Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

extreme slowness


  • Please log in to reply

#1
bbj

bbj

    Member

  • Member
  • PipPip
  • 64 posts

working on my sister's computer and it's really slow. takes a long time starting and has a bunch of programs running in the background. hopefully it just needs some cleaning and it isn't infected, but i wanted to be sure.

 

OTL.txt

OTL logfile created on: 1/9/2015 7:17:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\the Hoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 4.80 Gb Available Physical Memory | 61.95% Memory free
15.49 Gb Paging File | 12.39 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 360.88 Gb Free Space | 19.37% Space Free | Partition Type: NTFS
Drive D: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 1.71 Gb Free Space | 89.43% Space Free | Partition Type: FAT
 
Computer Name: THEHOFF-PC | User Name: the Hoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/09 19:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
PRC - [2014/12/21 22:31:16 | 001,872,520 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2014/12/21 22:31:16 | 000,034,952 | ---- | M] (Python Software Foundation) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2014/12/21 22:31:14 | 005,142,664 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2014/12/12 03:25:42 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\[]TOOLS[]\Avast\avastui.exe
PRC - [2014/12/08 19:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/12/02 13:53:16 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
PRC - [2014/11/17 12:09:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
PRC - [2014/10/27 16:07:11 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/08/26 15:47:14 | 001,110,880 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/18 22:40:24 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2013/10/18 22:36:14 | 001,517,128 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2013/09/19 17:36:28 | 001,782,576 | ---- | M] (Actual Tools) -- C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
PRC - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/03/23 06:17:43 | 000,417,280 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/09 19:05:15 | 000,043,008 | ---- | M] () -- c:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptkjz4_.dll
MOD - [2014/12/21 22:31:50 | 000,043,656 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2014/12/21 22:31:50 | 000,034,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2014/12/21 22:31:48 | 000,836,232 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2014/12/21 22:31:48 | 000,192,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2014/12/21 22:31:48 | 000,054,920 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2014/12/21 22:31:48 | 000,017,032 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2014/12/21 22:31:46 | 000,044,680 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2014/12/21 22:31:46 | 000,027,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2014/12/21 22:31:44 | 000,081,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2014/12/21 22:31:44 | 000,018,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2014/12/21 22:31:42 | 000,689,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2014/12/21 22:31:42 | 000,111,240 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2014/12/21 22:31:42 | 000,072,840 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
MOD - [2014/12/21 22:31:42 | 000,016,520 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2014/12/21 22:31:40 | 000,502,920 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2014/12/21 22:31:38 | 000,049,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2014/12/21 22:31:36 | 000,086,664 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2014/12/21 22:31:32 | 002,092,680 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
MOD - [2014/12/21 22:31:32 | 001,883,272 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
MOD - [2014/12/21 22:31:30 | 000,838,792 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2014/12/21 22:31:30 | 000,166,024 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2014/12/21 22:31:28 | 000,196,232 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
MOD - [2014/12/21 22:31:28 | 000,062,600 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2014/12/02 13:53:15 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\mozjs.dll
MOD - [2014/11/17 12:10:31 | 038,562,088 | ---- | M] () -- C:\Program Files\[]TOOLS[]\Avast\libcef.dll
MOD - [2014/11/13 03:26:57 | 001,947,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b597c30ed765fa6d99a12f00c3314394\Microsoft.VisualBasic.ni.dll
MOD - [2014/11/13 03:26:52 | 000,805,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014/10/21 16:22:50 | 000,750,080 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 16:22:50 | 000,047,616 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 16:22:48 | 000,863,744 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 16:22:46 | 000,200,704 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/14 23:11:00 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/14 23:10:58 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/14 23:10:58 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/14 23:10:56 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/14 23:10:55 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/14 23:10:54 | 010,100,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/08/26 15:47:16 | 000,436,576 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2014/08/26 15:47:16 | 000,318,304 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2014/02/26 03:07:34 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/23 06:17:43 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/17 12:09:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/17 12:08:40 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/04/09 05:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/24 14:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2015/01/02 11:07:43 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/02 13:53:15 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/18 22:36:28 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/21 15:55:59 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/17 12:10:43 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/17 12:10:42 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/17 12:10:42 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/17 12:10:41 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/17 12:10:41 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/17 12:10:41 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/17 12:10:40 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/17 12:08:40 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Disabled | Unknown] -- C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/03/18 16:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/18 16:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/03/18 16:24:36 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2014/03/18 16:24:34 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 07:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/15 04:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/01 09:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 08:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 02:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5807584B-75B6-465D-88B0-3C4AC684276C}
IE:64bit: - HKLM\..\SearchScopes\{5807584B-75B6-465D-88B0-3C4AC684276C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B01640CD-4AE7-4121-9097-F4E61054E570}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {B01640CD-4AE7-4121-9097-F4E61054E570}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{B01640CD-4AE7-4121-9097-F4E61054E570}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.minwidth: 156
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1.3
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7Bdc0fa13c-3dae-73eb-e852-912722c852f9%7D:0.3.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: CLEO%40guid.customsoftwareconsult.com:6.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.12
FF - prefs.js..extensions.enabledAddons: undoclosedtabsbutton%40supernova00.biz:3.9.3
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:3.2
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:8.2
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.18
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\the Hoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\[]TOOLS[]\Avast\WebRep\FF [2014/11/17 12:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/08/12 22:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\components [2014/12/02 13:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins [2014/12/02 13:53:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
 
[2011/03/03 12:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Extensions
[2015/01/09 19:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions
[2014/12/10 10:06:19 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/12/08 10:10:35 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/03 13:55:57 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011/03/03 13:55:51 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/03/09 18:57:02 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2014/09/08 18:32:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/03 13:55:52 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
[2011/03/03 13:55:51 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2014/07/10 07:17:35 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2014/09/24 18:49:06 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2012/03/31 19:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2011/03/03 13:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2011/03/03 13:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2011/03/03 13:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2011/03/03 13:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/03/03 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2014/11/20 19:12:16 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2012/03/31 06:50:28 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/19 09:45:50 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2014/12/04 12:14:32 | 000,197,276 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2014/10/08 13:09:25 | 000,039,197 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2014/10/20 16:48:39 | 000,537,656 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/06/04 18:01:21 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2014/10/20 12:25:11 | 000,020,242 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2015/01/09 19:18:33 | 002,057,151 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/06/07 12:04:10 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2013/04/13 14:40:48 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/09/17 20:49:22 | 000,242,715 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/06/04 18:01:21 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2014/11/12 19:12:19 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/17 20:00:59 | 000,003,147 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}.xpi
[2014/05/04 22:21:34 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/10/31 09:45:37 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/12/07 17:38:16 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 09:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 08:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2013/09/26 13:28:15 | 000,001,913 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\mycroft-project.xml
[2014/12/12 19:13:21 | 000,002,488 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\youtube.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - default_search_provider: A1370F28A391521539184D6046DC845CA35F4B0A8565421DDBAC62ADC3C42DC0 (Enabled)
CHR - default_search_provider: search_url = BF2153C16D756A94860215C7A8439CE8B6403C0E5603BFE580FC88DB94360F9A
CHR - default_search_provider: suggest_url =
CHR - homepage: 9A9FF161B8C08817C84B67F2FA3FB4FFA0ADA54C9B795D9CE87E70CD0795A0C7
CHR - Extension: Google Drive = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Avast Online Security = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: Avast Online Security = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: Google Wallet = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/09/25 12:25:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKCU..\Run: [Actual Multiple Monitors] C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe (Actual Tools)
O4 - HKCU..\Run: [CursorFX] C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B045C6-0DBA-4926-8B56-159FF565315A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O33 - MountPoints2\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f}\Shell\AutoRun\command - "" = L:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/09 19:16:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
[2015/01/06 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2015/01/06 11:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2015/01/02 11:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/02 11:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/12/26 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\AppData\Local\Plex Media Server
[2014/12/26 17:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2014/12/26 17:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2014/12/26 17:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/12/18 12:54:35 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\Desktop\Pictures off Mandy's phone 12-18-2014
[2014/12/18 12:53:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon2.0_Log
[2014/12/18 12:53:25 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\AppData\Roaming\VERIZON
[2014/12/15 11:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2014/12/15 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\AppData\Local\Citrix
[11 C:\Users\the Hoff\Documents\*.tmp files -> C:\Users\the Hoff\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/09 19:24:05 | 000,000,544 | ---- | M] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
[2015/01/09 19:19:51 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/09 19:19:51 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/09 19:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
[2015/01/09 19:04:13 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/09 19:03:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/09 19:03:36 | 1944,719,359 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/06 14:56:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/06 14:46:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/06 11:40:59 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/01/06 11:40:59 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/01/06 08:17:10 | 000,786,578 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/06 08:17:10 | 000,665,304 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/06 08:17:10 | 000,123,112 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/05 14:31:07 | 000,019,448 | ---- | M] () -- C:\Users\the Hoff\Desktop\10451650_10204254144167068_6268355639048558052_n.jpg
[2015/01/04 14:28:22 | 000,558,714 | ---- | M] () -- C:\Users\the Hoff\Desktop\11266_Starter_Kit_Flyer_US_WEB.pdf
[2015/01/01 13:13:05 | 000,036,453 | ---- | M] () -- C:\Users\the Hoff\Desktop\10906199_769586233110359_4886365575943365343_n.jpg
[2014/12/27 18:29:47 | 000,098,874 | ---- | M] () -- C:\Users\the Hoff\Desktop\11371_End_of_Year_Flyer_US_lores.pdf
[2014/12/24 14:41:50 | 002,105,008 | ---- | M] () -- C:\Users\the Hoff\Desktop\download_20141218_225341.jpeg
[2014/12/16 22:03:58 | 000,001,150 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/12/15 12:20:30 | 000,235,633 | ---- | M] () -- C:\Users\the Hoff\Desktop\10873002_10204656441665427_7299825460784694091_o.jpg
[2014/12/15 12:20:10 | 000,160,830 | ---- | M] () -- C:\Users\the Hoff\Desktop\10866213_10204656479146364_5517118639090790789_o.jpg
[2014/12/15 11:54:40 | 001,042,628 | ---- | M] () -- C:\Users\the Hoff\Desktop\11392_JAN15_HS_US_Combined_Final.pdf
[2014/12/15 11:26:43 | 000,078,808 | ---- | M] () -- C:\Users\the Hoff\Desktop\10868192_10203334188503162_7806083871633330140_n.jpg
[2014/12/15 11:26:02 | 000,091,081 | ---- | M] () -- C:\Users\the Hoff\Desktop\10688462_841154455943295_5452542407191263943_o.jpg
[2014/12/15 11:25:47 | 000,085,120 | ---- | M] () -- C:\Users\the Hoff\Desktop\1501025_841153382610069_4535495853193058627_o.jpg
[2014/12/15 11:25:34 | 000,083,315 | ---- | M] () -- C:\Users\the Hoff\Desktop\10838275_841153199276754_7108543570504921912_o.jpg
[2014/12/15 11:25:21 | 000,088,177 | ---- | M] () -- C:\Users\the Hoff\Desktop\10856643_841152635943477_5933600009805470548_o.jpg
[2014/12/15 11:24:56 | 000,065,490 | ---- | M] () -- C:\Users\the Hoff\Desktop\10845894_841151475943593_5333808386377634965_o.jpg
[2014/12/15 11:24:34 | 000,083,122 | ---- | M] () -- C:\Users\the Hoff\Desktop\10864006_841152385943502_45739359078370745_o.jpg
[11 C:\Users\the Hoff\Documents\*.tmp files -> C:\Users\the Hoff\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/05 14:31:04 | 000,019,448 | ---- | C] () -- C:\Users\the Hoff\Desktop\10451650_10204254144167068_6268355639048558052_n.jpg
[2015/01/04 14:28:18 | 000,558,714 | ---- | C] () -- C:\Users\the Hoff\Desktop\11266_Starter_Kit_Flyer_US_WEB.pdf
[2015/01/02 11:07:59 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/01/02 11:07:59 | 000,001,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/01/01 13:13:02 | 000,036,453 | ---- | C] () -- C:\Users\the Hoff\Desktop\10906199_769586233110359_4886365575943365343_n.jpg
[2014/12/27 18:29:47 | 000,098,874 | ---- | C] () -- C:\Users\the Hoff\Desktop\11371_End_of_Year_Flyer_US_lores.pdf
[2014/12/24 14:41:39 | 002,105,008 | ---- | C] () -- C:\Users\the Hoff\Desktop\download_20141218_225341.jpeg
[2014/12/15 12:20:27 | 000,235,633 | ---- | C] () -- C:\Users\the Hoff\Desktop\10873002_10204656441665427_7299825460784694091_o.jpg
[2014/12/15 12:20:07 | 000,160,830 | ---- | C] () -- C:\Users\the Hoff\Desktop\10866213_10204656479146364_5517118639090790789_o.jpg
[2014/12/15 11:54:40 | 001,042,628 | ---- | C] () -- C:\Users\the Hoff\Desktop\11392_JAN15_HS_US_Combined_Final.pdf
[2014/12/15 11:26:40 | 000,078,808 | ---- | C] () -- C:\Users\the Hoff\Desktop\10868192_10203334188503162_7806083871633330140_n.jpg
[2014/12/15 11:25:59 | 000,091,081 | ---- | C] () -- C:\Users\the Hoff\Desktop\10688462_841154455943295_5452542407191263943_o.jpg
[2014/12/15 11:25:44 | 000,085,120 | ---- | C] () -- C:\Users\the Hoff\Desktop\1501025_841153382610069_4535495853193058627_o.jpg
[2014/12/15 11:25:31 | 000,083,315 | ---- | C] () -- C:\Users\the Hoff\Desktop\10838275_841153199276754_7108543570504921912_o.jpg
[2014/12/15 11:25:18 | 000,088,177 | ---- | C] () -- C:\Users\the Hoff\Desktop\10856643_841152635943477_5933600009805470548_o.jpg
[2014/12/15 11:24:53 | 000,065,490 | ---- | C] () -- C:\Users\the Hoff\Desktop\10845894_841151475943593_5333808386377634965_o.jpg
[2014/12/15 11:24:31 | 000,083,122 | ---- | C] () -- C:\Users\the Hoff\Desktop\10864006_841152385943502_45739359078370745_o.jpg
[2014/12/15 11:10:01 | 000,000,544 | ---- | C] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
[2013/09/24 21:04:06 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-THEHOFF-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2011/08/12 20:20:48 | 000,007,680 | ---- | C] () -- C:\Users\the Hoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/22 15:03:21 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Actual Tools
[2012/12/21 18:27:33 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Amazon
[2011/03/04 07:20:11 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Auslogics
[2013/12/01 20:39:26 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\AVAST Software
[2014/01/20 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Blackboard
[2014/04/17 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\calibre
[2011/04/30 10:25:39 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Canon
[2012/04/21 10:07:33 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/19 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\com.wwnorton.WTS3-iLGs
[2013/12/25 20:03:13 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\dBpoweramp
[2015/01/09 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Dropbox
[2015/01/03 21:58:54 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\HandBrake
[2013/01/29 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\IrfanView
[2014/01/23 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Leadertech
[2011/03/05 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\MoveFab
[2011/03/03 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Outertech
[2014/01/23 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Seagate
[2014/12/21 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Spotify
[2015/01/01 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\TeraCopy
 
========== Purity Check ==========
 
 

< End of report >
 

Extras.txt

OTL Extras logfile created on: 1/9/2015 7:17:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\the Hoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 4.80 Gb Available Physical Memory | 61.95% Memory free
15.49 Gb Paging File | 12.39 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 360.88 Gb Free Space | 19.37% Space Free | Partition Type: NTFS
Drive D: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.92 Gb Total Space | 1.71 Gb Free Space | 89.43% Space Free | Partition Type: FAT
 
Computer Name: THEHOFF-PC | User Name: the Hoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini[@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini [@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.txt [@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\[]TOOLS[]\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\[]TOOLS[]\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B68986-1ADB-4F33-A09F-D5C85D788CB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E17E818-88B9-41B2-9605-67F8EDE7A693}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{117F1ACB-E49F-4330-890A-4ABE078DF032}" = lport=445 | protocol=6 | dir=in | app=system |
"{25AF7653-9EB0-4C4F-B8A6-EB412F7D2220}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{334F281E-1D8C-493D-B1A9-4326231EE6FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4EC1D028-1292-40A4-8415-399B97E4C5C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{538A555E-F339-4664-9D7B-33D2BFAABD8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{53EA1340-B741-4A3D-AB9D-F110BF853DBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63442658-C06E-41C9-AD02-70600F7D43C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BB592B3-E543-429F-964E-9457C21662D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C9E6C80-F89B-4289-ABB1-66B4D0C85DE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A2661CC2-CCCA-4CEB-B628-0B9D22B98F8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4C4A38C-416B-4783-9B59-9BE45DAB433C}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2B0D7AB-A572-4211-8C37-53933C5149C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB0C5C1B-110F-43CB-908D-4163B10C49BD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D153C91-2B50-40D6-B962-3FDD5FE33C54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C771021-44CE-45D1-B4CC-6E5A66610E25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A2E8B97-A379-4336-9EC4-2679EF88724B}" = protocol=6 | dir=in | app=c:\program files\[]tools[]\avast\ng\vbox\aswfe.exe |
"{48F16599-8208-489A-BF7F-63DADD51B6B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5FF5E7A1-44EB-4C8A-B38B-3C5C02F7399B}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{7F946ED7-FE9C-45EA-939B-17592F658E11}" = protocol=58 | dir=out | [email protected],-28546 |
"{83EF87D9-4AA0-4F07-869F-9ED6106125CF}" = protocol=1 | dir=out | [email protected],-28544 |
"{867AB9B8-E0FF-482E-9FC7-73F3581F2F4D}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{951FE704-D88D-4A9D-AD18-AE2C1AB6DB6D}" = protocol=6 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{9DF7625F-625F-4788-BA22-A090570E8C65}" = protocol=58 | dir=in | [email protected],-28545 |
"{AC25C83C-51B4-4169-8CFF-3DB79068F038}" = protocol=1 | dir=in | [email protected],-28543 |
"{B0D0959C-54A6-4FF4-B942-2FCE0BF5A013}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B8B3C65B-B87F-40F5-A720-B3D593462B2A}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{BA3B7216-5D48-4947-AD18-0A4E4BD1E1B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3F83AE7-548F-4762-88F9-6ECC9884A5F5}" = protocol=17 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{FA24A23F-3B8D-422C-996A-32F832C3A679}" = protocol=17 | dir=in | app=c:\program files\[]tools[]\avast\ng\vbox\aswfe.exe |
"TCP Query User{44138902-AC97-429A-B961-D2AA0CB4F1C3}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
"TCP Query User{C4F9352F-0EBD-403E-8003-F5DE6DEF7948}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{20FF6F98-2A54-4CAA-AED4-74E08C50EC09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{F088E644-25E6-48AA-9907-4284F1E6BBF6}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}" = PDF-XChange Viewer
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"sp6" = Logitech SetPoint 6.65
"TeraCopy_is1" = TeraCopy 2.12
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{09076BCB-56D7-483C-969E-1723E9FC3F4E}" = calibre
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-997AF4905D9C}" = FLV.com FLV Converter 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 71
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{51399947-35EF-10B8-FC7F-0D435C701A2D}" = Catalyst Control Center InstallProxy
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7425d872-d65d-42c9-8c6d-7a8a529a4b50}" = Plex Media Server
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{845DE456-3003-28B9-4022-1552B8974F16}" = WTS3_iLGs
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C126D2F-7B21-4DE4-90CA-1BC30DA6DE95}" = Plex Media Server
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}" = Citrix Online Launcher
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C60F3836-333A-4AE2-B526-CFDBA143A9BA}" = Google Drive
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}" = Evernote v. 5.6.4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"7-Zip" = 7-Zip 9.20
"Actual Multiple Monitors_is1" = Actual Multiple Monitors 8.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Aleks 3.14" = Aleks 3.14
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"avast" = Avast Free Antivirus
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.wwnorton.WTS3-iLGs" = WTS3_iLGs
"CursorFX" = CursorFX
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
"dBpoweramp CLI Encoder" = dBpoweramp CLI Encoder
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GetDiz 4.5" = GetDiz 4.5
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"JumpStart Languages" = JumpStart Languages
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Revo Uninstaller" = Revo Uninstaller 1.91
"The KMPlayer" = The KMPlayer (remove only)
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 7.0.5.2152
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/30/2014 3:28:23 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
 
Error - 8/30/2014 3:28:24 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/30/2014 3:28:24 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022
 
Error - 8/30/2014 3:28:24 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022
 
Error - 8/30/2014 3:28:25 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/30/2014 3:28:25 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
 
Error - 8/30/2014 3:28:25 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error - 8/30/2014 3:28:26 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/30/2014 3:28:26 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018
 
Error - 8/30/2014 3:28:26 AM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018
 
[ Media Center Events ]
Error - 12/13/2014 1:11:32 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:11:31 AM - Failed to retrieve SportsV2 (Error: Unable to connect
 to the remote server)  
 
Error - 12/15/2014 1:10:50 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:10:50 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 12/15/2014 1:11:01 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:11:01 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 12/15/2014 2:11:14 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 10:11:14 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 1:36:40 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:36:24 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 2:36:55 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 10:36:50 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/16/2014 3:37:02 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 11:37:01 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/18/2014 1:31:18 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:31:18 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 12/18/2014 1:31:23 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:31:23 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 12/18/2014 1:31:34 PM | Computer Name = theHoff-PC | Source = MCUpdate | ID = 0
Description = 9:31:29 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 1/2/2015 2:34:00 AM | Computer Name = theHoff-PC | Source = DCOM | ID = 10010
Description =
 
Error - 1/2/2015 2:56:33 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
   %%5
 
Error - 1/2/2015 2:57:36 PM | Computer Name = theHoff-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.0.2.  The computer with the IP address 192.168.0.16 did not
 allow the name to be claimed by  this computer.
 
Error - 1/2/2015 3:09:37 PM | Computer Name = theHoff-PC | Source = DCOM | ID = 10010
Description =
 
Error - 1/6/2015 4:51:18 PM | Computer Name = theHoff-PC | Source = DCOM | ID = 10010
Description =
 
Error - 1/6/2015 5:35:11 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
   %%5
 
Error - 1/6/2015 5:42:04 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 1/6/2015 7:43:49 PM | Computer Name = theHoff-PC | Source = DCOM | ID = 10010
Description =
 
Error - 1/9/2015 11:04:43 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Seagate
 Dashboard Services service to connect.
 
Error - 1/9/2015 11:05:51 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
   %%5
 
 
< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
     
     

    • 0

    #3
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    thanks for your help, i will reply with the rest of the scans as they are run.

     

     

    # AdwCleaner v4.107 - Report created 12/01/2015 at 16:52:11
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-12.3 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : the Hoff - THEHOFF-PC
    # Running from : C:\Users\the Hoff\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    File Deleted : C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\invalidprefs.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v34.0 (x86 en-US)

    [7fhx2nxa.default\prefs.js] - Line Deleted : user_pref("extensions.aniweather.timeShifted", 351183);

    -\\ Google Chrome v39.0.2171.95

    [C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [1437 octets] - [12/01/2015 15:46:34]
    AdwCleaner[S0].txt - [1379 octets] - [12/01/2015 16:52:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1439 octets] ##########


    • 0

    #4
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by the Hoff on Mon 01/12/2015 at 17:13:04.71
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/12/2015 at 17:16:45.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #5
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by the Hoff (administrator) on THEHOFF-PC on 12-01-2015 17:49:36
    Running from C:\Users\the Hoff\Desktop
    Loaded Profile: the Hoff (Available profiles: the Hoff)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Stardock Corporation) C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
    (Spotify Ltd) C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Dropbox, Inc.) C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Avast Software) C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1782576 2013-09-19] (Actual Tools)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Spotify Web Helper] => C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-27] (Spotify Ltd)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f} - H:\TL_Bootstrap.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {912af8cb-85b2-11e3-8d84-bcaec54f1b9f} - L:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} - K:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} - H:\VZW_Software_upgrade_assistant.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
    SearchScopes: HKLM -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL =
    SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No File
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default
    FF Homepage: chrome://fastdial/content/fastdial.html
    FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=1.1.7 -> C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: @citrixonline.com/appdetectorplugin -> C:\Users\the Hoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
    FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\mycroft-project.xml
    FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\youtube.xml
    FF Extension: CLEO - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2014-07-10]
    FF Extension: Fast Dial - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2014-09-24]
    FF Extension: No Name - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-03]
    FF Extension: Flashblock - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
    FF Extension: FEBE - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-08]
    FF Extension: Aquatint Slate - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{526fd696-27a0-11dc-8314-0800200c9a66} [2011-03-03]
    FF Extension: Aquatint Black - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2011-03-03]
    FF Extension: Noia 2.0 (eXtreme) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-03-09]
    FF Extension: DownloadHelper - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
    FF Extension: Gradient iBlu - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66} [2011-03-03]
    FF Extension: Gradient iCool - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2011-03-03]
    FF Extension: Webmail Ad Blocker - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
    FF Extension: QuickDrag - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2012-03-30]
    FF Extension: Restartless Restart - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
    FF Extension: Thumbnail Zoom Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
    FF Extension: Undo Closed Tabs Button - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
    FF Extension: Session Manager - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-03]
    FF Extension: Image Zoom - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-15]
    FF Extension: Nuke Anything Enhanced - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2014-10-19]
    FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2011-06-26]
    FF Extension: Unhide Passwords - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-06-07]
    FF Extension: Text Link - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2012-12-29]
    FF Extension: Gmail Manager - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2011-09-17]
    FF Extension: SmoothWheel (mozdev.org) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
    FF Extension: Adblock Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
    FF Extension: MileWideBack - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}.xpi [2011-10-16]
    FF Extension: DownThemAll! - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-06-26]
    FF Extension: Greasemonkey - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF [2011-03-03]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-12]
    FF HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Profile: C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
    CHR Extension: (Avast Online Security) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-12]
    CHR Extension: (Google Wallet) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
    CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEHOF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
    R2 avast! Antivirus; C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
    R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
    U4 VBoxAswDrv; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
    S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-12 17:49 - 2015-01-12 17:50 - 00027020 _____ () C:\Users\the Hoff\Desktop\FRST.txt
    2015-01-12 17:49 - 2015-01-12 17:49 - 00000000 ____D () C:\FRST
    2015-01-12 17:47 - 2015-01-12 17:47 - 02124288 _____ (Farbar) C:\Users\the Hoff\Desktop\FRST64.exe
    2015-01-12 17:13 - 2015-01-12 17:13 - 00000000 ____D () C:\windows\ERUNT
    2015-01-12 17:10 - 2015-01-12 17:10 - 01707939 _____ (Thisisu) C:\Users\the Hoff\Desktop\JRT.exe
    2015-01-12 15:46 - 2015-01-12 16:52 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 15:37 - 2015-01-12 15:37 - 02191360 _____ () C:\Users\the Hoff\Desktop\AdwCleaner.exe
    2015-01-09 21:59 - 2015-01-09 22:00 - 00000000 ____D () C:\Users\the Hoff\Desktop\clutter
    2015-01-09 19:16 - 2015-01-09 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\the Hoff\Desktop\OTL.exe
    2015-01-06 11:40 - 2015-01-06 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-01-06 11:40 - 2015-01-06 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-01-02 11:13 - 2015-01-02 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-01-02 11:13 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-02 11:13 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2015-01-02 11:13 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2015-01-02 11:10 - 2015-01-02 11:13 - 00004876 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
    2015-01-02 11:08 - 2015-01-06 11:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2014-12-26 17:07 - 2014-12-26 17:12 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Plex Media Server
    2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-12-26 17:04 - 2014-12-26 17:04 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-12-26 17:03 - 2014-12-26 17:03 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-12-26 16:58 - 2014-12-26 17:01 - 86795776 _____ (Plex, Inc.) C:\Users\the Hoff\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe
    2014-12-18 12:54 - 2014-12-18 12:59 - 00000000 ____D () C:\Users\the Hoff\Desktop\Pictures off Mandy's phone 12-18-2014
    2014-12-18 12:53 - 2014-12-18 12:53 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\VERIZON
    2014-12-18 12:53 - 2014-12-18 12:53 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
    2014-12-17 12:51 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-17 12:51 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-15 11:10 - 2015-01-12 17:24 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
    2014-12-15 11:10 - 2015-01-01 21:51 - 00003584 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001
    2014-12-15 11:10 - 2014-12-15 11:10 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-12-15 11:09 - 2014-12-15 11:09 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Citrix
    2014-12-15 11:02 - 2014-12-15 11:02 - 00298040 _____ (Citrix Online) C:\Users\the Hoff\Desktop\GoToWebinar Launcher.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-12 17:46 - 2013-01-22 15:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-12 17:05 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 17:05 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 17:02 - 2013-10-01 12:45 - 01594323 _____ () C:\windows\WindowsUpdate.log
    2015-01-12 16:57 - 2012-07-05 05:19 - 00004172 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-01-12 16:57 - 2011-03-04 10:14 - 00000000 ___RD () C:\Users\the Hoff\Dropbox
    2015-01-12 16:57 - 2011-03-04 10:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Dropbox
    2015-01-12 16:56 - 2012-02-20 14:35 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 16:54 - 2012-02-20 14:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 16:54 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-12 16:53 - 2014-11-19 03:20 - 00027658 _____ () C:\windows\PFRO.log
    2015-01-12 16:53 - 2014-11-03 23:53 - 00096452 _____ () C:\windows\setupact.log
    2015-01-12 15:38 - 2011-06-30 20:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Adobe
    2015-01-09 22:00 - 2011-03-03 16:00 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\TeraCopy
    2015-01-06 08:17 - 2009-07-13 21:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-01-06 04:36 - 2011-03-03 12:16 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2015-01-03 21:59 - 2011-04-01 21:28 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\vlc
    2015-01-03 21:58 - 2013-01-24 19:05 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\HandBrake
    2015-01-02 11:13 - 2013-09-19 17:08 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-02 11:12 - 2014-01-20 18:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-02 11:07 - 2013-01-22 15:27 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-02 11:07 - 2013-01-22 15:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-02 11:07 - 2011-07-31 15:39 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-01 13:22 - 2014-08-24 11:34 - 00000000 ____D () C:\Users\the Hoff\Desktop\Norwex stuff
    2014-12-29 19:51 - 2011-03-04 12:47 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\CrashDumps
    2014-12-21 10:27 - 2013-03-23 19:14 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Spotify
    2014-12-19 14:06 - 2013-03-23 19:16 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Spotify
    2014-12-18 12:26 - 2013-09-19 17:19 - 00000000 ____D () C:\Program Files (x86)\Windows 7 Logon Background Changer
    2014-12-16 22:03 - 2011-03-04 10:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    Some content of TEMP:
    ====================
    C:\Users\the Hoff\AppData\Local\Temp\ammemb.dll
    C:\Users\the Hoff\AppData\Local\Temp\ammemb64.dll
    C:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3w5yh8.dll
    C:\Users\the Hoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\the Hoff\AppData\Local\Temp\Quarantine.exe
    C:\Users\the Hoff\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 00:55

    ==================== End Of Log ============================


    • 0

    #6
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by the Hoff at 2015-01-12 17:50:15
    Running from C:\Users\the Hoff\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
    Actual Multiple Monitors 8.0 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0 - Actual Tools)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Aleks 3.14 (HKLM-x32\...\Aleks 3.14) (Version:  - )
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{897BE4A7-682B-7375-BBAF-05A44FC2B524}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
    Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM-x32\...\{09076BCB-56D7-483C-969E-1723E9FC3F4E}) (Version: 1.32.0 - Kovid Goyal)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
    Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
    Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
    Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
    CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
    CursorFX (HKLM-x32\...\CursorFX) (Version:  - Stardock Corporation)
    CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
    dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version:  - )
    dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
    dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version:  - )
    dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
    dBpoweramp CLI Encoder (HKLM-x32\...\dBpoweramp CLI Encoder) (Version:  - )
    dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version:  - )
    dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version:  - )
    dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
    dBpoweramp m4a Utilities (HKLM-x32\...\dBpoweramp m4a Utilities) (Version:  - )
    dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
    dBpoweramp Mp2 and BwfMp2 codec (HKLM-x32\...\dBpoweramp Mp2 and BwfMp2 codec) (Version:  - )
    dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2 (v4.0.3) - Illustrate)
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
    dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version:  - )
    dBpoweramp Real Audio (Helix) Encoder (HKLM-x32\...\dBpoweramp Real Audio (Helix) Encoder) (Version:  - )
    dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version:  - )
    dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version:  - )
    dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version:  - )
    dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
    Dropbox (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    DVDFab 8.0.6.1 (18/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
    FLV.com FLV Converter 4.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-997AF4905D9C}) (Version: 4.7 - GreenTree Applications SRL)
    GetDiz 4.5 (HKLM-x32\...\GetDiz 4.5) (Version: 4.5 - Outertech)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
    HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
    JumpStart Languages (HKLM-x32\...\JumpStart Languages) (Version:  - )
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.19.2900 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
    Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Revo Uninstaller 1.91 (HKLM-x32\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
    Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.42.0 - Seagate)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Spotify (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
    WTS3_iLGs (HKLM-x32\...\com.wwnorton.WTS3-iLGs) (Version: 1.0 - UNKNOWN)
    WTS3_iLGs (x32 Version: 1.0 - UNKNOWN) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    13-11-2014 03:00:45 Windows Update
    17-11-2014 12:04:03 avast! antivirus system restore point
    18-11-2014 03:03:12 Windows Update
    19-11-2014 03:00:14 Windows Update
    25-11-2014 09:22:36 Windows Update
    02-12-2014 02:25:19 Windows Update
    09-12-2014 02:25:52 Windows Update
    10-12-2014 03:00:28 Windows Update
    12-12-2014 03:00:32 Windows Update
    16-12-2014 16:55:10 Windows Update
    18-12-2014 03:00:29 Windows Update
    23-12-2014 10:06:28 Windows Update
    26-12-2014 17:02:22 Plex Media Server
    26-12-2014 17:08:38 Windows Update
    30-12-2014 03:51:39 Windows Update
    02-01-2015 11:09:08 Installed Java 7 Update 71
    02-01-2015 11:09:38 Windows Update
    06-01-2015 08:30:47 Windows Update
    09-01-2015 19:17:39 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2013-09-25 12:25 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {12A83DF3-8D6F-40A3-AFA4-6E482BCE9251} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {184FC201-EE9F-4ACB-A34E-F93250F8FD28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {1C1C81DE-1C20-4FED-87BC-0BD2A164D4D7} - System32\Tasks\the Hoff DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-10-18] (Seagate Technology LLC)
    Task: {1F9CEEF6-10E4-4D92-AF84-A12B38C19986} - System32\Tasks\the Hoff Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
    Task: {31850D9E-F66E-488F-86FD-5319445DAD99} - System32\Tasks\avast! Emergency Update => C:\Program Files\[]TOOLS[]\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
    Task: {37C24772-6096-4852-9F2F-9BD112FA9BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {3E75F997-9576-46F1-9FD6-B72B45C280DB} - System32\Tasks\AdobeAAMUpdater-1.0-theHoff-PC-the Hoff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {61D5FAE9-2E2B-44D5-9798-B660CA7647A1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-10-18] (Seagate Technology LLC)
    Task: {6CA54804-74C3-4865-AE4C-E14A575CAE65} - System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-01] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6CC22947-C959-4F4A-9C1A-4694BE0AB57C} - System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => pcalua.exe -a C:\Windows\UnJSLang.exe -d C:\windows
    Task: {75EF693D-DEFD-46D3-8E23-AC2048A07FF6} - System32\Tasks\the Hoff => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
    Task: {99BF1AB0-AF5C-47C5-9E0D-217DE75D449E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {A942DC52-D8BA-424C-A4D6-090C17D4E6EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B527F042-33F2-4252-8A9B-3D7149FAAE8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {C07B0ED4-21B5-4B66-9E4C-E9583ECC7ED0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {DB6A2E96-223A-4B93-ACC5-91EFA6C2F108} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
    Task: {F0B83D53-FF5B-4C96-9CBD-69A98104A1EF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {FEEBFBA3-7517-48F0-9623-3922637009F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2152\g2mupdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-17 12:08 - 2014-11-17 12:08 - 00388208 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxDDU.dll
    2014-11-17 12:08 - 2014-11-17 12:08 - 05851328 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxRT.dll
    2011-03-03 15:36 - 2009-06-21 07:52 - 00318976 _____ () C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll
    2015-01-12 15:34 - 2015-01-12 15:34 - 02909696 _____ () C:\Program Files\[]TOOLS[]\Avast\defs\15011201\algo.dll
    2014-11-17 12:09 - 2014-11-17 12:09 - 04495336 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-03-23 06:17 - 2010-03-23 06:17 - 00059904 _____ () C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-12 16:56 - 2015-01-12 16:56 - 00043008 _____ () c:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3w5yh8.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-11-17 12:10 - 2014-11-17 12:10 - 38562088 _____ () C:\Program Files\[]TOOLS[]\Avast\libcef.dll
    2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\[]TOOLS[]\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\[]TOOLS[]\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Spotify => "C:\Users\the Hoff\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: VMM Mode Selection => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3472861432-3466800176-631802751-500 - Administrator - Disabled)
    Guest (S-1-5-21-3472861432-3466800176-631802751-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3472861432-3466800176-631802751-1006 - Limited - Enabled)
    the Hoff (S-1-5-21-3472861432-3466800176-631802751-1001 - Administrator - Enabled) => C:\Users\the Hoff

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Phenom™ II X4 955 Processor
    Percentage of memory in use: 25%
    Total physical RAM: 7934.18 MB
    Available physical RAM: 5883.21 MB
    Total Pagefile: 15866.53 MB
    Available Pagefile: 13790.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:351.87 GB) NTFS
    Drive d: (My DVD) (CDROM) (Total:4.23 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Uninstall:

     

    McAfee Security Scan Plus

     

    lear the Java Cache by following the instructions on

     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar, McAfee Security Scan or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    We can clean up some deadwood with FRST:
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     Still waiting for the speccy and proc explorer.  I am not seeing an infection but you might let Avast do a boot-time scan tonight while you sleep just to be sure.  (Can take 6 or more hours.)
     
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     

     


    • 0

    #8
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    i will keep going with your previous post and i'll keep posting the logs as i get them. FF is starting up nice and crisp now, before we started it was taking several minutes to start and sometimes would not come up even though it was listed in the running processes.

     

    Microsoft Windows [Version 6.1.7601]
    Copyright © 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\the Hoff>sfc  /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    C:\Users\the Hoff>


    • 0

    #9
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 12/01/2015 11:18:07 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 13/01/2015 1:58:32 AM
    Type: Error Category: 0
    Event: 7006 Source: Service Control Manager
    The ScRegSetValueExW call failed for Type with the following error:  Access is denied.

    Log: 'System' Date/Time: 13/01/2015 1:57:05 AM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

    Log: 'System' Date/Time: 13/01/2015 1:55:29 AM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 13/01/2015 1:57:15 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&8&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#18E3312D81B&1#.
     


    • 0

    #10
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 12/01/2015 11:21:36 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    Advertisements


    #11
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    90.06    0 K    24 K    0            
    firefox.exe    2.50    283,724 K    288,140 K    4012    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    WmiPrvSE.exe    2.12    6,372 K    11,156 K    4256    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    procexp64.exe    1.86    37,104 K    60,252 K    1156    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
    dwm.exe    1.13    37,028 K    40,848 K    1576    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
    Interrupts    0.75    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    CursorFX.exe    0.39    4,156 K    5,388 K    1004    CursorFX    Stardock Corporation    (No signature was present in the subject) Stardock Corporation
    System    0.35    336 K    7,128 K    4            
    svchost.exe    0.12    23,648 K    40,920 K    348    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.12    4,928 K    9,756 K    724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    AvastSvc.exe    0.09    70,740 K    42,480 K    1180    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
    Plex Media Server.exe    0.08    24,368 K    25,344 K    2104    Plex Media Server    Plex, Inc.    (Verified) Plex
    explorer.exe    0.07    54,048 K    82,984 K    1640    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
    csrss.exe    0.07    3,588 K    14,236 K    516    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    Seagate.Dashboard.Uploader.exe    0.07    25,016 K    37,160 K    2076    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
    PlexScriptHost.exe    0.04    28,040 K    33,004 K    2560    Python    Python Software Foundation    (Verified) Plex
    iPodService.exe    0.03    2,772 K    6,996 K    3444    iPodService Module (64-bit)    Apple Inc.    (Verified) Apple Inc.
    ActualMultipleMonitorsCenter.exe    0.03    7,116 K    2,220 K    1960    Actual Multiple Monitors    Actual Tools    (The digital signature of the object did not verify) Actual Tools
    svchost.exe    0.02    7,652 K    13,524 K    1556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.02    13,380 K    16,268 K    3680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    lsass.exe    0.01    5,484 K    13,244 K    564    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
    AppleMobileDeviceService.exe    0.01    3,496 K    9,800 K    2012    YSLoader.exe    Apple Inc.    (Verified) Apple Inc.
    lsm.exe    0.01    2,716 K    4,464 K    572    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
    PlexDlnaServer.exe    0.01    5,724 K    10,172 K    4356    Plex Media Server DLNA Service    Plex, Inc.    (Verified) Plex
    avastui.exe    < 0.01    15,764 K    24,996 K    2524    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
    EvernoteClipper.exe    < 0.01    2,332 K    7,648 K    2200    Evernote Clipper    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    (Verified) EVERNOTE CORPORATION
    ipoint.exe    < 0.01    9,344 K    3,256 K    1680    IPoint.exe    Microsoft Corporation    (Verified) Microsoft Corporation
    svchost.exe    < 0.01    21,752 K    28,916 K    124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    < 0.01    15,492 K    16,072 K    1092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    csrss.exe    < 0.01    3,120 K    5,044 K    404    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    ActualMultipleMonitorsShellCenter64.exe    < 0.01    9,348 K    1,300 K    2848    Actual Multiple Monitors    Actual Tools    (Verified) Actual Tools
    SearchIndexer.exe    < 0.01    42,476 K    27,764 K    3488    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
    itype.exe    < 0.01    9,632 K    2,720 K    1688    IType.exe    Microsoft Corporation    (Verified) Microsoft Corporation
    DBAgent.exe    < 0.01    7,792 K    19,880 K    2864    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
    AvastVBoxSVC.exe    < 0.01    4,344 K    10,672 K    5012    AvastVirtualBox Interface    Avast Software    (Verified) AVAST Software a.s.
    iTunesHelper.exe    < 0.01    4,708 K    12,916 K    2872    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
    svchost.exe    < 0.01    41,740 K    25,268 K    3140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    spoolsv.exe    < 0.01    8,020 K    14,960 K    1440    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
    PhotoshopElementsFileAgent.exe    < 0.01    2,696 K    1,164 K    1936    Adobe Photoshop Elements 10.0 (component)    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
    svchost.exe    < 0.01    208,496 K    217,632 K    976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    KHALMNPR.exe    < 0.01    10,920 K    16,076 K    2320    Logitech KHAL Main Process    Logitech, Inc.    (Verified) Logitech
    WUDFHost.exe        2,264 K    6,272 K    2968    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
    wmpnetwk.exe        27,152 K    14,904 K    3996    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
    WmiPrvSE.exe        2,856 K    6,508 K    3328    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    winlogon.exe        3,528 K    8,060 K    692    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
    wininit.exe        1,680 K    4,612 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
    unsecapp.exe        5,192 K    9,132 K    4988    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
    taskhost.exe        7,016 K    12,744 K    1476    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
    taskeng.exe        5,328 K    9,840 K    1616    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,656 K    8,296 K    820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        20,940 K    24,392 K    940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,548 K    5,676 K    804    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        13,648 K    14,832 K    1752    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,056 K    5,676 K    2908    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    SSScheduler.exe        3,688 K    9,900 K    2164    McAfee Security Scanner Scheduler    McAfee, Inc.    (Verified) McAfee
    SpotifyWebHelper.exe        2,884 K    8,080 K    2068    SpotifyWebHelper    Spotify Ltd    (Verified) Spotify AB
    smss.exe        548 K    1,184 K    316    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
    SetPoint.exe        10,512 K    20,588 K    1412    Logitech SetPoint Event Manager (UNICODE)    Logitech, Inc.    (Verified) Logitech
    services.exe        5,588 K    9,248 K    544    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
    procexp.exe        2,320 K    7,324 K    3788    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    ngservice.exe        1,360 K    3,560 K    4180    avast! NG service    AVAST Software    (Verified) AVAST Software a.s.
    mDNSResponder.exe        2,952 K    6,084 K    1284    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
    jusched.exe        1,244 K    4,560 K    2856    Java™ Update Scheduler    Oracle Corporation    (Verified) Oracle America
    Dropbox.exe        72,252 K    94,460 K    2172    Dropbox    Dropbox, Inc.    (Verified) Dropbox
    conhost.exe        4,496 K    8,060 K    2132    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
    atiesrxx.exe        1,872 K    4,624 K    880    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe        2,560 K    6,720 K    1196    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
    ActualMultipleMonitorsCenter64.exe        4,484 K    6,988 K    2504    Actual Multiple Monitors    Actual Tools    (Verified) Actual Tools
     


    • 0

    #12
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    it's timing out trying to post the Speccy log so i'm attaching it.

    *edit - i got through all the instructions and then missed the part where you said to attach it... :D

    i'm going to bed, but i will continue with your next post tomorrow.

    Attached Files


    Edited by bbj, 13 January 2015 - 01:47 AM.

    • 0

    #13
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    i saw that the Avast scan might take a while so i'm going to get to that part and then go to bed.

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
    Ran by the Hoff at 2015-01-13 00:16:41 Run:1
    Running from C:\Users\the Hoff\Desktop
    Loaded Profile: the Hoff (Available profiles: the Hoff)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f} - H:\TL_Bootstrap.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {912af8cb-85b2-11e3-8d84-bcaec54f1b9f} - L:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} - K:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} - H:\VZW_Software_upgrade_assistant.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL =
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    C:\Users\the Hoff\AppData\Local\Temp\ammemb.dll
    C:\Users\the Hoff\AppData\Local\Temp\ammemb64.dll
    C:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3w5yh8.dll
    C:\Users\the Hoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\the Hoff\AppData\Local\Temp\Quarantine.exe
    C:\Users\the Hoff\AppData\Local\Temp\sqlite3.dll


    *****************

    "HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f}" => Key deleted successfully.
    HKCR\CLSID\{64406a3d-ca9a-11e3-bd2c-bcaec54f1b9f} => Key not found.
    "HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f}" => Key deleted successfully.
    HKCR\CLSID\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f} => Key not found.
    "HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}" => Key deleted successfully.
    HKCR\CLSID\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} => Key not found.
    "HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}" => Key deleted successfully.
    HKCR\CLSID\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} => Key not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5807584B-75B6-465D-88B0-3C4AC684276C}" => Key deleted successfully.
    HKCR\CLSID\{5807584B-75B6-465D-88B0-3C4AC684276C} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{AF949550-9094-4807-95EC-D1C317803333}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2" => Key deleted successfully.
    C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2" => Key deleted successfully.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
    C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
    McComponentHostService => Service not found.
    C:\Users\the Hoff\AppData\Local\Temp\ammemb.dll => Moved successfully.
    C:\Users\the Hoff\AppData\Local\Temp\ammemb64.dll => Moved successfully.
    "C:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3w5yh8.dll" => File/Directory not found.
    C:\Users\the Hoff\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
    C:\Users\the Hoff\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\the Hoff\AppData\Local\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog 00:16:42 ====


    • 0

    #14
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by the Hoff (administrator) on THEHOFF-PC on 13-01-2015 00:20:20
    Running from C:\Users\the Hoff\Desktop
    Loaded Profile: the Hoff (Available profiles: the Hoff)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Stardock Corporation) C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
    (Spotify Ltd) C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Dropbox, Inc.) C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\avastui.exe
    (Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Avast Software) C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\[]TOOLS[]\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    (Mozilla Corporation) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1782576 2013-09-19] (Actual Tools)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Spotify Web Helper] => C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-27] (Spotify Ltd)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoLogOff] 0
    Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
    HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
    SearchScopes: HKLM -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default
    FF Homepage: chrome://fastdial/content/fastdial.html
    FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=1.1.7 -> C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: @citrixonline.com/appdetectorplugin -> C:\Users\the Hoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
    FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\mycroft-project.xml
    FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\youtube.xml
    FF Extension: CLEO - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2014-07-10]
    FF Extension: Fast Dial - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2014-09-24]
    FF Extension: No Name - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-03]
    FF Extension: Flashblock - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
    FF Extension: FEBE - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-08]
    FF Extension: Aquatint Slate - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{526fd696-27a0-11dc-8314-0800200c9a66} [2011-03-03]
    FF Extension: Aquatint Black - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2011-03-03]
    FF Extension: Noia 2.0 (eXtreme) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-03-09]
    FF Extension: DownloadHelper - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
    FF Extension: Gradient iBlu - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66} [2011-03-03]
    FF Extension: Gradient iCool - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2011-03-03]
    FF Extension: Webmail Ad Blocker - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
    FF Extension: QuickDrag - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2012-03-30]
    FF Extension: Restartless Restart - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
    FF Extension: Thumbnail Zoom Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
    FF Extension: Undo Closed Tabs Button - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
    FF Extension: Session Manager - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-03]
    FF Extension: Image Zoom - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-15]
    FF Extension: Nuke Anything Enhanced - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2014-10-19]
    FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2011-06-26]
    FF Extension: Unhide Passwords - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-06-07]
    FF Extension: Text Link - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2012-12-29]
    FF Extension: Gmail Manager - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2011-09-17]
    FF Extension: SmoothWheel (mozdev.org) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
    FF Extension: Adblock Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
    FF Extension: MileWideBack - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}.xpi [2011-10-16]
    FF Extension: DownThemAll! - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-06-26]
    FF Extension: Greasemonkey - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF [2011-03-03]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-12]
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Profile: C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
    CHR Extension: (Avast Online Security) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-12]
    CHR Extension: (Google Wallet) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
    CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEHOF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
    R2 avast! Antivirus; C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
    S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
    R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
    U4 VBoxAswDrv; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
    S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 00:20 - 2015-01-13 00:20 - 00023612 _____ () C:\Users\the Hoff\Desktop\FRST.txt
    2015-01-12 23:22 - 2015-01-12 23:23 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\the Hoff\Desktop\procexp.exe
    2015-01-12 23:15 - 2015-01-12 23:15 - 00061440 _____ ( ) C:\Users\the Hoff\Desktop\VEW.exe
    2015-01-12 17:49 - 2015-01-13 00:20 - 00000000 ____D () C:\FRST
    2015-01-12 17:47 - 2015-01-12 17:47 - 02124288 _____ (Farbar) C:\Users\the Hoff\Desktop\FRST64.exe
    2015-01-12 17:13 - 2015-01-12 17:13 - 00000000 ____D () C:\windows\ERUNT
    2015-01-12 17:10 - 2015-01-12 17:10 - 01707939 _____ (Thisisu) C:\Users\the Hoff\Desktop\JRT.exe
    2015-01-12 15:46 - 2015-01-12 16:52 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 15:37 - 2015-01-12 15:37 - 02191360 _____ () C:\Users\the Hoff\Desktop\AdwCleaner.exe
    2015-01-09 21:59 - 2015-01-09 22:00 - 00000000 ____D () C:\Users\the Hoff\Desktop\clutter
    2015-01-09 19:16 - 2015-01-09 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\the Hoff\Desktop\OTL.exe
    2015-01-02 11:13 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-02 11:13 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2015-01-02 11:13 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2015-01-02 11:10 - 2015-01-02 11:13 - 00004876 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
    2014-12-26 17:07 - 2014-12-26 17:12 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Plex Media Server
    2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-12-26 17:04 - 2014-12-26 17:04 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-12-26 17:03 - 2014-12-26 17:03 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-12-26 16:58 - 2014-12-26 17:01 - 86795776 _____ (Plex, Inc.) C:\Users\the Hoff\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe
    2014-12-18 12:54 - 2014-12-18 12:59 - 00000000 ____D () C:\Users\the Hoff\Desktop\Pictures off Mandy's phone 12-18-2014
    2014-12-18 12:53 - 2014-12-18 12:53 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\VERIZON
    2014-12-18 12:53 - 2014-12-18 12:53 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
    2014-12-17 12:51 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-17 12:51 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-15 11:10 - 2015-01-13 00:17 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
    2014-12-15 11:10 - 2015-01-12 20:24 - 00003584 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001
    2014-12-15 11:10 - 2014-12-15 11:10 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-12-15 11:09 - 2014-12-15 11:09 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Citrix
    2014-12-15 11:02 - 2014-12-15 11:02 - 00298040 _____ (Citrix Online) C:\Users\the Hoff\Desktop\GoToWebinar Launcher.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 00:08 - 2014-01-20 18:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-13 00:00 - 2012-04-21 10:07 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2015-01-12 23:59 - 2011-06-27 16:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-01-12 23:57 - 2012-04-20 17:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2015-01-12 23:56 - 2012-02-20 14:35 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 18:18 - 2013-10-01 12:45 - 01600058 _____ () C:\windows\WindowsUpdate.log
    2015-01-12 18:07 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 18:07 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 17:57 - 2011-03-04 10:14 - 00000000 ___RD () C:\Users\the Hoff\Dropbox
    2015-01-12 17:57 - 2011-03-04 10:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Dropbox
    2015-01-12 17:56 - 2014-11-03 23:53 - 00096508 _____ () C:\windows\setupact.log
    2015-01-12 17:56 - 2012-02-20 14:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 17:56 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-12 16:57 - 2012-07-05 05:19 - 00004172 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-01-12 16:53 - 2014-11-19 03:20 - 00027658 _____ () C:\windows\PFRO.log
    2015-01-12 15:38 - 2011-06-30 20:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Adobe
    2015-01-09 22:00 - 2011-03-03 16:00 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\TeraCopy
    2015-01-06 08:17 - 2009-07-13 21:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-01-06 04:36 - 2011-03-03 12:16 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2015-01-03 21:59 - 2011-04-01 21:28 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\vlc
    2015-01-03 21:58 - 2013-01-24 19:05 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\HandBrake
    2015-01-02 11:13 - 2013-09-19 17:08 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-01 13:22 - 2014-08-24 11:34 - 00000000 ____D () C:\Users\the Hoff\Desktop\Norwex stuff
    2014-12-29 19:51 - 2011-03-04 12:47 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\CrashDumps
    2014-12-21 10:27 - 2013-03-23 19:14 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Spotify
    2014-12-19 14:06 - 2013-03-23 19:16 - 00000000 ____D () C:\Users\the Hoff\AppData\Local\Spotify
    2014-12-18 12:26 - 2013-09-19 17:19 - 00000000 ____D () C:\Program Files (x86)\Windows 7 Logon Background Changer
    2014-12-16 22:03 - 2011-03-04 10:11 - 00000000 ____D () C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    Some content of TEMP:
    ====================
    C:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpridesf.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 00:55

    ==================== End Of Log ============================


    • 0

    #15
    bbj

    bbj

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by the Hoff at 2015-01-13 00:20:54
    Running from C:\Users\the Hoff\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
    Actual Multiple Monitors 8.0 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0 - Actual Tools)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Aleks 3.14 (HKLM-x32\...\Aleks 3.14) (Version:  - )
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{897BE4A7-682B-7375-BBAF-05A44FC2B524}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
    Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM-x32\...\{09076BCB-56D7-483C-969E-1723E9FC3F4E}) (Version: 1.32.0 - Kovid Goyal)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
    Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
    Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
    Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
    CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
    CursorFX (HKLM-x32\...\CursorFX) (Version:  - Stardock Corporation)
    CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
    dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version:  - )
    dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
    dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version:  - )
    dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
    dBpoweramp CLI Encoder (HKLM-x32\...\dBpoweramp CLI Encoder) (Version:  - )
    dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version:  - )
    dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version:  - )
    dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
    dBpoweramp m4a Utilities (HKLM-x32\...\dBpoweramp m4a Utilities) (Version:  - )
    dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
    dBpoweramp Mp2 and BwfMp2 codec (HKLM-x32\...\dBpoweramp Mp2 and BwfMp2 codec) (Version:  - )
    dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2 (v4.0.3) - Illustrate)
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
    dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version:  - )
    dBpoweramp Real Audio (Helix) Encoder (HKLM-x32\...\dBpoweramp Real Audio (Helix) Encoder) (Version:  - )
    dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version:  - )
    dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version:  - )
    dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version:  - )
    dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
    Dropbox (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    DVDFab 8.0.6.1 (18/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
    FLV.com FLV Converter 4.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-997AF4905D9C}) (Version: 4.7 - GreenTree Applications SRL)
    GetDiz 4.5 (HKLM-x32\...\GetDiz 4.5) (Version: 4.5 - Outertech)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
    HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    JumpStart Languages (HKLM-x32\...\JumpStart Languages) (Version:  - )
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.19.2900 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
    Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Revo Uninstaller 1.91 (HKLM-x32\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
    Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.42.0 - Seagate)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Spotify (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
    WTS3_iLGs (HKLM-x32\...\com.wwnorton.WTS3-iLGs) (Version: 1.0 - UNKNOWN)
    WTS3_iLGs (x32 Version: 1.0 - UNKNOWN) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    13-11-2014 03:00:45 Windows Update
    17-11-2014 12:04:03 avast! antivirus system restore point
    18-11-2014 03:03:12 Windows Update
    19-11-2014 03:00:14 Windows Update
    25-11-2014 09:22:36 Windows Update
    02-12-2014 02:25:19 Windows Update
    09-12-2014 02:25:52 Windows Update
    10-12-2014 03:00:28 Windows Update
    12-12-2014 03:00:32 Windows Update
    16-12-2014 16:55:10 Windows Update
    18-12-2014 03:00:29 Windows Update
    23-12-2014 10:06:28 Windows Update
    26-12-2014 17:02:22 Plex Media Server
    26-12-2014 17:08:38 Windows Update
    30-12-2014 03:51:39 Windows Update
    02-01-2015 11:09:08 Installed Java 7 Update 71
    02-01-2015 11:09:38 Windows Update
    06-01-2015 08:30:47 Windows Update
    09-01-2015 19:17:39 Windows Update
    12-01-2015 23:50:32 Revo Uninstaller's restore point - Adobe Flash Player 15 ActiveX
    12-01-2015 23:55:01 Revo Uninstaller's restore point - Adobe Download Assistant
    12-01-2015 23:55:21 Removed Adobe Download Assistant
    12-01-2015 23:57:40 Revo Uninstaller's restore point - Adobe Community Help
    12-01-2015 23:58:12 Removed Adobe Community Help
    13-01-2015 00:01:16 Revo Uninstaller's restore point - Adobe Flash Player 16 NPAPI
    13-01-2015 00:04:28 Revo Uninstaller's restore point - Java 7 Update 71
    13-01-2015 00:04:49 Removed Java 7 Update 71

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2013-09-25 12:25 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {12A83DF3-8D6F-40A3-AFA4-6E482BCE9251} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {184FC201-EE9F-4ACB-A34E-F93250F8FD28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {1C1C81DE-1C20-4FED-87BC-0BD2A164D4D7} - System32\Tasks\the Hoff DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-10-18] (Seagate Technology LLC)
    Task: {1F9CEEF6-10E4-4D92-AF84-A12B38C19986} - System32\Tasks\the Hoff Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
    Task: {31850D9E-F66E-488F-86FD-5319445DAD99} - System32\Tasks\avast! Emergency Update => C:\Program Files\[]TOOLS[]\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
    Task: {37C24772-6096-4852-9F2F-9BD112FA9BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
    Task: {3E75F997-9576-46F1-9FD6-B72B45C280DB} - System32\Tasks\AdobeAAMUpdater-1.0-theHoff-PC-the Hoff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {61D5FAE9-2E2B-44D5-9798-B660CA7647A1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-10-18] (Seagate Technology LLC)
    Task: {6CA54804-74C3-4865-AE4C-E14A575CAE65} - System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2185\g2mupdate.exe [2015-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6CC22947-C959-4F4A-9C1A-4694BE0AB57C} - System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => pcalua.exe -a C:\Windows\UnJSLang.exe -d C:\windows
    Task: {75EF693D-DEFD-46D3-8E23-AC2048A07FF6} - System32\Tasks\the Hoff => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
    Task: {99BF1AB0-AF5C-47C5-9E0D-217DE75D449E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {A942DC52-D8BA-424C-A4D6-090C17D4E6EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B527F042-33F2-4252-8A9B-3D7149FAAE8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {C07B0ED4-21B5-4B66-9E4C-E9583ECC7ED0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {F0B83D53-FF5B-4C96-9CBD-69A98104A1EF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {FEEBFBA3-7517-48F0-9623-3922637009F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2185\g2mupdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-03-03 15:36 - 2009-06-21 07:52 - 00318976 _____ () C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll
    2014-11-17 12:08 - 2014-11-17 12:08 - 00388208 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxDDU.dll
    2014-11-17 12:08 - 2014-11-17 12:08 - 05851328 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\VBoxRT.dll
    2015-01-12 15:34 - 2015-01-12 15:34 - 02909696 _____ () C:\Program Files\[]TOOLS[]\Avast\defs\15011201\algo.dll
    2014-11-17 12:09 - 2014-11-17 12:09 - 04495336 _____ () C:\Program Files\[]TOOLS[]\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-12 23:34 - 2015-01-12 23:34 - 02909696 _____ () C:\Program Files\[]TOOLS[]\Avast\defs\15011300\algo.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-03-23 06:17 - 2010-03-23 06:17 - 00059904 _____ () C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-12 17:57 - 2015-01-12 17:57 - 00043008 _____ () c:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpridesf.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2014-11-17 12:10 - 2014-11-17 12:10 - 38562088 _____ () C:\Program Files\[]TOOLS[]\Avast\libcef.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2014-12-02 13:53 - 2014-12-02 13:53 - 03758192 _____ () C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\[]TOOLS[]\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\[]TOOLS[]\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Spotify => "C:\Users\the Hoff\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: VMM Mode Selection => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3472861432-3466800176-631802751-500 - Administrator - Disabled)
    Guest (S-1-5-21-3472861432-3466800176-631802751-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3472861432-3466800176-631802751-1006 - Limited - Enabled)
    the Hoff (S-1-5-21-3472861432-3466800176-631802751-1001 - Administrator - Enabled) => C:\Users\the Hoff

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (01/12/2015 05:58:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error: (01/12/2015 05:57:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

    Error: (01/12/2015 05:55:29 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Phenom™ II X4 955 Processor
    Percentage of memory in use: 33%
    Total physical RAM: 7934.18 MB
    Available physical RAM: 5238.23 MB
    Total Pagefile: 15866.53 MB
    Available Pagefile: 13231.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:346.52 GB) NTFS
    Drive d: (My DVD) (CDROM) (Total:4.23 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP