Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown infections [Closed]

Started by connieandrews , Feb 08 2015 03:35 PM

  • This topic is locked This topic is locked

#1
connieandrews
Posted 08 February 2015 - 03:35 PM

connieandrews

    New Member

  • Member
  • Pip
  • 2 posts

I have an unknown infection. Here are the logs requested.

 

OTL logfile created on: 2/8/2015 2:00:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Connie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 60.27% Memory free
3.85 Gb Paging File | 2.17 Gb Available in Paging File | 56.25% Paging File free
Paging file location(s): c:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 415.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
 
Computer Name: CONNIE-PC | User Name: Connie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/08 13:59:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Connie\Downloads\OTL.exe
PRC - [2015/02/06 12:14:24 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/30 16:53:30 | 000,177,560 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2015/01/24 07:49:00 | 000,225,864 | ---- | M] (Mindspark) -- C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\APPINTEGRATOR.EXE
PRC - [2015/01/24 07:48:55 | 000,090,696 | ---- | M] (Mindspark) -- C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brbarsvc.exe
PRC - [2014/12/21 21:06:07 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/08/12 20:20:11 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/12 20:20:02 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/22 15:26:32 | 034,199,872 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/09/18 12:08:01 | 000,081,312 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe
PRC - [2011/10/06 18:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/27 15:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/10/11 10:08:18 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/04 02:02:51 | 009,170,760 | ---- | M] () -- C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
MOD - [2015/02/04 02:02:47 | 001,117,512 | ---- | M] () -- C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
MOD - [2015/02/04 02:02:45 | 000,211,272 | ---- | M] () -- C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
MOD - [2014/12/21 21:06:32 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/21 21:06:07 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/21 21:04:58 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 19:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 10:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/05 14:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 09:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2015/02/06 13:08:02 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/30 16:53:30 | 000,177,560 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2015/01/24 07:48:55 | 000,090,696 | ---- | M] (Mindspark) [Auto | Running] -- C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brbarsvc.exe -- (YourTemplateFinder_brService)
SRV - [2014/08/12 20:20:11 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/18 12:08:22 | 000,311,024 | ---- | M] (Avanquest Software) [Auto | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2012/09/18 12:08:21 | 000,537,600 | ---- | M] (Avanquest Software) [Auto | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2012/09/18 12:08:01 | 000,081,312 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2010/12/27 15:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/11 10:08:18 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe -- (SBAMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/08 13:51:02 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/12/21 21:08:52 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/21 21:06:50 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/21 21:06:46 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/21 21:06:46 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/21 21:06:44 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/21 21:06:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/21 21:06:44 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/21 21:06:41 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/21 21:04:58 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/05 14:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 13:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 10:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/14 13:54:30 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/03/22 11:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/18 12:08:20 | 000,039,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\TFilter.sys -- (TFilter)
DRV - [2012/09/18 12:08:18 | 000,047,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\KFilter.sys -- (KFilter)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKLM\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.c...CFUmUfgodYr0APA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 89 FE 41 A9 F0 CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {25bd87d8-7e35-410f-8acf-6ddcbc9762e7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{40509B99-9BCC-4C57-BAFA-A5AE1D764919}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{7B08A625-BF70-4FD0-A81C-0FF8BCC5A3A3}: "URL" = http://blekko.com/ws...rchTerms}&r=666
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg.com/search?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.76.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.76.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/06 09:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/02/07 07:32:22 | 000,000,000 | ---D | M]
 
[2012/10/03 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Connie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahaeginbdcckocjkhbciadcafnep\12.16_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca\14.10_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea\11.87.5.62935_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp\2013.3.5.1_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.26.115_0\crossrider
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.26.115_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3c417c00-968b-48b7-822e-407a82a47ae1} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {f724fe0b-8c05-4498-b99e-9192cf2aecf4} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4d283a70-2d2f-4cbb-81da-c75b8df410cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [YourTemplateFinder AppIntegrator 32-bit] C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [YourTemplateFinder AppIntegrator 64-bit] C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [YourTemplateFinder EPM Support] C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brmedint.exe (Mindspark)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2013\ARO.exe (Support.com, Inc.)
O4 - HKCU..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe (CarMD.com Corp)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52AC4226-5CDE-4EFE-A358-C4D9FB1DB3C3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B437CE46-95CE-4EDC-84BF-C9F2CAB2E035}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\inbox - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/06 22:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/02/06 22:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/02/01 09:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2015/02/01 08:24:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/30 09:08:49 | 000,000,000 | ---D | C] -- C:\Users\Connie\AppData\Roaming\YourTemplateFinder_br
[2015/01/24 07:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourTemplateFinder_br
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/08 14:15:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000UA.job
[2015/02/08 14:06:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/08 13:58:08 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/08 13:58:08 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/08 13:58:08 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/08 13:58:01 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/08 13:58:01 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/08 13:51:34 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2015/02/08 13:51:02 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2015/02/08 13:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/08 13:48:36 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/08 10:15:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000Core.job
[2015/02/06 22:11:32 | 000,234,932 | ---- | M] () -- C:\cc_20150206_220611.reg
[2015/02/06 22:00:55 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/01/22 19:48:19 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
 
========== Files Created - No Company Name ==========
 
[2015/02/06 22:06:25 | 000,234,932 | ---- | C] () -- C:\cc_20150206_220611.reg
[2015/02/06 22:00:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/25 17:09:55 | 000,001,024 | ---- | C] () -- C:\Users\Connie\.rnd
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/29 10:04:29 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Avanquest
[2013/12/01 13:34:12 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\AVAST Software
[2014/07/29 10:04:29 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Canon
[2014/01/15 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Go PDF Reader
[2012/10/03 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Optimizer Pro
[2013/04/15 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Sammsoft
[2012/05/24 21:42:43 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\Synaptics
[2015/01/30 09:08:49 | 000,000,000 | ---D | M] -- C:\Users\Connie\AppData\Roaming\YourTemplateFinder_br
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/05/29 19:06:07 | 000,119,336 | ---- | C] ()(C:\Users\Connie\Documents\Jewelry, Loose Gemstones, Diamonds, and More ? Jewelry Television® Auctions.mdi) -- C:\Users\Connie\Documents\Jewelry, Loose Gemstones, Diamonds, and More � Jewelry Television® Auctions.mdi
[2011/03/28 15:41:40 | 000,119,336 | ---- | M] ()(C:\Users\Connie\Documents\Jewelry, Loose Gemstones, Diamonds, and More ? Jewelry Television® Auctions.mdi) -- C:\Users\Connie\Documents\Jewelry, Loose Gemstones, Diamonds, and More � Jewelry Television® Auctions.mdi
 
< End of report >
 

OTL Extras logfile created on: 2/8/2015 2:00:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Connie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 60.27% Memory free
3.85 Gb Paging File | 2.17 Gb Available in Paging File | 56.25% Paging File free
Paging file location(s): c:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 415.77 Gb Free Space | 89.29% Space Free | Partition Type: NTFS
 
Computer Name: CONNIE-PC | User Name: Connie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = CHM] -- C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00973CB1-5177-4A90-8270-8F1684610A2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D4E5A09-14A1-48B8-935F-9010B5CCBE9D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{1F2D61AF-67C0-4952-BC62-81DC5411D7C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20ACC5CF-4B53-4730-8B25-A7B1F937C038}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25155DEA-F949-45B9-8E06-0290F46698A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FBFE383-5B9A-4F0B-B692-43DB75F3BA0A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3118EDE5-1127-4A22-8CD1-6A973CC31F35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F521751-0E6D-4922-9E23-DE52045B15AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B2791AF-F247-4D85-AB44-359E6A4FD1FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E920819-D424-4CFB-87CD-CD03F7D38D54}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4EDD9388-A84E-4D6C-A871-53B90ED9C557}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F867C88-10FF-45C3-9CCE-47FCB0D8F33C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56BCFE54-0936-4DBC-8D70-A3531D3134D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{64BE743C-F1A6-4973-9013-85D70979BE50}" = lport=445 | protocol=6 | dir=in | app=system | 
"{67031B4F-407D-436C-AF64-4BCAC9CC6953}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6E60B3CB-554E-438A-B7B8-ACCD4AF4C2F9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{744579C2-F2DF-49D1-8CD1-B6A06FA505B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C2E8778B-5960-4B89-AC02-3E5E3134634F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C68F1325-9916-46C7-A021-23766D365130}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EA327166-975B-46A1-A0D3-0D107680C5D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EEFAD97F-BBF4-4096-9DC6-561B0D3C4E23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F1B748D2-9C42-4031-BE43-57BDBC266700}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F93F43E0-FB7D-4F3F-8558-90BA8192DD8E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FBECA4F6-C6E0-440B-8BF9-449368300E6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8C975F-ACE4-41E1-8CF9-A0960E347E48}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14E870E3-BCAB-4E40-98E3-33E5BE10CB7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{1DCAEDA3-A06A-4CA5-A139-C9D23B1064B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1FA882A9-73BD-47E2-8576-8ACC0F135130}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{2647816B-7C93-4E8B-8A9C-0A00A7D6CDC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{27E0AC66-1871-4393-A4F0-3B7EFDA121D3}" = protocol=6 | dir=out | app=system | 
"{2D9752CA-5CB5-4CA3-AAAE-3878A8035D91}" = protocol=58 | dir=out | [email protected],-28546 | 
"{380A9FB3-6BC3-4D29-AB36-912D5B1A55EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{389237DE-0E4C-4BB8-9CFA-5E4B743BD4F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4579F741-912B-4AB3-935A-FE0CF78ADECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B2C8900-4957-4163-B283-1DE25C6F2C17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B83916F-E983-464F-80E4-D8C748AB2911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51415C5A-B7B2-48B4-A414-70EBA464D7BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{55276E56-C867-4727-97FF-163968700BFF}" = protocol=1 | dir=out | [email protected],-28544 | 
"{83884BEA-1FD8-43A6-B1DC-52F073C0775B}" = protocol=58 | dir=in | [email protected],-28545 | 
"{85EF1F7B-D2A5-4C78-B20D-EEED40134D6C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{8BB0A748-9881-441D-A42F-EE4204605F60}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{92D9D2F4-5443-4139-B943-E417AAAC4BAE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A78C7517-0756-4843-B646-A8CA2FD3E50E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB02AC83-2B58-4FD2-8724-C4C565DCACE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA61DF29-5212-476E-9A29-CD152EF55D17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C2CFBA66-849A-444F-A050-DAE7437AED3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4C771B6-DBEF-4B80-A062-F36D33E8D267}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFE6B483-4949-49CC-8C9B-947E94A0BBC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{FE8F5EF0-001D-450C-8E0E-4A68AE29FCA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{535EC300-FE81-4B27-AE76-19CD0AF0074B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{D752DEBD-AB6D-41C4-918A-B7A8565B1DB7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F06417076FF}" = Java 7 Update 76 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"ARO 2013_is1" = ARO 2013
"CCleaner" = CCleaner
"McAfee Security Scan" = McAfee Security Scan Plus
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0F329DFD-E9BE-49F4-B5EE-6CC8232D38E9}" = SystemSuite Professional
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{251C65C0-15FF-4603-98BB-E4A61C7DA424}" = CarMD
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 71
"{3FB825C2-7234-4DDD-AD53-B76F5A2933BC}" = SystemSuite
"{42435041-312D-5637-00A7-A758B70C1500}" = Ask Toolbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F524A2D-5354-2D53-5045-A758B70C1801}" = Shopping App by Ask
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{850A14FC-F410-47F7-94E4-38F4D3F270D4}" = DriverUpdate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DDDE21AA-A9A0-49DC-93A3-B10C73241033}" = Nero 8 Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = Avast Free Antivirus
"BackUpDutyLite" = BackUpDutyLite
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoPDFReader" = Go PDF Reader
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Optimizer Pro_is1" = Optimizer Pro v3.0
"spamfreesearch" = Spam Free Search Toolbar  
"Speed Dial Utility" = Canon Speed Dial Utility
"WinZip" = WinZip
"YourTemplateFinder_brbar Uninstall Internet Explorer" = YourTemplateFinder Internet Explorer Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/7/2015 10:34:55 AM | Computer Name = Connie-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 2/7/2015 10:35:01 AM | Computer Name = Connie-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 2/7/2015 10:35:01 AM | Computer Name = Connie-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 2/7/2015 10:35:01 AM | Computer Name = Connie-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 2/7/2015 10:35:01 AM | Computer Name = Connie-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 2/8/2015 2:54:55 PM | Computer Name = Connie-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2/8/2015 3:35:41 PM | Computer Name = Connie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2/8/2015 3:53:07 PM | Computer Name = Connie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2/8/2015 4:04:46 PM | Computer Name = Connie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AppIntegrator64.exe, version: 1.0.7.235,
 time stamp: 0x5446dfe2  Faulting module name: AssistMonitor64.dll, version: 1.0.7.235,
 time stamp: 0x5446dfc0  Exception code: 0xc0000005  Fault offset: 0x000000000000855f
Faulting
 process id: 0x438  Faulting application start time: 0x01d043da6f9c1997  Faulting application
 path: C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator64.exe
Faulting
 module path: C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AssistMonitor64.dll
Report
 Id: ba55dfba-afcd-11e4-bcfc-ac162d55d717
 
Error - 2/8/2015 4:50:57 PM | Computer Name = Connie-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 6/30/2014 8:14:19 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 6:14:18 PM - Error connecting to the internet.  6:14:18 PM -     Unable
 to contact server..  
 
Error - 6/30/2014 8:14:35 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 6:14:24 PM - Error connecting to the internet.  6:14:24 PM -     Unable
 to contact server..  
 
Error - 7/6/2014 12:56:07 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 10:56:07 AM - Error connecting to the internet.  10:56:07 AM -     Unable
 to contact server..  
 
Error - 7/6/2014 12:56:30 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 10:56:13 AM - Error connecting to the internet.  10:56:13 AM -     Unable
 to contact server..  
 
Error - 8/23/2014 11:48:45 AM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 9:48:45 AM - Error connecting to the internet.  9:48:45 AM -     Unable
 to contact server..  
 
Error - 8/23/2014 11:49:01 AM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 9:48:51 AM - Error connecting to the internet.  9:48:51 AM -     Unable
 to contact server..  
 
Error - 9/3/2014 1:06:50 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 11:06:50 AM - Error connecting to the internet.  11:06:50 AM -     Unable
 to contact server..  
 
Error - 9/3/2014 1:07:21 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 11:06:58 AM - Error connecting to the internet.  11:06:58 AM -     Unable
 to contact server..  
 
Error - 9/13/2014 10:35:34 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 8:35:34 PM - Failed to retrieve MCEClientUX (Error: The underlying
 connection was closed: Could not establish trust relationship for the SSL/TLS secure
 channel.)  
 
Error - 9/16/2014 11:22:00 PM | Computer Name = Connie-PC | Source = MCUpdate | ID = 0
Description = 9:21:49 PM - Error connecting to the internet.  9:21:49 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 2/8/2015 1:08:25 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 2/8/2015 3:31:09 PM | Computer Name = Connie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 2/8/2015 3:42:29 PM | Computer Name = Connie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 2/8/2015 3:50:42 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7034
Description = The SystemSuite Process Monitor service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 2/8/2015 3:57:12 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7022
Description = The SystemSuite service hung on starting.
 
Error - 2/8/2015 4:48:43 PM | Computer Name = Connie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:45:34 PM on ?2/?8/?2015 was unexpected.
 
Error - 2/8/2015 4:49:27 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SystemSuite
 Process Monitor service to connect.
 
Error - 2/8/2015 4:49:27 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7000
Description = The SystemSuite Process Monitor service failed to start due to the
 following error:   %%1053
 
Error - 2/8/2015 4:50:01 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SystemSuite
 Task Manager service to connect.
 
Error - 2/8/2015 4:50:01 PM | Computer Name = Connie-PC | Source = Service Control Manager | ID = 7000
Description = The SystemSuite Task Manager service failed to start due to the following
 error:   %%1053
 
 
< End of report >
 

Edited by connieandrews, 08 February 2015 - 03:36 PM.

  • 0

Advertisements

#2
Essexboy
Posted 08 February 2015 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, could I ask you to run a different analysis programme for me please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
connieandrews
Posted 08 February 2015 - 05:23 PM

connieandrews

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi there, could I ask you to run a different analysis programme for me please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Connie (administrator) on CONNIE-PC on 08-02-2015 16:16:49
Running from C:\Users\Connie\Downloads
Loaded Profiles: Connie (Available profiles: Connie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(CarMD.com Corp) C:\Program Files (x86)\CarMD\CarMD.exe
(Google Inc.) C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mindspark) C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator64.exe
(Google Inc.) C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Mindspark) C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brbarsvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Sunbelt Software) C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe
(Google Inc.) C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\Connie\Downloads\OTL.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-06] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-01] ()
HKLM-x32\...\Run: [YourTemplateFinder EPM Support] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brmedint.exe [12872 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [YourTemplateFinder AppIntegrator 32-bit] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator.exe [225864 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [YourTemplateFinder AppIntegrator 64-bit] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator64.exe [258632 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [Google Update] => C:\Users\Connie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-01] (Google Inc.)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [CarMD] => C:\Program Files (x86)\CarMD\CarMD.exe [796672 2010-04-07] (CarMD.com Corp)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [AROReminder] => C:\Program Files (x86)\ARO 2013\ARO.exe [3156312 2013-02-22] (Support.com, Inc.)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [GoogleChromeAutoLaunch_2EE102DE42A44C9B62E88C957794FB38] => C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-511562707-1761665217-108471329-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-511562707-1761665217-108471329-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-511562707-1761665217-108471329-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.c...CFUmUfgodYr0APA
HKU\S-1-5-21-511562707-1761665217-108471329-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-511562707-1761665217-108471329-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
URLSearchHook: HKU\S-1-5-21-511562707-1761665217-108471329-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKU\S-1-5-21-511562707-1761665217-108471329-1000 - (No Name) - {25bd87d8-7e35-410f-8acf-6ddcbc9762e7} - C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {fe8a5a30-7831-4eb2-a9e7-8402c384c841} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {40509B99-9BCC-4C57-BAFA-A5AE1D764919} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {7B08A625-BF70-4FD0-A81C-0FF8BCC5A3A3} URL = http://blekko.com/ws...rchTerms}&r=666
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {fe8a5a30-7831-4eb2-a9e7-8402c384c841} URL = http://search.tb.ask...r={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name -> {3c417c00-968b-48b7-822e-407a82a47ae1} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {f724fe0b-8c05-4498-b99e-9192cf2aecf4} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - {4d283a70-2d2f-4cbb-81da-c75b8df410cc} -  No File
Toolbar: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-511562707-1761665217-108471329-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-511562707-1761665217-108471329-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-01-16 08:05:46&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=17.3.1.204&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.0.444&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.5.514&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.7.599&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.786&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Users\Connie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-01]
CHR Extension: (Google Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-01]
CHR Extension: (Elite Unzip) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-11-02]
CHR Extension: (Avast Online Security) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-01]
CHR Extension: (Installation Assistant) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi [2012-10-03]
CHR Extension: (Google Wallet) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-01]
CHR Profile: C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Shopping App by Ask) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahaeginbdcckocjkhbciadcafnep [2015-02-01]
CHR Extension: (Google Slides) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (YouTube) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Google Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avast Online Security) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-01]
CHR Extension: (Installation Assistant) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmddbcpechilpapallpbdpcekmgibofi [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-01-30]
CHR HKLM\...\Chrome\Extension: [aaaaimaoojakejhnaflpfmfgdkpllplb] - C:\ProgramData\AskPartnerNetwork\Toolbar\BCPA1-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaimaoojakejhnaflpfmfgdkpllplb] - C:\ProgramData\AskPartnerNetwork\Toolbar\BCPA1-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-21]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Connie\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2012-09-24]
StartMenuInternet: Google Chrome - C:\Users\Connie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe [311024 2012-09-18] (Avanquest Software)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe [81312 2012-09-18] (Avanquest Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-21] (Avast Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 SBAMSvc; C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2763080 2010-10-11] (Sunbelt Software)
S2 SystemSuite Task Manager; C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe [537600 2012-09-18] (Avanquest Software)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 YourTemplateFinder_brService; C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brbarsvc.exe [90696 2015-01-24] (Mindspark)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AQFileRestore; C:\Windows\SysWow64\drivers\AQFileRestore.sys [21104 2012-09-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-21] ()
S3 KFilter; C:\Program Files (x86)\Avanquest\SystemSuite\KFilter.sys [47856 2012-09-18] ()
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [98392 2010-05-13] (Sunbelt Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-08] ()
S3 TFilter; C:\Program Files (x86)\Avanquest\SystemSuite\TFilter.sys [39616 2012-09-18] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-21] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 16:16 - 2015-02-08 16:17 - 00027423 _____ () C:\Users\Connie\Downloads\FRST.txt
2015-02-08 16:16 - 2015-02-08 16:16 - 00000000 ____D () C:\FRST
2015-02-08 16:15 - 2015-02-08 16:15 - 02132992 _____ (Farbar) C:\Users\Connie\Downloads\FRST64.exe
2015-02-08 14:29 - 2015-02-08 14:29 - 00057402 _____ () C:\Users\Connie\Downloads\Extras.Txt
2015-02-08 14:26 - 2015-02-08 14:26 - 00073396 _____ () C:\Users\Connie\Downloads\OTL.Txt
2015-02-08 13:59 - 2015-02-08 13:59 - 00602112 _____ (OldTimer Tools) C:\Users\Connie\Downloads\OTL.exe
2015-02-07 07:32 - 2015-02-08 13:48 - 00000224 _____ () C:\Windows\setupact.log
2015-02-07 07:32 - 2015-02-07 07:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 22:06 - 2015-02-06 22:11 - 00234932 _____ () C:\cc_20150206_220611.reg
2015-02-06 22:00 - 2015-02-06 22:00 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-06 22:00 - 2015-02-06 22:00 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-06 22:00 - 2015-02-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-06 22:00 - 2015-02-06 22:00 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-06 12:19 - 2015-02-06 12:19 - 00003292 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-511562707-1761665217-108471329-1000
2015-02-01 09:37 - 2015-02-01 09:36 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-01 09:36 - 2015-02-01 09:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-01 09:36 - 2015-02-01 09:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-01 09:36 - 2015-02-01 09:36 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-01 09:36 - 2015-02-01 09:36 - 00000000 ____D () C:\Program Files\Java
2015-01-30 09:08 - 2015-01-30 09:08 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\YourTemplateFinder_br
2015-01-24 07:48 - 2015-01-24 07:48 - 00000000 ____D () C:\Program Files (x86)\YourTemplateFinder_br
2015-01-15 05:12 - 2015-01-15 05:13 - 16089681 _____ () C:\Users\Connie\Downloads\20141111_045653.mp4
2015-01-14 21:20 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:20 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 21:20 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 21:20 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 21:20 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 21:20 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 21:20 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 05:54 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 05:54 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 05:54 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 05:54 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 05:54 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 16:15 - 2012-06-01 11:48 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000UA.job
2015-02-08 16:06 - 2012-05-25 10:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 15:00 - 2012-05-24 19:20 - 01590435 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 13:58 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 13:58 - 2009-07-13 21:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 13:58 - 2009-07-13 21:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 13:51 - 2014-01-14 13:46 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-08 13:51 - 2014-01-14 13:46 - 00002848 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-02-08 13:51 - 2014-01-14 13:46 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-02-08 13:49 - 2013-07-23 07:57 - 00022016 ___SH () C:\Users\Connie\Desktop\Thumbs.db
2015-02-08 13:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 13:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-08 13:05 - 2013-12-01 13:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 12:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-08 11:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-08 10:15 - 2012-06-01 11:48 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000Core.job
2015-02-08 10:10 - 2012-06-01 11:48 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000UA
2015-02-08 10:10 - 2012-06-01 11:48 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000Core
2015-02-06 22:03 - 2012-05-31 05:30 - 00000000 ___DC () C:\Users\Connie\AppData\Local\MigWiz
2015-02-06 22:03 - 2012-05-24 20:16 - 00000000 ____D () C:\Windows\Panther
2015-02-06 22:02 - 2012-07-05 23:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 13:08 - 2012-05-25 10:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 13:07 - 2012-05-25 10:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 13:07 - 2012-05-25 10:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 12:15 - 2014-01-16 08:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-02-06 12:15 - 2013-11-09 14:27 - 00000000 ____D () C:\Program Files (x86)\VNT
2015-01-22 19:48 - 2014-07-05 21:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 21:59 - 2013-08-13 20:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:23 - 2012-05-24 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 04:58 - 2009-07-13 22:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-08 11:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Connie at 2015-02-08 16:18:46
Running from C:\Users\Connie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avanquest SystemSuite (Enabled - Out of date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avanquest SystemSuite (Enabled - Out of date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avanquest Net Defense Firewall (Disabled) {D3D69190-3942-8711-9D93-1FDA858C47AF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)
Ask Toolbar (HKLM-x32\...\{42435041-312D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3955 - APN, LLC) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BackUpDutyLite (HKLM-x32\...\BackUpDutyLite) (Version: 1.1.0.1 - BackUpDutyLite)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CarMD (HKLM-x32\...\{251C65C0-15FF-4603-98BB-E4A61C7DA424}) (Version: 3.1.0 - carmd.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4606 - CyberLink Corp.)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Go PDF Reader (HKLM-x32\...\GoPDFReader) (Version:  - )
Google Chrome (HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{DDDE21AA-A9A0-49DC-93A3-B10C73241033}) (Version: 8.3.570 - Nero AG)
Optimizer Pro v3.0 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1801}) (Version: 12.24.1.53 - APN, LLC)
Spam Free Search Toolbar   (HKLM-x32\...\spamfreesearch) (Version:  - blekko)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
SystemSuite (x32 Version: 12.0.2.9 - Avanquest) Hidden
SystemSuite Professional (HKLM-x32\...\{0F329DFD-E9BE-49F4-B5EE-6CC8232D38E9}) (Version: 12.0.2.9 - Avanquest)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinZip (HKLM-x32\...\WinZip) (Version:  8.1 SR-1  (5266) - WinZip Computing, Inc.)
YourTemplateFinder Internet Explorer Toolbar (HKLM-x32\...\YourTemplateFinder_brbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-511562707-1761665217-108471329-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-511562707-1761665217-108471329-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-511562707-1761665217-108471329-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
16-11-2014 12:05:42 Windows Update
19-11-2014 08:19:19 Windows Update
13-12-2014 09:21:22 Windows Update
16-12-2014 14:00:14 Installed Java 7 Update 71
18-12-2014 05:10:04 Windows Update
21-12-2014 20:58:05 avast! antivirus system restore point
14-01-2015 21:21:09 Windows Update
08-02-2015 11:51:24 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2BA42AAC-141F-418F-8C93-5874A70B09EE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-10-06] (CyberLink)
Task: {31E5F749-F006-4453-8E37-5804C1212876} - System32\Tasks\avastBCLRestartS-1-5-21-511562707-1761665217-108471329-1000 => Chrome.exe 
Task: {92F655B6-5946-41A3-94E8-7A29968D0ABB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {AF013413-13A0-419C-8FAD-0E1E281A9800} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {B84E1336-2D77-488B-AAB0-ADEBF422BB81} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000Core => C:\Users\Connie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01] (Google Inc.)
Task: {C56CA930-41CE-4083-AF3B-74C881A24212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000UA => C:\Users\Connie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01] (Google Inc.)
Task: {E243D613-7850-4137-8F66-3BFA2739D9C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-21] (AVAST Software)
Task: {E4043C70-03D2-44C4-96FF-7E71AB0472B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000Core.job => C:\Users\Connie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511562707-1761665217-108471329-1000UA.job => C:\Users\Connie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-12 20:20 - 2014-08-12 20:20 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-12-21 21:05 - 2014-12-21 21:05 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-21 21:05 - 2014-12-21 21:05 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-08 12:36 - 2015-02-08 12:36 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020801\algo.dll
2014-12-21 21:05 - 2014-12-21 21:05 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-21 21:06 - 2014-12-21 21:06 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-06 12:23 - 2015-02-04 02:02 - 01117512 _____ () C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 12:23 - 2015-02-04 02:02 - 00211272 _____ () C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 12:23 - 2015-02-04 02:02 - 09170760 _____ () C:\Users\Connie\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-08-12 20:20 - 2014-08-12 20:20 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2010-07-15 15:46 - 2010-07-15 15:46 - 00300368 _____ () C:\Program Files (x86)\Common Files\Antivirus\Vipre.dll
2012-05-25 18:02 - 2012-02-05 12:41 - 00210288 _____ () C:\Program Files (x86)\Common Files\Antivirus\Definitions\libBase64.dll
2012-05-25 18:02 - 2012-02-05 12:41 - 00181616 _____ () C:\Program Files (x86)\Common Files\Antivirus\Definitions\libMachoUniv.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-511562707-1761665217-108471329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-511562707-1761665217-108471329-500 - Administrator - Disabled)
Connie (S-1-5-21-511562707-1761665217-108471329-1000 - Administrator - Enabled) => C:\Users\Connie
Guest (S-1-5-21-511562707-1761665217-108471329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-511562707-1761665217-108471329-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2015 01:50:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2015 01:04:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppIntegrator64.exe, version: 1.0.7.235, time stamp: 0x5446dfe2
Faulting module name: AssistMonitor64.dll, version: 1.0.7.235, time stamp: 0x5446dfc0
Exception code: 0xc0000005
Fault offset: 0x000000000000855f
Faulting process id: 0x438
Faulting application start time: 0xAppIntegrator64.exe0
Faulting application path: AppIntegrator64.exe1
Faulting module path: AppIntegrator64.exe2
Report Id: AppIntegrator64.exe3
 
Error: (02/08/2015 00:53:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2015 00:35:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2015 11:54:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/07/2015 07:35:01 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/07/2015 07:35:01 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/07/2015 07:35:01 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/07/2015 07:35:01 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (02/07/2015 07:34:55 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (02/08/2015 01:50:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemSuite Task Manager service failed to start due to the following error: 
%%1053
 
Error: (02/08/2015 01:50:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemSuite Task Manager service to connect.
 
Error: (02/08/2015 01:49:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemSuite Process Monitor service failed to start due to the following error: 
%%1053
 
Error: (02/08/2015 01:49:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemSuite Process Monitor service to connect.
 
Error: (02/08/2015 01:48:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:45:34 PM on ‎2/‎8/‎2015 was unexpected.
 
Error: (02/08/2015 00:57:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SystemSuite service hung on starting.
 
Error: (02/08/2015 00:50:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SystemSuite Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/08/2015 00:42:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (02/08/2015 00:31:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/08/2015 10:08:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3690.91 MB
Available physical RAM: 2023.52 MB
Total Pagefile: 3945.09 MB
Available Pagefile: 2042.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:415.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27DA6E45)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
Essexboy
Posted 09 February 2015 - 09:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, we have a fair bit to do as you appear to have at least three antivirus programmes running

First could you uninstall the following programmes, if one does not appear on the list or will not uninstall then move on to the next one :

Sunbelt Software
AVG Secure Search
McAfee Security Scan Plus
YourTemplateFinder_br
Ask Toolbar
Avanquest
ARO 2013
CarMD
Optimizer Pro v3.0
Shopping App by Ask
Spam Free Search Toolbar
SystemSuite
SystemSuite Professional

Once you have completed that then do the following :

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-01] ()
HKLM-x32\...\Run: [YourTemplateFinder EPM Support] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brmedint.exe [12872 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [YourTemplateFinder AppIntegrator 32-bit] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator.exe [225864 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [YourTemplateFinder AppIntegrator 64-bit] => C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\AppIntegrator64.exe [258632 2015-01-24] (Mindspark)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [CarMD] => C:\Program Files (x86)\CarMD\CarMD.exe [796672 2010-04-07] (CarMD.com Corp)
HKU\S-1-5-21-511562707-1761665217-108471329-1000\...\Run: [AROReminder] => C:\Program Files (x86)\ARO 2013\ARO.exe [3156312 2013-02-22] (Support.com, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-511562707-1761665217-108471329-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-511562707-1761665217-108471329-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKU\S-1-5-21-511562707-1761665217-108471329-1000 - (No Name) - {25bd87d8-7e35-410f-8acf-6ddcbc9762e7} - C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 -> {fe8a5a30-7831-4eb2-a9e7-8402c384c841} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {7B08A625-BF70-4FD0-A81C-0FF8BCC5A3A3} URL = http://blekko.com/ws...rchTerms}&r=666
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> {fe8a5a30-7831-4eb2-a9e7-8402c384c841} URL = http://search.tb.ask...r={searchTerms}
BHO-x32: No Name -> {3c417c00-968b-48b7-822e-407a82a47ae1} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {f724fe0b-8c05-4498-b99e-9192cf2aecf4} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - {4d283a70-2d2f-4cbb-81da-c75b8df410cc} - No File
Toolbar: HKU\S-1-5-21-511562707-1761665217-108471329-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-06]
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-01-16 08:05:46&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=17.3.1.204&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.0.444&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.5.514&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.7.599&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.786&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={6CF83DC0-BEBB-4EA6-B7CF-E5F06BF475E1}&mid=9c2d1a99b0c247d2a2317d5f6bb13ee4-5bafc7fa905b56b0d53f8db005b5f1e24bfce37f&lang=en&ds=ts019&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 09:39:59&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Extension: (Ask Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2014-12-16]
CHR Extension: (Installation Assistant) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi [2012-10-03]
CHR Extension: (Shopping App by Ask) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahaeginbdcckocjkhbciadcafnep [2015-02-01]
CHR Extension: (Installation Assistant) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmddbcpechilpapallpbdpcekmgibofi [2015-02-01]
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-01-30]
CHR HKLM\...\Chrome\Extension: [aaaaimaoojakejhnaflpfmfgdkpllplb] - C:\ProgramData\AskPartnerNetwork\Toolbar\BCPA1-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaimaoojakejhnaflpfmfgdkpllplb] - C:\ProgramData\AskPartnerNetwork\Toolbar\BCPA1-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Connie\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2012-09-24]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2763080 2010-10-11] (Sunbelt Software)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
R2 YourTemplateFinder_brService; C:\Program Files (x86)\YourTemplateFinder_br\bar\1.bin\brbarsvc.exe [90696 2015-01-24] (Mindspark)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [98392 2010-05-13] (Sunbelt Software)
2015-01-24 07:48 - 2015-01-24 07:48 - 00000000 ____D () C:\Program Files (x86)\YourTemplateFinder_br
2015-02-08 13:51 - 2014-01-14 13:46 - 00002848 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2015-02-08 13:51 - 2014-01-14 13:46 - 00000420 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2015-02-06 12:15 - 2014-01-16 08:04 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe [311024 2012-09-18] (Avanquest Software)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe [81312 2012-09-18] (Avanquest Software)
S2 SystemSuite Task Manager; C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe [537600 2012-09-18] (Avanquest Software)
R3 AQFileRestore; C:\Windows\SysWow64\drivers\AQFileRestore.sys [21104 2012-09-18] ()
S3 KFilter; C:\Program Files (x86)\Avanquest\SystemSuite\KFilter.sys [47856 2012-09-18] ()
S3 TFilter; C:\Program Files (x86)\Avanquest\SystemSuite\TFilter.sys [39616 2012-09-18] ()
SystemSuite (x32 Version: 12.0.2.9 - Avanquest) Hidden
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\YourTemplateFinder_br
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\CarMD
C:\Program Files (x86)\ARO 2013
C:\Program Files\McAfee Security Scan
C:\Program Files (x86)\Common Files\Antivirus
C:\Program Files (x86)\Avanquest
C:\Windows\SysWow64\drivers\AQFileRestore.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
Essexboy
Posted 14 February 2015 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP