2011-08-04]
    CHR Extension: (Google Wallet) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Neat Bookmarks) - C:\Users\TomIlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp [2011-08-04]
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Chrome\Extension: [pdjaaibbgfdnolpgkmgbdebhhpddkokk] - C:\Users\TomIlene\AppData\Roaming\Shop to Win 31\Toolbar_production_100573_31.crx [2012-08-29]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-28] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
    R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-26 13:40 - 2015-01-26 13:40 - 00000197 _____ () C:\windows\system32\2015-01-26-18-40-20.029-AvastVBoxSVC.exe-3668.log
    2015-01-26 11:13 - 2015-01-26 11:13 - 00008039 _____ () C:\Users\TomIlene\Desktop\Applications VEW.txt
    2015-01-26 11:11 - 2015-01-26 11:11 - 00001851 _____ () C:\Users\TomIlene\Desktop\VEW.txt
    2015-01-26 10:45 - 2015-01-26 11:11 - 00008039 _____ () C:\VEW.txt
    2015-01-26 10:43 - 2015-01-26 10:43 - 00061440 _____ ( ) C:\Users\TomIlene\Desktop\VEW.exe
    2015-01-26 10:30 - 2015-01-26 10:30 - 00000197 _____ () C:\windows\system32\2015-01-26-15-30-01.038-AvastVBoxSVC.exe-2500.log
    2015-01-26 10:09 - 2015-01-26 10:19 - 00008121 _____ () C:\Users\TomIlene\Desktop\System Idle Process.txt
    2015-01-26 10:02 - 2015-01-26 10:02 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\TomIlene\Downloads\procexp.exe
    2015-01-26 09:53 - 2015-01-26 09:53 - 00002313 _____ () C:\Users\TomIlene\Desktop\Fix Instr 2.txt
    2015-01-25 15:25 - 2015-01-25 15:25 - 00000197 _____ () C:\windows\system32\2015-01-25-20-25-35.070-AvastVBoxSVC.exe-3032.log
    2015-01-25 12:35 - 2015-01-25 12:35 - 00043382 _____ () C:\Users\TomIlene\Desktop\FRST.txt
    2015-01-25 12:33 - 2015-01-26 10:01 - 00038742 _____ () C:\Users\TomIlene\Downloads\Addition.txt
    2015-01-25 12:31 - 2015-01-26 13:45 - 00025606 _____ () C:\Users\TomIlene\Downloads\FRST.txt
    2015-01-25 12:26 - 2015-01-25 12:27 - 00000636 _____ () C:\Users\TomIlene\Desktop\JRT.txt
    2015-01-25 09:09 - 2015-01-25 09:09 - 00000197 _____ () C:\windows\system32\2015-01-25-14-09-01.079-AvastVBoxSVC.exe-3016.log
    2015-01-25 00:06 - 2015-01-25 00:06 - 00000000 ____D () C:\windows\ERUNT
    2015-01-25 00:02 - 2015-01-25 00:02 - 01707939 _____ (Thisisu) C:\Users\TomIlene\Downloads\JRT.exe
    2015-01-25 00:00 - 2015-01-26 13:44 - 00000000 ____D () C:\FRST
    2015-01-25 00:00 - 2015-01-25 00:00 - 02129920 _____ (Farbar) C:\Users\TomIlene\Downloads\FRST64.exe
    2015-01-24 19:59 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-59-27.019-aswFe.exe-3940.log
    2015-01-24 19:49 - 2015-01-24 19:59 - 00000247 _____ () C:\windows\system32\2015-01-25-00-49-39.082-aswFe.exe-5620.log
    2015-01-24 19:49 - 2015-01-24 19:49 - 00000197 _____ () C:\windows\system32\2015-01-25-00-49-31.071-AvastVBoxSVC.exe-2992.log
    2015-01-24 16:52 - 2015-01-24 16:52 - 00021976 _____ () C:\windows\system32\Drivers\SPPD.sys
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\SysWOW64\vbox
    2015-01-24 16:27 - 2015-01-24 16:30 - 00000000 ____D () C:\windows\system32\vbox
    2015-01-24 16:27 - 2015-01-24 16:27 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Roaming\AVAST Software
    2015-01-24 16:27 - 2015-01-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-01-24 16:26 - 2015-01-26 13:41 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-01-24 16:26 - 2015-01-24 16:26 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-01-24 16:26 - 2015-01-24 16:26 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00087912 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2015-01-24 16:26 - 2015-01-24 16:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-01-24 16:26 - 2015-01-24 16:26 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2015-01-24 16:25 - 2015-01-24 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-01-24 16:22 - 2015-01-24 16:25 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-24 10:03 - 2015-01-24 10:04 - 132469808 _____ (AVAST Software) C:\Users\TomIlene\Downloads\avast_free_antivirus_setup.exe
    2015-01-24 03:28 - 2015-01-24 03:31 - 00000000 ____D () C:\AdwCleaner
    2015-01-24 03:12 - 2015-01-24 03:12 - 00124330 _____ () C:\Users\TomIlene\Desktop\OTL.Txt
    2015-01-23 14:53 - 2015-01-23 14:53 - 00118080 _____ () C:\Users\TomIlene\Documents\Computer Virus Warning, OTL.Txt
    2015-01-23 14:09 - 2015-01-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\TomIlene\Desktop\OTL.exe
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2015-01-23 13:22 - 2015-01-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Evernote
    2015-01-23 13:18 - 2015-01-23 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-23 12:25 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPM7112.dll
    2015-01-23 12:24 - 2015-01-23 12:24 - 00000000 ____D () C:\Program Files\HP
    2015-01-23 12:23 - 2015-01-23 12:23 - 00000057 _____ () C:\ProgramData\Ament.ini
    2015-01-23 11:35 - 2015-01-23 11:04 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
    2015-01-23 11:35 - 2015-01-23 11:04 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2015-01-23 11:05 - 2015-01-23 11:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-22 14:55 - 2015-01-22 14:55 - 00000000 __SHD () C:\Users\TomIlene\AppData\Local\EmieBrowserModeList
    2015-01-15 13:28 - 2015-01-15 13:28 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-14 10:49 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-14 10:49 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-14 10:49 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-01-14 10:49 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-01-14 10:49 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-01-14 10:49 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 10:49 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-01-14 10:49 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-01-14 10:49 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-14 10:49 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2015-01-14 10:49 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-13 11:41 - 2015-01-13 11:41 - 00030194 _____ () C:\Users\TomIlene\Downloads\1421163004.html
    2015-01-12 10:54 - 2015-01-12 10:54 - 12927067 _____ () C:\Users\TomIlene\Downloads\20150110_113404.mp4
    2015-01-07 11:35 - 2015-01-07 11:35 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (4).xlsx
    2015-01-07 11:35 - 2015-01-07 11:35 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (3).xlsx
    2015-01-07 11:32 - 2015-01-07 11:32 - 00045668 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (2).xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule.xlsx
    2015-01-07 11:30 - 2015-01-07 11:30 - 00008547 _____ () C:\Users\TomIlene\Downloads\Greeter_Welcome_Schedule (1).xlsx
    2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-12-31 12:45 - 2014-12-31 12:46 - 16409960 _____ (Safer Networking Limited ) C:\Users\TomIlene\Downloads\spybotsd162 (2).exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-26 13:45 - 2011-07-29 00:36 - 01687670 _____ () C:\windows\WindowsUpdate.log
    2015-01-26 13:41 - 2013-10-24 16:09 - 00000000 ___RD () C:\Users\TomIlene\Google Drive
    2015-01-26 13:40 - 2014-09-25 16:04 - 00000000 ___RD () C:\Users\TomIlene\iCloudDrive
    2015-01-26 13:39 - 2010-10-14 23:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-26 13:38 - 2012-11-14 09:21 - 00012114 _____ () C:\windows\setupact.log
    2015-01-26 13:38 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-26 13:35 - 2012-04-16 07:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-26 13:00 - 2014-08-08 18:56 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job
    2015-01-26 12:54 - 2010-10-14 23:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-26 11:00 - 2014-08-08 18:56 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job
    2015-01-26 10:34 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 10:34 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 09:47 - 2012-02-14 12:13 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{83EECBD0-378C-413E-A84D-0137D0FD82C4}
    2015-01-25 16:35 - 2012-04-16 07:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 16:35 - 2012-04-16 07:40 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 16:35 - 2011-11-09 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-25 09:52 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-01-25 02:12 - 2011-09-13 16:24 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2015-01-24 16:39 - 2010-10-14 23:32 - 00574224 _____ () C:\windows\PFRO.log
    2015-01-24 15:46 - 2011-08-11 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-01-24 15:45 - 2011-09-13 16:24 - 00001945 _____ () C:\windows\epplauncher.mif
    2015-01-24 02:49 - 2011-08-03 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 01:17 - 2012-11-28 12:34 - 00003970 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
    2015-01-23 13:18 - 2010-10-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-23 13:06 - 2014-07-08 12:27 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\HP
    2015-01-23 13:04 - 2014-07-08 12:02 - 00000000 ____D () C:\Program Files (x86)\HP
    2015-01-23 12:25 - 2014-07-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-01-23 12:24 - 2014-07-08 12:00 - 00000000 ____D () C:\ProgramData\HP
    2015-01-23 11:42 - 2011-07-29 00:43 - 00032904 _____ () C:\windows\DPINST.LOG
    2015-01-23 11:36 - 2013-11-14 18:39 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-23 11:36 - 2012-06-27 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-23 11:04 - 2014-08-16 15:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2015-01-15 13:32 - 2014-09-25 16:05 - 00000000 ____D () C:\Users\TomIlene\AppData\Local\592F94FA-5DCE-4604-B5A4-57E4BD30ECF2.aplzod
    2015-01-15 12:34 - 2013-08-07 09:51 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-15 12:11 - 2011-08-08 12:11 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-13 14:29 - 2011-10-25 12:18 - 00000000 ____D () C:\Users\TomIlene\Documents\Outlook Files
    2015-01-08 15:47 - 2013-10-24 15:21 - 00002001 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-01-08 15:47 - 2013-10-24 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-08 09:55 - 2011-08-04 09:40 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-12-28 03:29 - 2011-08-01 20:26 - 00000000 ____D () C:\windows\System32\Tasks\Games
    2014-12-27 17:58 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

    ==================== Files in the root of some directories =======

    2011-08-03 11:43 - 2011-08-03 11:43 - 13685936 _____ (Mozilla) C:\Program Files\Firefox Setup 5.0.1.exe
    2014-07-08 12:27 - 2014-07-08 12:27 - 0001004 _____ () C:\Users\TomIlene\AppData\Roaming\ConvAPIPlugin.log
    2012-08-16 01:04 - 2012-08-16 01:04 - 0000017 _____ () C:\Users\TomIlene\AppData\Local\resmon.resmoncfg
    2015-01-23 12:23 - 2015-01-23 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-08 12:00 - 2014-07-08 12:28 - 0000960 _____ () C:\ProgramData\hpzinstall.log
    2013-08-31 15:22 - 2013-08-31 15:22 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\TomIlene\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\TomIlene\AppData\Local\Temp\procexp64.exe
    C:\Users\TomIlene\AppData\Local\Temp\Quarantine.exe
    C:\Users\TomIlene\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-27 17:08

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by TomIlene at 2015-01-26 13:46:37
    Running from C:\Users\TomIlene\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    App Client version 2.57 (HKLM-x32\...\{B28D9C36-91CF-4DDD-A114-B78F27FEDCCF}}_is1) (Version: 2.57 - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
    Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HTC Sync (HKLM-x32\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.49.0 - Symantec Corporation)
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
    Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Shop To Win (HKLM-x32\...\{1220BDA0-E418-4789-BFF5-072062B29D01}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)
    Shop to Win 31 (HKU\S-1-5-21-1743895207-3571410941-3749681116-1000\...\Shop to Win 31) (Version:  - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Soluto (HKLM\...\{3D221DF4-18AB-4876-A825-57E2D2CC2429}) (Version: 1.3.1444.0 - Soluto)
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
    The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.5.60 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.2 - WildTangent)
    Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1743895207-3571410941-3749681116-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TomIlene\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points  =========================

    24-10-2014 10:38:37 Windows Update
    30-10-2014 12:49:48 Windows Update
    02-11-2014 17:38:03 Windows Update
    06-11-2014 01:19:53 Windows Update
    09-11-2014 16:29:51 Windows Update
    12-11-2014 12:35:15 Windows Update
    16-11-2014 14:00:14 Windows Update
    19-11-2014 15:39:19 Windows Update
    19-11-2014 23:49:27 Windows Update
    24-11-2014 18:12:21 Windows Update
    28-11-2014 00:59:15 Windows Update
    01-12-2014 17:35:00 Windows Update
    05-12-2014 02:21:41 Windows Update
    09-12-2014 09:45:02 Windows Update
    11-12-2014 11:16:46 Windows Update
    13-12-2014 09:13:23 Windows Update
    17-12-2014 14:20:04 Windows Update
    19-12-2014 10:11:55 Windows Update
    23-12-2014 10:16:26 Windows Update
    26-12-2014 16:04:01 Windows Update
    30-12-2014 01:15:08 Windows Update
    02-01-2015 11:00:37 C
    03-01-2015 08:23:27 Windows Update
    06-01-2015 12:12:53 Windows Update
    09-01-2015 16:37:34 Windows Update
    13-01-2015 11:03:31 Windows Update
    15-01-2015 12:10:06 Windows Update
    19-01-2015 12:07:31 Windows Update
    22-01-2015 14:50:29 C
    23-01-2015 11:41:24 Removed HTC Driver Installer.
    23-01-2015 11:49:20 C
    23-01-2015 13:24:31 Windows Update
    24-01-2015 16:25:00 avast! antivirus system restore point
    25-01-2015 02:07:48 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2011-08-11 22:38 - 00434097 ____R C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0BE04743-17AA-4857-B017-D609D0B0575B} - System32\Tasks\{83EF2759-EF39-4807-A920-6C1BACD5FA1D} => pcalua.exe -a "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads\documentstogopro7006-en.exe" -d "C:\Backup from Jul2011\C\Users\TomIlene\Documents\Downloads"
    Task: {106510A5-C9BA-41DF-BD58-283306415073} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {1DC69D13-7876-4654-B4AE-973430DE9805} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
    Task: {315242EF-15A3-40A6-81B3-61BD412DA754} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
    Task: {44ACCCA2-B485-4FFC-A4E5-49EFB15B3377} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-28] (Symantec Corporation)
    Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {54F5C15D-5961-40D9-807C-D1C1B6DE5E92} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {5D0E7619-8180-4F3B-AFA6-A9EBEE7872FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {69574AE5-47BD-4AB1-A2D9-FDE01983FAD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft..../?LinkId=116866
    Task: {71909F83-451C-492E-844B-37B616F32DD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-24] (AVAST Software)
    Task: {7393C912-0485-48C7-9780-1A79EA538960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {8512FBC1-0871-4633-B6CC-1DDEC1FA3417} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {995FBF71-5898-4304-8361-8216FE777133} - System32\Tasks\{12D77EA9-5EE1-4830-8B68-ADED66A1B417} => pcalua.exe -a C:\Users\TomIlene\Downloads\CAInstall.exe -d C:\windows\system32
    Task: {CC2B3965-4ED3-43CE-8FD0-18DF706D677B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {EFB9825D-5A54-4D89-864C-72BCE297F0C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000Core.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743895207-3571410941-3749681116-1000UA.job => C:\Users\TomIlene\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-24 16:25 - 2015-01-24 16:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00048640 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    2014-08-29 08:23 - 2014-08-29 08:23 - 01158144 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00253440 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
    2014-08-29 08:23 - 2014-08-29 08:23 - 00109056 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
    2015-01-26 09:47 - 2015-01-26 09:47 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012600\algo.dll
    2015-01-24 16:25 - 2015-01-24 16:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-26 13:39 - 2015-01-26 13:39 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-24 16:26 - 2015-01-24 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-26 13:40 - 2015-01-26 13:40 - 00098816 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32api.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00110080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\pywintypes27.dll
    2015-01-26 13:40 - 2015-01-26 13:40 - 00364544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\pythoncom27.dll
    2015-01-26 13:40 - 2015-01-26 13:40 - 00045568 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_socket.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 01160704 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_ssl.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00320512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32com.shell.shell.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00713216 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_hashlib.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 01175040 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._core_.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00805888 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._gdi_.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00811008 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._windows_.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 01062400 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._controls_.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00735232 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._misc_.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00557056 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\pysqlite2._sqlite.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00128512 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_elementtree.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00127488 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\pyexpat.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00087552 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_ctypes.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00119808 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32file.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00108544 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32security.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00007168 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\hashobjs_ext.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00167936 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32gui.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00018432 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32event.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00038912 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32inet.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00011264 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32crypt.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00070656 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._html2.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00027136 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\_multiprocessing.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00035840 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32process.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00686080 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\unicodedata.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00122368 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._wizard.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00024064 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32pipe.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00025600 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32pdh.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00525640 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\windows._lib_cacheinvalidation.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00010240 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\select.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00017408 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32profile.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00022528 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\win32ts.pyd
    2015-01-26 13:40 - 2015-01-26 13:40 - 00078336 _____ () C:\Users\TomIlene\AppData\Local\Temp\_MEI3402\wx._animate.pyd

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1743895207-3571410941-3749681116-500 - Administrator - Disabled)
    Guest (S-1-5-21-1743895207-3571410941-3749681116-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1743895207-3571410941-3749681116-1002 - Limited - Enabled)
    TomIlene (S-1-5-21-1743895207-3571410941-3749681116-1000 - Administrator - Enabled) => C:\Users\TomIlene

    ==================== Faulty Device Manager Devices =============

    Name: HP Officejet Pro 8610
    Description: HP Officejet Pro 8610
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/26/2015 01:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x16dc
    Faulting application start time: 0xTPCHSrv.exe0
    Faulting application path: TPCHSrv.exe1
    Faulting module path: TPCHSrv.exe2
    Report Id: TPCHSrv.exe3

    Error: (01/26/2015 10:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x1a6c
    Faulting application start time: 0xTPCHSrv.exe0
    Faulting application path: TPCHSrv.exe1
    Faulting module path: TPCHSrv.exe2
    Report Id: TPCHSrv.exe3

    System errors:
    =============
    Error: (01/26/2015 01:42:39 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

    Error: (01/26/2015 01:42:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/26/2015 01:38:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Soluto PCGenome Core Service service failed to start due to the following error:
    %%2

    Error: (01/26/2015 01:38:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (01/26/2015 11:50:02 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (01/26/2015 10:32:20 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

    Error: (01/26/2015 10:31:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The cpuz136 service failed to start due to the following error:
    %%2

    Error: (01/26/2015 10:31:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/26/2015 10:26:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\windows\system32\Rtlihvs.dll
    Error Code: 126

    Microsoft Office Sessions:
    =========================
    Error: (01/26/2015 01:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TPCHSrv.exe1.0.0.174b83993entdll.dll6.1.7601.18247521eaf24c000037400000000000c410216dc01d03997cacecfc0C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dll08b343fb-a58b-11e4-8ebf-60eb6994e782

    Error: (01/26/2015 10:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TPCHSrv.exe1.0.0.174b83993entdll.dll6.1.7601.18247521eaf24c000037400000000000c41021a6c01d0397d342a0404C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dll72fd217d-a570-11e4-9579-60eb6994e782

    CodeIntegrity Errors:
    ===================================
      Date: 2012-09-24 16:17:09.196
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-24 15:42:02.920
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 18:50:49.159
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-20 13:45:59.531
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 18:56:39.978
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:27:59.522
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-19 16:19:26.898
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 14:06:34.392
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 13:55:16.304
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

      Date: 2012-09-18 12:46:30.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1731.84 MB
    Total Pagefile: 7785.9 MB
    Available Pagefile: 5117.28 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (TI106033W0C) (Fixed) (Total:441.41 GB) (Free:285.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31E79F94)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=441.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=22.9 GB) - (Type=17)

    ==================== End Of Log ============================


    • 0

    #15
    tominnc06

    tominnc06

      Member

    • Topic Starter
    • Member
    • PipPip
    • 30 posts

    The sfc  /scannow finished  with the message, "Windows Resource Protection did not find any integrity violations." 

     

    Here's the log from the new first run of VEW.exe -- when I tried to run the Application procedure, I received "Run-time error '75': Path/File access error.

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 26/01/2015 2:32:56 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/01/2015 7:28:05 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 26/01/2015 6:42:39 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 26/01/2015 6:42:13 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 26/01/2015 6:38:29 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Soluto PCGenome Core Service service failed to start due to the following error:  The system cannot find the file specified.

    Log: 'System' Date/Time: 26/01/2015 6:38:07 PM
    Type: Error Category: 0
    Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has failed to start.  Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126

    Log: 'System' Date/Time: 26/01/2015 4:50:02 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 26/01/2015 3:32:20 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 26/01/2015 3:31:53 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The cpuz136 service failed to start due to the following error:  The system cannot find the file specified.

    Log: 'System' Date/Time: 26/01/2015 3:31:53 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 26/01/2015 3:26:57 PM
    Type: Error Category: 0
    Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has failed to start.  Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/01/2015 6:37:58 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 26/01/2015 6:36:49 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 26/01/2015 3:26:48 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 26/01/2015 3:24:24 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP