Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: Not sure what's wrong.

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default Not sure what's wrong.

    20150212_162213.jpg20150212_162200.jpgI ran spybot and there were no issues. When my computer starts there are two dll errors which come up. The issue I am having is when I get to certain sites and need to log in there is sometimes a 2 to 3 minute delay. I have checked internet connection which is fine. I am sure something has affected these dll's.aswMBR.txtFRST.txtAddition.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 01
    Ran by Owner (administrator) on OWNER-PC on 11-02-2015 11:52:24
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available profiles: Owner)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
    (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    () C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    (Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (OpenOffice.org) C:\Program Files\program\soffice.exe
    (OpenOffice.org) C:\Program Files\program\soffice.bin
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] => "C:\windows\system32\thpsrv" /logon
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
    HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [214328 2009-09-02] ()
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
    HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
    HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [33352 2009-07-17] (ATT)
    HKLM\...\Run: [Toshiba DetectAC Utility] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe [221184 2010-08-18] ()
    HKLM\...\Run: [Toshiba DetectAC Utility1] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe [266240 2010-08-03] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
    HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-31] (Google Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA
    SearchScopes: HKLM -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default
    FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\Trademanager\npwangwang.dll ( )
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: NetDvr_Plugins -> C:\Program Files\NetDvr\Plugins\npDvr.dll (DVR)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: {@alibaba.com/alisetup;version=1.0} -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
    FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml
    FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
    FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
    FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
    FF Extension: Test Pilot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-01-22]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-23]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-17]
    FF HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
    CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
    CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
    CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-07-15] (SmithMicro Inc.)
    S3 CAATT; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-07-15] (SmithMicro Inc.)
    R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
    R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-05] (Nitro PDF Software)
    S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [69632 2008-12-09] (Sophos Plc) [File not signed]
    R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [98304 2008-12-09] (Sophos Plc) [File not signed]
    R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
    R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
    S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
    R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
    R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH)
    R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
    R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
    R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
    R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2012-03-14] (ESET)
    R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2012-03-14] (ESET)
    S3 GT72NDISIPXP; C:\windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
    S3 GT72UBUS; C:\windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
    S3 GTPTSER; C:\windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
    S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2014-12-06] ()
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
    R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
    S3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-13] (Realtek Semiconductor Corporation )
    R1 SAVOnAccess; C:\windows\System32\DRIVERS\savonaccess.sys [85312 2008-07-18] (Sophos Plc) [File not signed]
    S4 SophosBootDriver; C:\windows\System32\DRIVERS\SophosBootDriver.sys [20288 2008-05-23] (Sophos Plc) [File not signed]
    R3 swmsflt; C:\windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
    R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
    S4 LMIRfsClientNP; No ImagePath
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-11 11:52 - 2015-02-11 11:54 - 00028402 _____ () C:\Users\Owner\Desktop\FRST.txt
    2015-02-11 11:48 - 2015-02-11 11:52 - 00000000 ____D () C:\FRST
    2015-02-11 11:47 - 2015-02-11 11:47 - 00000207 _____ () C:\windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(32-bit).dat
    2015-02-11 11:43 - 2015-02-11 11:43 - 01124864 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
    2015-02-11 11:40 - 2015-02-11 11:40 - 00000000 ____D () C:\RegBackup
    2015-02-11 11:37 - 2015-02-11 11:37 - 04804736 _____ () C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
    2015-02-11 11:36 - 2015-02-11 11:36 - 04804736 _____ () C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
    2015-02-11 11:34 - 2015-02-11 11:38 - 00002156 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Documents\rptEmployee_Sales_Summary.txt
    2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Desktop\rptEmployee_Sales_Summary.txt
    2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
    2015-02-08 09:37 - 2015-02-06 17:10 - 40423424 _____ () C:\Users\Owner\Desktop\SSM_BackupSaturday.ADB
    2015-02-02 15:41 - 2015-02-02 15:41 - 00162976 _____ () C:\Users\Owner\Documents\Online Bill Payment.mht
    2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
    2015-02-02 14:48 - 2015-02-02 15:39 - 00000098 ____H () C:\Users\Owner\Documents\.~lock.password.odt#
    2015-01-22 16:56 - 2015-01-20 18:42 - 40093696 _____ () C:\Users\Owner\Desktop\SSM_BackupWednesday.ADB
    2015-01-13 22:31 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-13 22:31 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2015-01-13 22:31 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-13 22:31 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-13 22:30 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-13 22:30 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-11 11:34 - 2012-11-28 13:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job
    2015-02-11 11:32 - 2012-10-27 17:25 - 01964450 _____ () C:\windows\WindowsUpdate.log
    2015-02-11 11:26 - 2012-11-28 13:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job
    2015-02-11 11:25 - 2012-10-27 17:23 - 00071462 _____ () C:\windows\setupact.log
    2015-02-11 11:24 - 2012-04-05 16:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-11 11:24 - 2011-10-26 15:32 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-02-11 11:24 - 2010-02-07 08:15 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-09 12:19 - 2011-04-26 21:34 - 00000000 ____D () C:\Salon
    2015-02-04 13:35 - 2010-02-07 08:15 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-03 14:46 - 2014-01-25 15:14 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-02-03 14:46 - 2014-01-25 15:14 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-02-03 14:46 - 2013-01-26 15:22 - 00086912 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00085864 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00031592 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-02-02 21:30 - 2011-03-31 16:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
    2015-02-02 15:39 - 2013-02-09 00:19 - 00026829 _____ () C:\Users\Owner\Documents\password.odt
    2015-01-23 17:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-23 17:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 17:08 - 2011-08-28 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
    2015-01-22 17:07 - 2011-08-28 09:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
    2015-01-22 17:04 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-14 03:31 - 2009-08-31 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-01-14 03:13 - 2013-08-16 06:59 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-14 03:01 - 2009-10-23 11:45 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
    2011-01-04 20:35 - 2011-01-04 20:35 - 0057649 _____ () C:\Program Files\eula.rtf
    2012-08-13 09:57 - 2012-08-13 09:57 - 0012927 _____ () C:\Program Files\readme.html
    2012-08-13 09:57 - 2012-08-13 09:57 - 0012558 _____ () C:\Program Files\readme.txt
    2012-10-25 12:15 - 2012-12-19 15:44 - 0106623 _____ () C:\Users\Owner\AppData\Roaming\iQmetrixErrorLog.txt
    2009-10-28 19:57 - 2012-10-24 10:06 - 0000792 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2011-06-17 22:30 - 2014-12-03 17:00 - 0130511 _____ () C:\Users\Owner\AppData\Local\ars.cache
    2011-06-17 22:30 - 2014-12-03 17:00 - 0522804 _____ () C:\Users\Owner\AppData\Local\census.cache
    2010-08-12 10:03 - 2012-05-24 13:53 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-05-19 11:55 - 2010-05-19 11:55 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
    2014-12-03 16:49 - 2014-12-03 16:49 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
    2013-02-23 13:49 - 2013-02-23 14:00 - 0000808 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplboaik.dll
    C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-03 00:46

    ==================== End Of Log ============================
    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-02-15 17:33:09
    -----------------------------
    17:33:09.453 OS Version: Windows 6.1.7601 Service Pack 1
    17:33:09.454 Number of processors: 2 586 0x170A
    17:33:09.456 ComputerName: OWNER-PC UserName: Owner
    17:33:14.882 Initialize success
    17:33:15.177 VM: initialized successfully
    17:33:15.180 VM: Intel CPU virtualization not supported
    17:35:43.434 AVAST engine defs: 15021501
    17:41:18.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:41:18.331 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
    17:41:18.468 Disk 0 MBR read successfully
    17:41:18.473 Disk 0 MBR scan
    17:41:18.553 Disk 0 Windows VISTA default MBR code
    17:41:18.558 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    17:41:18.566 Disk 0 default boot code
    17:41:18.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295617 MB offset 3074048
    17:41:18.646 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8127 MB offset 608497664
    17:41:18.691 Disk 0 scanning sectors +625141760
    17:41:18.886 Disk 0 scanning C:\windows\system32\drivers
    17:41:49.244 Service scanning
    17:42:54.412 Modules scanning
    17:42:54.425 Disk 0 trace - called modules:
    17:42:54.472 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
    17:42:54.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be2030]
    17:42:54.495 3 CLASSPNP.SYS[8b5ca59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x86be1030]
    17:42:54.505 5 thpdrv.sys[8b7d799f] -> nt!IofCallDriver -> [0x861b2308]
    17:42:54.515 7 ACPI.sys[8aec33d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x861b3028]
    17:42:55.530 AVAST engine scan C:\windows
    17:42:59.240 AVAST engine scan C:\windows\system32
    17:48:34.151 AVAST engine scan C:\windows\system32\drivers
    17:49:02.120 AVAST engine scan C:\Users\Owner
    18:38:26.691 AVAST engine scan C:\ProgramData
    18:44:44.534 Disk 0 statistics 4790880/0/0 @ 0.81 MB/s
    18:44:44.549 Scan finished successfully
    19:37:29.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    19:37:29.883 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
    19:37:31.023 Disk 0 MBR read successfully
    19:37:31.035 Disk 0 MBR scan
    19:37:31.050 Disk 0 Windows VISTA default MBR code
    19:37:31.112 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:37:31.339 Disk 0 default boot code
    19:37:31.409 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295617 MB offset 3074048
    19:37:31.477 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8127 MB offset 608497664
    19:37:31.944 Disk 0 scanning sectors +625141760
    19:37:32.561 Disk 0 scanning C:\windows\system32\drivers
    19:38:14.900 Service scanning
    19:39:10.436 Modules scanning
    19:39:10.456 Disk 0 trace - called modules:
    19:39:10.503 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll
    19:39:10.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be2030]
    19:39:10.526 3 CLASSPNP.SYS[8b5ca59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x86be1030]
    19:39:11.783 AVAST engine scan C:\windows
    19:39:56.824 AVAST engine scan C:\windows\system32
    19:49:18.899 AVAST engine scan C:\windows\system32\drivers
    19:49:41.845 AVAST engine scan C:\Users\Owner
    20:44:38.156 AVAST engine scan C:\ProgramData
    20:48:27.460 Disk 0 statistics 9581333/0/0 @ 0.73 MB/s
    20:48:27.495 Scan finished successfully
    22:01:47.618 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\comp repair\MBR.dat"
    22:01:47.632 The log file has been saved successfully to "C:\Users\Owner\Desktop\comp repair\aswMBR.txt"
    Last edited by tashi; 2015-02-16 at 05:29. Reason: Copy pasted logs into topic as per forum FAQ

  2. #2
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hello sewall, welcome to Safer Networking's Malware Removal forum!

    My name is Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that.

    ======================================================

    Please read through the points below to ensure this process moves asquickly and efficiently as possible.
    • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
    • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
    • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
    • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean".

    ======================================================

    Important: Please disable Spybot's Tea Timer. See here for instructions.

    STEP 1
    Revo Uninstaller
    • Please download and install Revo Uninstaller Free.
    • Double-click Revo Uninstaller to run the programme.
    • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.

      • Ask Toolbar Updater
      • Coupon Printer for Windows
      • Yahoo! Search Protection
      • Yahoo! Toolbar

    • Double-click the programme.
    • When prompted if you want to uninstall click Yes.
    • Ensure the Moderate option is selected and click Next.
    • The programme will run. If prompted again click Yes.
    • Once the built-in uninstaller is finished click Next.
    • Once the programme has searched for leftovers click Next.
    • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
    • When prompted click Yes, followed by Next.
    • Click Select all, followed by Delete.
    • When prompted click Yes, followed by Next.
    • Once done click Finish.


    STEP 2
    Farbar Recovery Scan Tool (FRST) Script
    • Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      start
      CreateRestorePoint:
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
      HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
      C:\Users\Owner\AppData\Local\AVworks
      HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
      C:\Users\Owner\AppData\Local\Ofpics
      SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
      BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
      Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
      Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
      Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
      Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
      FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
      FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
      FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
      CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
      CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
      CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
      CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]
      C:\Program Files\FreeHDSport.TV
      S4 LMIRfsClientNP; No ImagePath
      S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
      2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
      2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
      C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
      CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
      Task: {1D9A8049-0B43-4C68-ACE0-387A042E0500} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70980440.sys => ""="Driver"
      CMD: ipconfig /flushdns
      CMD: netsh int ipv4 reset
      EmptyTemp:
      end
    • Click File, Save As and type fixlist.txt as the File Name.
    • Important: The file must be saved in the same location as FRST.exe.

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
    • Right-Click FRST.exe and select Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.


    STEP 3
    Junkware Removal Tool (JRT)
    • Please download Junkware Removal Tool and save the file to your Desktop.
    • Create a System Restore Point. For instructions, please refer to the following link (W7).
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted.
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.


    STEP 4
    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


    ======================================================

    STEP 5
    Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • Did the programmes uninstall OK?
    • Fixlog.txt
    • JRT.txt
    • AdwCleaner[S0].txt
    Last edited by LiquidTension; 2015-02-16 at 11:01.
    Member of UNITE, and graduate from WTT.

  3. #3
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default results

    Disabling spybot' I could not disable misc locks. I am only have an admin login but was told I that admin rights were needed. With revo uninstaller the first two "ask toolbar" and "coupon printer" an error code appeared saying something like uninstaller code failed but the programs were uninstalled. Farbar recovery I could not open the notepad as requested , so I manually opened notepad and copied and pasted the requested script and put it in the same folder as requested. here are the requested logs.

    fixlog
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
    Ran by Owner at 2015-02-17 21:10:30 Run:1
    Running from C:\Users\Owner\Desktop\comp repair
    Loaded Profiles: Owner (Available profiles: Owner)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
    C:\Users\Owner\AppData\Local\AVworks
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
    C:\Users\Owner\AppData\Local\Ofpics
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
    BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
    Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
    FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
    FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
    CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
    CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
    CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
    CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]
    C:\Program Files\FreeHDSport.TV
    S4 LMIRfsClientNP; No ImagePath
    S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
    2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
    2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
    C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    Task: {1D9A8049-0B43-4C68-ACE0-387A042E0500} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70980440.sys => ""="Driver"
    CMD: ipconfig /flushdns
    CMD: netsh int ipv4 reset
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ofpics => value deleted successfully.
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVworks => value deleted successfully.
    C:\Users\Owner\AppData\Local\AVworks => Moved successfully.
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YkPack => value deleted successfully.
    C:\Users\Owner\AppData\Local\Ofpics => Moved successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3}" => Key deleted successfully.
    HKCR\CLSID\{D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}" => Key deleted successfully.
    HKCR\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
    HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
    HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => Key not found.
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} => value deleted successfully.
    HKCR\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} => Key not found.
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => value deleted successfully.
    HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv => Moved successfully.
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net => Moved successfully.
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi => Moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej directory not found.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf directory not found.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn" => Key deleted successfully.
    "C:\Program Files\FreeHDSport.TV" => File/Directory not found.
    LMIRfsClientNP => Service deleted successfully.
    RSUSBSTOR => Service deleted successfully.
    C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB} => Moved successfully.
    C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC} => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe => Moved successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9A8049-0B43-4C68-ACE0-387A042E0500}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9A8049-0B43-4C68-ACE0-387A042E0500}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\70980440.sys" => Key deleted successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Global, OK!
    Reseting Interface, OK!
    Reseting Unicast Address, OK!
    Reseting Route, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========

    EmptyTemp: => Removed 5.8 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 21:14:19 ====


    jrt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x86
    Ran by Owner on Tue 02/17/2015 at 21:25:52.37
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_power-mixer[1]_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_power-mixer[1]_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
    Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



    ~~~ Files

    Successfully deleted: [File] "C:\windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\billeo"
    Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{001A7E56-B27B-495D-BDB7-91EBCFD82723}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{012D102C-D5A0-444D-BFA6-7D62125DE616}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{01BA07D7-6692-452D-98BC-38EF4DA504B4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0246BBFA-C68F-42D5-A791-2509F70C4156}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{031FF23D-496D-4642-AD06-0E26BC8D31CB}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{04DA626B-0C72-4E12-BE27-1ADB9138884B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{06B08780-D0B8-4077-A0FC-46F7AA66C137}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{09E842B0-1DD0-42D5-AA53-860D3FD164CE}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0A085D58-F005-4A88-9372-D1FE368A22FA}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0D58C62E-2033-45FF-818B-D7DAED89B0B4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0DF27042-BDF6-415B-A659-D4754ED91946}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0E05A60C-C864-4E58-A583-DEAF7672743C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{10C8E6A2-696F-4353-A2C5-DBB407E325C7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{10EECF89-FDCA-4673-A44F-B1D8F5B11A5F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{11CBD1FB-36CA-4511-82B9-31E7A280BA51}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14020C94-0FC7-43B4-B3E6-70404802E489}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14F44474-1335-4777-AEB5-72E33323FF6F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{179611A8-6BC4-4014-8145-B95933C74713}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1887FC0A-0CCD-4A55-995B-094894ADBF0F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1B4C699B-1C8B-4C82-A3DE-1BCCDB8B7D74}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1E10F11E-4A24-42BB-AFBE-CFEDE40529A6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1EABA6A8-75A7-4981-8A9E-A45342AE24F0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{228ED573-8FA3-425C-8190-BA6B22714C42}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{22BF9738-6A16-4267-B00B-4FB58647782B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2672393C-E213-4E50-AE9D-E9A20E6C8418}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2739861C-9365-4091-B0C7-C1CF1E63AD2A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{297BAA65-2742-4F80-8853-341F72C9B546}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{29E87534-7504-43D1-9E79-DD83086F57F7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2ACB9AD2-94D7-412F-81D6-DA6E60F2A496}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2CBCD7F6-845F-47EA-BAEF-18DB325A42C5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D0B905F-ACDE-4430-995F-B926D3C8D3E3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2E24F62A-7EA2-4474-AAA0-F9050C9765F8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{30070DBA-81AE-4B2D-A68D-E676EC869EB6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36772568-3422-44D4-8F1B-01C3C1238E46}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36FA55E8-07DE-4235-8B3F-76399516BFD6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{385C44AA-E95C-42B9-B052-53D7CF622CA4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{39862A29-6324-4B94-88FB-D14FD933F745}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{39F54E47-C80E-48EA-A8B2-294A62DD887D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3CC3F1B3-4D18-46F3-976C-D7838CBC6E99}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3D9D7AB5-9178-4FCC-B025-A5BFF31055DA}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{41F013C4-74EB-47EE-94DF-22B9D321CE2C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{42ADC149-C197-43CA-97B3-6FF8069B630F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{453BF278-0800-4DFF-9444-37CA105348D0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{453E7D4C-5571-4CCF-A734-C75CDCEFC418}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{46DFBBAF-5947-4A5E-90C8-A6401BCFA4E9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{48DDFF4F-9A37-4575-8C8E-BABCA0C520DF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4A1C44FE-EE90-4B50-A782-1EFED244A1B4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4B04F3A2-CCB1-41B1-8909-5008C1F5B0B0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4DD301B7-471F-4B8F-8D32-7C6FF6F82E5E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4DFED509-7F45-45D4-949E-F00E83AC25ED}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4F725308-F144-4511-BB81-7ABA095CB6ED}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{52BB6B5D-120D-4D72-87AF-77238CFAE863}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{56A6802A-FB43-4B00-A9E2-75735340F50F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{59AE93A3-A825-4C85-AF86-0908FEB11C17}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5AFF9CFE-F124-4DF1-A2E1-7AA67B10B88C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5BAB9129-9C68-409B-927D-2A051DC10317}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5CE0D68C-8FCB-4D18-AB31-ED61AF60A6C1}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5F8A6DF9-2F5A-4570-AE33-8F0134A8E1E5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{61272315-72D8-456B-AFEE-2115CFB9C6C1}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{642E4F2B-1973-4685-A936-8DF35A09CBC4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{66150DA1-9324-4D72-9A62-3A740A75B390}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{666B5647-5672-49E4-82BB-55B7D67C4477}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6AD53552-E731-42FF-BDC5-6FE0DE9FB1F0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6B191835-D995-48B5-A3E6-63C5153B282A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6B336146-8B82-426D-875D-EE05896C7A76}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6BDF375A-19C8-495B-A970-9E771078ACDD}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6FC4D5C7-0AE0-4A29-B339-E4418C90E7AF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{728CEB4E-4F49-4598-B56D-FDA73EF45FE9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{730A6ACA-2385-48BB-BCE9-A334418582DE}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{74B11824-9015-45F7-91FC-E4E756B6F523}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{76A09623-F2F7-45D5-B0F7-03741B46FF0E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{76C6E69D-C63A-4768-A68B-E47E0E811E1D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{78401CD4-FE0F-4BBF-A387-EB681D2A11F6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{79CF8C84-70D7-4A3A-A2B6-5E691039CD53}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7E128E5B-BE45-4334-B731-743FCAEFB0D0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F1E1803-D0DB-4A16-8A86-09D6B54BE8C5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F2CD076-5404-4161-9D6C-641B4384D33B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{80A06C5D-0A07-4E77-93A2-7CC13B002A75}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{82C18937-9B46-4BAC-806A-CF694C58E45D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{835F925C-FDCD-46DB-98CC-B29AE52D4863}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{84865027-6B97-4128-8721-A717F9DEFFF7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{84BCA402-BE27-45BB-B497-769B6611ACAF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{862FCB85-75FF-4D7A-8A1E-D63A20B9AA15}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8747431F-B557-4AB3-933A-2E77B79C55D9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{878A2EB8-1347-4B61-B539-4A9B29F06051}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{89D73EEC-41B4-4198-94A1-B461CF3FA311}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AE42D41-4191-4B05-A74A-A0E614D407C5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AF6A9B1-17DC-46B9-85F1-477B9D52912E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C3E2896-FC07-4D7B-A28D-9FCA75CDACDF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C883421-B32A-45C5-8578-D9861B669454}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8CB59A61-5125-4403-B025-5AE208854ABD}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D35DCAB-D699-4A79-AFF8-15D75EC726FA}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8EF5F38D-07F9-41F6-9C1C-A48A04FDD806}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{908AC5E5-896C-490F-8B7A-6A8516B73F55}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{909F9A62-C3F6-47DE-A755-7D3561D56CFF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92D26F99-E3F5-4B59-8918-7555DCE563CD}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92DA00F9-AC1D-4700-86F5-412DF953C2B7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{93B6F080-8406-43A2-8341-B6EB52529680}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{93F29AE6-4F08-497B-B14D-F8BF5FD456D2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9899763A-E0D7-45F4-B217-C75D4CE60194}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9904CAD0-0992-48A8-8C13-8BEB4B78CE5E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{99D33435-882F-47D5-B2CB-C4046F576FC9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DBC7F97-5159-415C-A6B6-B83503F145B2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DF31EB2-58A2-4121-9B7E-96C93B603777}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9EA46F5C-39DA-4DD4-B54D-D31B1C493670}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A0E803EF-F2EF-413B-ADF4-ACF651B3CA09}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A51B0782-11DF-4749-A26E-1E1CF87F5185}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A56CF317-320A-410D-9102-A0D2174C93D0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A69F01ED-1C05-48A9-B6C5-0A26F9CD3EA3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A9ADDF91-3578-4DE8-BD8A-98BA1B978090}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AA205B8B-1979-4FEA-B9ED-5E5EB0CA3DB3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AB6672E7-A054-4903-BDB1-54E860EB7F73}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AF440940-F9C1-4210-B862-F5CDF3B44F57}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B004D6A8-6D8B-4A47-86C8-AFD5D3E7FF62}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B283773C-72F4-4EBF-BDE4-22B1AC1392F3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B350E0D9-12D1-4AA7-9FFF-1C4A590CD85C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B4C864F0-814D-4F04-8D90-EE0BAC9B798C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B4F0BD09-1287-4C65-914C-8DC2E6C1FFB3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCC227F1-41FF-4364-BD4F-AC1FF4F9863C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCDEC147-188E-4437-B227-3756115B3EDD}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BED5C0CF-ADD0-4BB7-864F-1802652179B8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C275BC5C-36B4-40CB-AF6D-0704495800FF}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3BA092C-B14A-450B-BCCD-1A1510EE4CA9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3F93260-4D52-4532-95F9-7463FAE5A4E7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5173184-62AB-4E6D-BD34-40C0B73D67B8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C65A0F05-D0E8-477D-B032-9704347BFDB4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C68E1C85-4BE6-4346-934A-BA0DA2332552}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C6E67D74-FAE8-418C-8D77-39A394A29E9F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C8397526-C76C-4C5A-B7AE-CE1C5B20ABF6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C8438B72-7A31-43B8-BB93-1491E7E61B28}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CACDAB9F-A2F3-44AA-BA2B-29524DCAE43C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CDE6A5AB-A71F-4884-A32B-623E8E9F3240}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CEC49E07-AAFC-4688-BB90-5C9CC7182AD2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CFFBF36B-2223-4C87-9780-9F22151F240B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D04721DD-899C-46BF-B341-E2CAF24E0692}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D1FAB4BD-6D9D-45E7-A1A1-E5F5DA9F7971}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D3B3025F-0B21-42D8-AB6C-A2FB846DE730}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D3FDE3B5-F94A-42AF-9C00-6A53EEF8F8C4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D5C99206-FF10-4DDB-A0E8-302723108182}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D785EC90-D4B4-4157-88F0-78C0AA597F4F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D7E53466-A295-4596-9CDE-CA2CEFDA2A81}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D8CD4EA0-221C-42D3-896D-8039DD63A378}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D915A9CA-74F3-49D2-9211-D68E608780D5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DB1F4A8E-BFC7-4653-AD32-ED2325DC7BA1}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DC710D22-8730-4188-9EBC-A205786D14C2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DE01E16A-F3B5-4D7F-868E-481182E07020}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DE5A5545-10ED-4F9C-A5F4-CB92FD385475}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DEFD9AF7-C5AC-4375-BA8B-5CC57D61CF7E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF9B1737-B66A-458A-9F46-50B9A052C85D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E1467328-46AA-4691-9F37-4D8EA6BCCD2F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E22814A6-7377-4B7D-A972-9CA92C5ABFEB}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E25B40DB-DE80-4241-B51A-08E445902E97}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E2E396A3-804B-4AC4-AFF5-C136A1BB2C42}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E4A2EBE4-28FC-4C6E-BA7E-6039C38922B5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E4C0B5A2-90EF-4708-9C4E-A2E7E2067934}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E7BCD36F-553F-4FEB-9C60-291A7FEE18F6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EBB5ACCF-C245-4E1D-A2BA-64F19B92F770}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EC656D6D-E984-4801-A3BD-8CEFDDDB5D82}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ED9EA37E-7215-48B0-A3C7-3998464D26E8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F2960F82-1A35-41D3-8652-10374F0E4CC7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F29BC553-54F6-44C2-847C-18F3163B5E4F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F3071D3F-788E-481A-9D44-8F9D7FA704A7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F48CB2B2-D698-4024-B972-336D4316B1D8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F79B1906-A341-481B-91E2-4254D3358D95}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7B6B41B-A6FA-44C8-A50B-A77DB2B5E5C3}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F842D080-F8B1-4827-834C-1C3463343873}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F917A9D3-01BA-4708-97D0-B779BB6C033D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9BCDF60-136C-4908-A344-F22C0651F8C0}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA4E6888-3A87-4770-A6EC-41A75A3C357B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FC25F54C-87AA-41AF-A14D-142F24D144A9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FC7CDF1F-E431-42ED-BC07-0BA516E026A8}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FED57D5B-5FA1-46AB-BD6A-E23C3E7BD4B6}



    ~~~ FireFox

    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search.xml"
    Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\user.js
    Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\invalidprefs.js
    Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\prefs.js

    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
    user_pref("extensions.delta.admin", false);
    user_pref("extensions.delta.aflt", "babsst");
    user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    user_pref("extensions.delta.autoRvrt", "false");
    user_pref("extensions.delta.dfltLng", "en");
    user_pref("extensions.delta.excTlbr", false);
    user_pref("extensions.delta.ffxUnstlRst", true);
    user_pref("extensions.delta.id", "80609c6a00000000000000225ffc53fb");
    user_pref("extensions.delta.instlDay", "15985");
    user_pref("extensions.delta.instlRef", "sst");
    user_pref("extensions.delta.newTab", false);
    user_pref("extensions.delta.prdct", "delta");
    user_pref("extensions.delta.prtnrId", "delta");
    user_pref("extensions.delta.rvrt", "false");
    user_pref("extensions.delta.smplGrp", "none");
    user_pref("extensions.delta.tlbrId", "base");
    user_pref("extensions.delta.tlbrSrchUrl", "");
    user_pref("extensions.delta.vrsn", "1.8.24.6");
    user_pref("extensions.delta.vrsnTs", "1.8.24.619:31:50");
    user_pref("extensions.delta.vrsni", "1.8.24.6");
    user_pref("extensions.delta_i.babExt", "");
    user_pref("extensions.delta_i.babTrack", "affID=125311&tsp=5028");
    user_pref("extensions.delta_i.srcExt", "ss");
    user_pref("extensions.toolbar@ask.com.install-event-fired", true);



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 02/17/2015 at 21:29:42.66
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v4.110 - Logfile created 17/02/2015 at 21:37:19
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x86)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : YahooAUService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs

    \Coupons
    Folder Deleted : C:\Program Files\LSHunter.TV
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start

    Menu\Programs\LSHunter.TV
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\search.xml

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    Key Deleted : HKLM\SOFTWARE\536d8d9bd6fea10
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-

    AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-

    7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-

    FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-

    FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-

    371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-

    12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-

    FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-

    EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-

    F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-

    B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-

    07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-

    78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-

    88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-

    8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-

    3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-

    CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-

    924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-

    36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-

    A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-

    592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-

    A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-

    74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-

    984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-

    7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-

    DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-

    B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-

    8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-

    6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-

    9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-

    9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-

    9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-

    FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-

    303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-

    201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-

    03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-

    4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-

    4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-

    E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-

    9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-

    6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-

    D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-

    2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-

    D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-

    68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-

    152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-

    B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-

    C4081A054FCF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

    \{465E08E7-F005-4389-980F-1D8764B3486C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

    \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

    \PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

    \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars

    \{6576EBAA-B570-4345-98E4-96153C77CF24}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

    \ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

    \UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

    \UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

    \UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

    \UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v10.0.2 (en-US)


    -\\ Google Chrome v40.0.2214.111


    *************************

    AdwCleaner[R0].txt - [6561 bytes] - [17/02/2015 21:33:57]
    AdwCleaner[S0].txt - [6622 bytes] - [17/02/2015 21:37:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6681 bytes]

    ##########

  4. #4
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hello,

    With revo uninstaller the first two "ask toolbar" and "coupon printer" an error code appeared saying something like uninstaller code failed but the programs were uninstalled.
    Thank you for letting me know.

    Please open FRST.exe. Ensure Addition.txt has a checkmark and click Scan. Copy/paste the contents of FRST.txt and Addition.txt.
    Member of UNITE, and graduate from WTT.

  5. #5
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default next step

    Thanks. Please call me wayne

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
    Ran by Owner at 2015-02-18 09:51:59
    Running from C:\Users\Owner\Desktop\comp repair
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET Smart Security 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AS: ESET Smart Security 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Advantage Software (HKLM\...\Advantage Software) (Version: - )
    AliSetup 0.1.0.52 (HKLM\...\AliSetup) (Version: 0.1.0.52 - °¢Àï°Í°Í£¨Öйú£©ÓÐÏÞ¹«Ë¾)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AT&T Communication Manager (HKLM\...\{A04929ED-DBF8-4FAE-96E1-AA9A93B8E0A9}) (Version: 7.00.0058.0 - AT&T)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
    Aurora 19.0a2 (x86 en-US) (HKLM\...\Aurora 19.0a2 (x86 en-US)) (Version: 19.0a2 - Mozilla)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
    Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
    Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    CyberFlashing (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\cc9402a8f5ffe20e) (Version: 2.2.0.2 - CyberFlashing)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
    Dropbox (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    ESET Smart Security (HKLM\...\{EF181DC1-0ECB-4546-9772-C3C3F58E5747}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
    F2400 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
    FileZilla Client 3.4.0 (HKLM\...\FileZilla Client) (Version: 3.4.0 - )
    Geek Squad 24 Hour Computer Support (HKLM\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
    Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Invoice Magic 2.10.7.1 (HKLM\...\Invoice Magic) (Version: 2.10.7.1 - Powernet Inc.)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    LogMeIn (HKLM\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
    Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Design 4 (HKLM\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
    Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
    Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 10.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0a2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
    NetDvrPlugin 1.0 (HKLM\...\NetDvrPlugin) (Version: 1.0 - )
    NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
    Nitro Reader 3 (HKLM\...\{E12CDEE0-AFF5-4D71-B365-F3F09A9926D3}) (Version: 3.5.1.8 - Nitro)
    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Sophos Anti-Virus (HKLM\...\{034759DA-E21A-4795-BFB3-C66D17FAD183}) (Version: 7.6.2 - Sophos Plc)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Splashtop Remote Client (HKLM\...\InstallShield_{14850F23-BCB2-4A1B-9C60-5DC08B7C4FF1}) (Version: 1.1.6.0 - Splashtop Inc.)
    Splashtop Remote Client (Version: 1.1.6.0 - Splashtop Inc.) Hidden
    Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
    Splashtop Streamer (HKLM\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.2.5.1 - Splashtop Inc.)
    Splashtop Streamer (Version: 2.2.5.1 - Splashtop Inc.) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
    tazti 2.0.2 (HKLM\...\{9C1C4E8D-6F79-495E-8C9A-FAAC8A31BEAB}) (Version: 2.0.2 - Voice Tech Group, Inc.)
    Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
    TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
    TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
    Toshiba DetectAC Utility (HKLM\...\InstallShield_{0AA15BEA-12D6-44FC-B3B2-C97B77AB6AF4}) (Version: 1.00.0014 - TOSHIBA)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.9.0 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM\...\InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}) (Version: 4.01.01.00 - TOSHIBA)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
    Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
    Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM\...\InstallShield_{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}) (Version: 4.01.01.00 - TOSHIBA)
    TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
    TradeManager 2011 SP3 (HKLM\...\TradeManager 2011 SP3) (Version: - Alisoft)
    TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)
    Web CEO 10.0 (HKLM\...\WebCEO70_is1) (Version: 10.0 - Web CEO Ltd.)
    WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WinRAR 4.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)
    WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{64677634-F8BA-429F-BBD8-08330E9F31E3}\InprocServer32 -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\Trademanager\modules\8003\GraffitiGUI.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    11-02-2015 11:53:59 Windows Update
    12-02-2015 03:00:41 Windows Update
    13-02-2015 11:38:50 Windows Update
    17-02-2015 07:55:03 Windows Update
    17-02-2015 20:46:51 Revo Uninstaller's restore point - Ask Toolbar Updater
    17-02-2015 20:52:13 Revo Uninstaller's restore point - Coupon Printer for Windows
    17-02-2015 20:55:23 Revo Uninstaller's restore point - Yahoo! Search Protection
    17-02-2015 20:57:56 Revo Uninstaller's restore point - Yahoo! Toolbar
    17-02-2015 21:10:31 Restore Point Created by FRST
    18-02-2015 09:44:41 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2013-04-11 17:25 - 00444735 ___RA C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {16CEA78A-4902-4C53-9065-92E564F61B1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
    Task: {2274680B-26AE-44DA-A33B-1149EB36808D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {25D14CD6-5440-411B-B527-18EF9459E680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {2E279D9B-2974-44A4-B33C-7B70C5D8AC0D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
    Task: {3A97DE10-6C18-4FA8-9420-2DDD31617F85} - System32\Tasks\{ABDA2FBB-DAC8-404D-BADE-BE4F4D22CFEE} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {477873BE-8BFE-48C8-974A-F5E9EF0CF3F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
    Task: {4E73B394-3DA6-4E53-B893-A75006755B00} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {6A45AB7B-BF71-489F-8F23-F9240B0A99DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {763AB877-1446-49CE-ABEA-3F9C4223E91D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {8755378F-0EE1-45DB-B260-6012795BC2D3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {8B8069B6-241F-42C7-BC46-A5425904CABA} - System32\Tasks\{8D9C3A4F-4548-4795-B97D-4A356382F344} => pcalua.exe -a "C:\Program Files\Power Mixer\Uninst.exe"
    Task: {BB910B01-E72C-490C-B1FF-158F0369CEA7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {BBFD9DF5-9C08-4375-995C-34CABEC39EB3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {C66E260D-38B9-433F-9C5F-1D0AF9F95F0E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
    Task: {CDEF0D9F-09A9-4482-85D2-4E93D374C43E} - System32\Tasks\{322D294C-CE97-4FD5-965A-5FF26D5F19E8} => pcalua.exe -a C:\install.exe -d C:\
    Task: {CE971DEA-C59B-4416-81A0-8A0AC10C42B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DED4C60D-7082-40D0-BACD-5694CAA51371} - System32\Tasks\{7C592588-411D-46B1-9908-687F727889AA} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTMLW0HP\billeo-home-setup[1].exe" -d C:\Users\Owner\Desktop
    Task: {EBE6F388-949A-4B73-B4FE-F792BA07F36F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-03-27 15:11 - 2011-03-27 15:11 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2009-07-16 17:27 - 2009-07-16 17:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-07-16 17:27 - 2009-07-16 17:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2009-08-31 22:05 - 2009-06-22 17:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    2009-03-12 21:08 - 2009-03-12 21:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 13:07 - 2009-07-25 13:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2010-08-18 09:44 - 2010-08-18 09:44 - 00221184 _____ () C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
    2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-30 21:28 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-11-30 21:28 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-17 22:03 - 2015-02-17 22:03 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgteew.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\program\libxml2.dll
    2015-02-17 22:02 - 2015-02-17 22:02 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32api.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pywintypes27.dll
    2015-02-17 22:02 - 2015-02-17 22:02 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pythoncom27.dll
    2015-02-17 22:02 - 2015-02-17 22:02 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_socket.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_ssl.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_hashlib.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._core_.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._windows_.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._controls_.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._misc_.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_elementtree.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pyexpat.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_ctypes.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32file.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32security.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32gui.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32event.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32inet.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32crypt.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._html2.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32process.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\unicodedata.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._wizard.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32pipe.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32pdh.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\select.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32profile.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32ts.pyd
    2015-02-17 22:02 - 2015-02-17 22:02 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._animate.pyd
    2009-09-17 14:36 - 2009-09-17 14:36 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2015-02-06 01:56 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-06 01:56 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-06 01:56 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2723962228-3673826885-3304129383-500 - Administrator - Disabled)
    Guest (S-1-5-21-2723962228-3673826885-3304129383-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2723962228-3673826885-3304129383-1002 - Limited - Enabled)
    LogMeInRemoteUser (S-1-5-21-2723962228-3673826885-3304129383-1012 - Administrator - Enabled)
    Owner (S-1-5-21-2723962228-3673826885-3304129383-1001 - Administrator - Enabled) => C:\Users\Owner

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
    Description: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros
    Service: L1C
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6490

    Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6490

    Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz
    Percentage of memory in use: 56%
    Total physical RAM: 2936.94 MB
    Available physical RAM: 1275.21 MB
    Total Pagefile: 5872.17 MB
    Available Pagefile: 3508.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1909.9 MB

    ==================== Drives ================================

    Drive c: (TI102763W0F) (Fixed) (Total:288.69 GB) (Free:199.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 80460331)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=288.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)

    ==================== End Of Log ============================


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by Owner (administrator) on OWNER-PC on 18-02-2015 09:48:07
    Running from C:\Users\Owner\Desktop\comp repair
    Loaded Profiles: Owner (Available profiles: Owner)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
    (TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    () C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
    (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (OpenOffice.org) C:\Program Files\program\soffice.exe
    (OpenOffice.org) C:\Program Files\program\soffice.bin
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] => "C:\windows\system32\thpsrv" /logon
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
    HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [214328 2009-09-02] ()
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
    HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
    HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [33352 2009-07-17] (ATT)
    HKLM\...\Run: [Toshiba DetectAC Utility] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe [221184 2010-08-18] ()
    HKLM\...\Run: [Toshiba DetectAC Utility1] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe [266240 2010-08-03] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
    HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-31] (Google Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA
    SearchScopes: HKLM -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default
    FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\Trademanager\npwangwang.dll ( )
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: NetDvr_Plugins -> C:\Program Files\NetDvr\Plugins\npDvr.dll (DVR)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: {@alibaba.com/alisetup;version=1.0} -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Test Pilot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-01-22]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-23]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-17]
    FF HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-17]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-17]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
    CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-17]
    CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-07-15] (SmithMicro Inc.)
    S3 CAATT; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-07-15] (SmithMicro Inc.)
    R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
    R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-05] (Nitro PDF Software)
    S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [69632 2008-12-09] (Sophos Plc) [File not signed]
    R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [98304 2008-12-09] (Sophos Plc) [File not signed]
    R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
    R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
    S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
    R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
    R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH)
    R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
    R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
    R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
    R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2012-03-14] (ESET)
    R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2012-03-14] (ESET)
    S3 GT72NDISIPXP; C:\windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
    S3 GT72UBUS; C:\windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
    S3 GTPTSER; C:\windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
    S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2014-12-06] ()
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
    R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
    S3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-13] (Realtek Semiconductor Corporation )
    R1 SAVOnAccess; C:\windows\System32\DRIVERS\savonaccess.sys [85312 2008-07-18] (Sophos Plc) [File not signed]
    S4 SophosBootDriver; C:\windows\System32\DRIVERS\SophosBootDriver.sys [20288 2008-05-23] (Sophos Plc) [File not signed]
    R3 swmsflt; C:\windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
    R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-17 21:33 - 2015-02-17 21:37 - 00000000 ____D () C:\AdwCleaner
    2015-02-17 21:33 - 2015-02-17 21:33 - 02112512 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
    2015-02-17 21:30 - 2015-02-17 21:30 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (2).exe
    2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
    2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
    2015-02-17 20:45 - 2015-02-17 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-02-17 20:44 - 2015-02-17 20:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
    2015-02-17 20:43 - 2015-02-17 20:44 - 10801480 _____ (VS Revo Group ) C:\Users\Owner\Downloads\RevoUninProSetup.exe
    2015-02-17 18:21 - 2015-02-17 18:21 - 00002176 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-17 08:02 - 2015-02-17 22:03 - 00000000 ___RD () C:\Users\Owner\Google Drive
    2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Documents\Google Drive.lnk
    2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Desktop\Google Drive.lnk
    2015-02-17 07:59 - 2015-02-17 07:59 - 00001971 _____ () C:\Users\Public\Desktop\Google Slides.lnk
    2015-02-17 07:59 - 2015-02-17 07:59 - 00001969 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
    2015-02-17 07:59 - 2015-02-17 07:59 - 00001959 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-02-17 07:59 - 2015-02-17 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-02-12 09:31 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-02-12 09:30 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-02-11 14:30 - 2015-02-18 09:48 - 00000000 ____D () C:\Users\Owner\Desktop\comp repair
    2015-02-11 12:07 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2015-02-11 12:07 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2015-02-11 12:07 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2015-02-11 12:07 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2015-02-11 12:07 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2015-02-11 12:07 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2015-02-11 12:07 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2015-02-11 12:07 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2015-02-11 12:07 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2015-02-11 12:07 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2015-02-11 12:07 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2015-02-11 12:07 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2015-02-11 12:07 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2015-02-11 12:07 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2015-02-11 12:07 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-02-11 12:05 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2015-02-11 12:05 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-02-11 12:04 - 2015-02-03 21:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-02-11 12:04 - 2015-02-03 21:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-02-11 12:04 - 2015-02-03 21:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-02-11 12:04 - 2015-02-03 21:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-02-11 12:04 - 2015-02-03 21:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-02-11 12:04 - 2015-02-03 21:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2015-02-11 12:04 - 2015-02-03 21:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-02-11 12:04 - 2015-01-27 18:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2015-02-11 12:04 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-02-11 12:04 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2015-02-11 12:04 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2015-02-11 12:04 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2015-02-11 12:04 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2015-02-11 12:04 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2015-02-11 12:04 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2015-02-11 12:04 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 12:04 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-02-11 12:04 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 12:04 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-02-11 12:04 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-02-11 12:04 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-02-11 12:04 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-02-11 12:04 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2015-02-11 12:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-02-11 12:03 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2015-02-11 12:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-02-11 12:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2015-02-11 12:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-02-11 12:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-02-11 12:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-02-11 12:03 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2015-02-11 12:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-02-11 12:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-02-11 12:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-02-11 12:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2015-02-11 12:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-02-11 12:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-02-11 12:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2015-02-11 12:02 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
    2015-02-11 12:02 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2015-02-11 12:02 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2015-02-11 12:00 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2015-02-11 11:48 - 2015-02-18 09:48 - 00000000 ____D () C:\FRST
    2015-02-11 11:47 - 2015-02-11 11:47 - 00000207 _____ () C:\windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(32-bit).dat
    2015-02-11 11:40 - 2015-02-11 11:40 - 00000000 ____D () C:\RegBackup
    2015-02-11 11:36 - 2015-02-11 11:36 - 04804736 _____ () C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
    2015-02-11 11:34 - 2015-02-11 11:38 - 00002156 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Desktop\rptEmployee_Sales_Summary.txt
    2015-02-02 15:41 - 2015-02-02 15:41 - 00162976 _____ () C:\Users\Owner\Documents\Online Bill Payment.mht

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-18 09:47 - 2012-10-27 17:25 - 01739729 _____ () C:\windows\WindowsUpdate.log
    2015-02-18 09:46 - 2012-11-28 13:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job
    2015-02-18 09:45 - 2012-10-27 17:23 - 00072302 _____ () C:\windows\setupact.log
    2015-02-18 09:45 - 2012-04-05 16:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-18 09:45 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-18 09:45 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-18 09:44 - 2011-10-26 15:32 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-02-17 22:05 - 2011-08-28 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
    2015-02-17 22:05 - 2011-08-28 09:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
    2015-02-17 22:03 - 2014-01-25 15:14 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-02-17 22:03 - 2014-01-25 15:14 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-02-17 22:02 - 2010-02-07 08:15 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-17 22:02 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-17 21:15 - 2012-11-29 03:27 - 00170304 _____ () C:\windows\PFRO.log
    2015-02-17 20:59 - 2009-12-16 09:57 - 00000000 ____D () C:\Program Files\Yahoo!
    2015-02-17 20:55 - 2009-12-16 10:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
    2015-02-17 19:27 - 2012-06-25 21:35 - 00000000 ____D () C:\Users\Owner\Documents\My Received Files
    2015-02-17 19:24 - 2011-04-30 14:47 - 00000000 ____D () C:\Users\Owner\Documents\spa
    2015-02-17 17:04 - 2009-07-13 23:53 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2015-02-17 11:04 - 2012-11-28 13:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job
    2015-02-17 08:02 - 2009-10-23 11:18 - 00000000 ____D () C:\Users\Owner
    2015-02-17 07:59 - 2009-10-23 12:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
    2015-02-17 07:59 - 2009-08-31 22:07 - 00000000 ____D () C:\Program Files\Google
    2015-02-13 16:45 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
    2015-02-13 16:06 - 2011-04-26 21:34 - 00000000 ____D () C:\Salon
    2015-02-13 11:42 - 2011-08-28 09:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-12 03:46 - 2009-07-13 23:33 - 00456056 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-02-12 03:41 - 2014-12-10 03:36 - 00000000 ____D () C:\windows\system32\appraiser
    2015-02-12 03:41 - 2014-04-24 02:18 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-02-12 03:23 - 2013-08-16 06:59 - 00000000 ____D () C:\windows\system32\MRT
    2015-02-12 03:10 - 2009-10-23 11:45 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-02-12 03:08 - 2009-09-17 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-11 12:47 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
    2015-02-11 12:04 - 2009-08-31 22:06 - 00779172 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-04 13:35 - 2010-02-07 08:15 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-03 14:46 - 2013-01-26 15:22 - 00086912 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00085864 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00031592 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
    2015-02-03 14:46 - 2013-01-26 15:22 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-02-02 21:30 - 2011-03-31 16:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla

    ==================== Files in the root of some directories =======

    2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
    2011-01-04 20:35 - 2011-01-04 20:35 - 0057649 _____ () C:\Program Files\eula.rtf
    2012-08-13 09:57 - 2012-08-13 09:57 - 0012927 _____ () C:\Program Files\readme.html
    2012-08-13 09:57 - 2012-08-13 09:57 - 0012558 _____ () C:\Program Files\readme.txt
    2012-10-25 12:15 - 2012-12-19 15:44 - 0106623 _____ () C:\Users\Owner\AppData\Roaming\iQmetrixErrorLog.txt
    2009-10-28 19:57 - 2012-10-24 10:06 - 0000792 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2011-06-17 22:30 - 2014-12-03 17:00 - 0130511 _____ () C:\Users\Owner\AppData\Local\ars.cache
    2011-06-17 22:30 - 2014-12-03 17:00 - 0522804 _____ () C:\Users\Owner\AppData\Local\census.cache
    2010-08-12 10:03 - 2012-05-24 13:53 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-05-19 11:55 - 2010-05-19 11:55 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
    2014-12-03 16:49 - 2014-12-03 16:49 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
    2013-02-23 13:49 - 2013-02-23 14:00 - 0000808 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgteew.dll
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 13:17

    ==================== End Of Log ============================

  6. #6
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hi Wayne,

    Lets check for malware remnants.
    Please do the following.

    STEP 1
    Malwarebytes Anti-Malware (MBAM)
    • Open Malwarebytes Anti-Malware and click Update Now.
    • Once updated, click the Settings tab and tick Scan for rootkits.
    • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the Scan Log.
    • Click Copy to Clipboard and paste the log in your next reply.


    STEP 2
    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme.
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Hide advanced settings. Place a checkmark next to:

      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click . If no threats were found, skip the next two bullet points.
    • Click and save the file to your Desktop, naming it something unique such as MyEsetScan.
    • Push the Back button.
    • Place a checkmark next to and click Finish.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.


    STEP 3
    RogueKiller
    • Please download RogueKiller (x32) and save the file to your Desktop.
    • Close any running programmes.
    • Right-Click RogueKiller.exe and select Run as administrator to run the programme.
    • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
    • A browser window may open. Close the browser window.
    • Click . Upon completion, click .
    • Close the programme. Do not fix anything!
    • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.

    Note: If RogueKiller is unable to run, please retry. If you find after several attempts the programme will still not run, please rename RogueKiller.exe to winlogon.exe and try again.

    ======================================================

    STEP 4
    Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • MBAM Log
    • ESET Log
    • RKreport.txt
    Member of UNITE, and graduate from WTT.

  7. #7
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default

    So I completed the steps. Here are the files

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/18/2015
    Scan Time: 3:58:05 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.18.08
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Owner

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 327240
    Time Elapsed: 17 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, Quarantined, [2de51307c0ca61d543aa152e35ce4fb1],
    PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, Quarantined, [967c170339513afc8a636ad941c20cf4],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\UNINSTALL.exe.xBAD a variant of Win32/Toolbar.iMedix.A potentially unwanted application
    C:\Users\Owner\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    C:\Windows\Installer\e3fd637.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application



    RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Owner [Administrator]
    Mode : Scan -- Date : 02/18/2015 19:38:05

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] explorer.exe(1524) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll[7] -> Unloaded

    ¤¤¤ Registry : 16 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) NETAPI32.dll - NetGetJoinInformation : C:\windows\system32\wkscli.dll @ 0x73e72c3f
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b92
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b4a
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenSCManagerW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b82
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - StartServiceW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411ba2
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b7a
    [IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5bfbfa68
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
    --- User ---
    [MBR] dba07aa1bc1832356d9f0f4d69fc2170
    [BSP] 290c22aaaab728af5823c5614cfadfce : HP MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

  8. #8
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hello Wayne,

    Please delete this file: C:\Windows\Installer\e3fd637.msi
    Right-Click your Recycle Bin and click Empty afterwards.

    How is your computer performing? Do you have any outstanding issues or concerns?
    Member of UNITE, and graduate from WTT.

  9. #9
    Junior Member
    Join Date
    Feb 2015
    Posts
    15

    Default thanks

    I have completed the final steps and the dll errors are no longer there on boot up. I still get an ERNDT error which is from ERUNT - The Emergency Recovery Utility NT. Should I uninstall this program? I installed it to try and fix what you were able to do.

    My computer is running much better, however it seems very slow on start up. I installed google chrome as suggested and the first time I open it after starting my computer it opens and is blank for around a minute before it seems to connect. I noticed and my very last reboot my internet icon in the sys tray disappeared for a minute or so and chrome of course would not connect. Then it popped up and all was good. Any thoughts.

    Lastly what type of virus protection firewall etc would you suggest. My laptop is used from home 95% of the time.

    Thanks again

    Wayne

  10. #10
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hi Wayne,

    Please uninstall ERUNT. Also uninstall Sophos Anti-Virus.

    Lastly what type of virus protection firewall etc would you suggest. My laptop is used from home 95% of the time.
    You have ESET Smart Security installed. This is a high-end security suite, which includes a Firewall. The programme is outdated, so you may wish to update to the latest version. Open the programme, click Update and under Product update, click Check for updates.

    I will provide a list of recommended reading material and other programmes that will help reduce the risk of reinfection at the end of this process.


    ------------

    Let me know if the following helps with Chrome:
    • Please backup your Chrome Bookmarks. Instructions here.
    • Now Reset Chrome. Instructions here.


    Regarding your slow boot - we can look into this once you've addressed the points above.
    Member of UNITE, and graduate from WTT.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •