Doug Morgan
2014-08-19, 02:00
Every time I go onto the internet (google chrome) my home page loads, but a second tab loads that is HTTP:login.live.com that directs me to an MSN page that I don't want. Is this malware? and is there a way to get rid of it. I don't want it to infect my computer.
Thanks for any help.
Doug
---------------------------
Edit
For future reference, forum FAQ: http://forums.spybot.info/showthread.php?t=288 :)
Please back up your registry!
Backup the Registry:
Credit: Dakeyras
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs
Farbar Log
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Or your logs will be too long to post.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log into your topic
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
aswMBR Log
Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.
Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
Doug Morgan
2014-08-21, 05:53
Here is the frst.txt, addition.txt and aswmbr.txt.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by doug (administrator) on DOUGS-COMPUTER on 19-08-2014 15:23:32
Running from C:\Users\doug\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
(Google Inc.) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKLM\...\Run: [YMailAdvisor] => C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [68592 2009-04-08] (Google Inc.)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-12] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-13] (RealNetworks, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoAutoUpdate] 1
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [Search Protection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-04] (Google Inc.)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [Google Update] => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650536 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4215910112-895626990-194910188-1000\...\MountPoints2: {74864974-f592-11df-ae5e-001d92ef1ec8} - F:\InstallTomTomHOME.exe
HKU\S-1-5-21-4215910112-895626990-194910188-1004\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss_din2g&mntrId=6A99001D92EF1EC8
SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKCU - {1B6569FA-16BF-4323-A212-C1DD31E61A1D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EAE88415-6BBE-41D8-9418-6E9CBAC1F6E4&apn_sauid=7B33C468-E8B5-46CC-8CF6-14484DDB7A63
SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {F2C64193-CCE1-4CF1-ACFC-E80150AA87F4} URL = http://isearch.avg.com/search?cid={987EF8E2-48AF-4F80-B79B-5CA91678C042}&mid=cf78d5c81f0b47d6b5a0d154d40bf73b-ee1c65297195f0ac65fc3a4a2b045f8f9b35a58f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-13 15:42:04&v=17.3.1.91&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
BHO: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: AddThis Toolbar BHO -> {9EBF8AAF-0A31-4786-909A-97A0EF101743} -> C:\Program Files\AddThis Toolbar\Toolbar.dll ()
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Zoominto.IEPlugin.ZoomintoMain -> {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: RewardsArcadeSuite -> {B6EF6C45-5E8D-4c3b-B580-A5073261A381} -> C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Handler: cf - No CLSID Value -
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.19.2.83 216.19.2.84 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF SelectedSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: http://forums.spybot.info/misc.php?do=email_dev&email=eWF4bXBiQHlhaG9vLmNvbQ==/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\doug\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\doug\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\doug\AppData\Roaming\mozilla\plugins\npcoolirisplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\doug\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\doug\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: AVG Security Toolbar - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\avg@toolbar [2012-07-14]
FF Extension: No Name - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\staged [2013-10-14]
FF Extension: Yahoo! Toolbar - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-10-06]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010-01-14]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2008-12-13]
FF Extension: Nachofoto Fotomarklet - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{dd6bfa32-1198-4217-a0e9-1acab501a6e9} [2008-12-18]
FF Extension: Fotofox - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\fotofox@mozilla.com.xpi [2011-04-16]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-27]
FF Extension: DownThemAll! - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-01-23]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-10]
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SPEEDbit Video Downloader\SPFireFox
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext [2008-12-14]
FF HKCU\...\Firefox\Extensions: [{A10ECFC7-BBE8-4E84-8043-9D35FBF75515}] - C:\Users\doug\AppData\Local\{A10ECFC7-BBE8-4E84-8043-9D35FBF75515}
FF Extension: XULRunner - C:\Users\doug\AppData\Local\{A10ECFC7-BBE8-4E84-8043-9D35FBF75515} [2009-10-27]
Chrome:
=======
CHR HomePage: hxxp://www.inbox.com/homepage.aspx?tbid=82072&iwk=276&lng=en
CHR StartupUrls: "https://www.google.com/", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: https://docs.google.com/offline/backgroundshell#ouid=u83214ebced295021
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (getPlus for Adobe 15235) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Talk Plugin) - C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\doug\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs Offline Background Page) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (AT_ChuckAnderson) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2011-03-20]
CHR Extension: (Pyramid Solitaire) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\geoodjcmdebikoiehcjdglomepnibabn [2012-02-19]
CHR Extension: (RealDownloader) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2013-06-06]
CHR Extension: (Switch To New Tab) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpdoeknpnclenhlmblmenpafkbcgdbg [2011-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-09]
CHR Extension: (Google Wallet) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Blog This!) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk [2011-03-20]
CHR Extension: (Gmail) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\doug\AppData\Local\funmoods.crx [2012-05-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
CHR HKLM\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\doug\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [2012-11-30]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2012-03-02]
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\doug\AppData\Local\funmoods.crx [2012-05-28]
CHR HKCU\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\doug\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [2012-11-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [585728 2006-12-10] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2009-03-20] (Smith Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 15:23 - 2014-08-19 15:24 - 00038911 _____ () C:\Users\doug\Downloads\FRST.txt
2014-08-19 15:22 - 2014-08-19 15:23 - 00000000 ____D () C:\FRST
2014-08-19 15:20 - 2014-08-19 15:20 - 01093632 _____ (Farbar) C:\Users\doug\Downloads\FRST.exe
2014-08-19 15:01 - 2014-08-19 15:01 - 00000000 ____D () C:\Users\doug\DOUGS-COMPUTER
2014-08-19 14:57 - 2014-08-19 14:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DOUGS-COMPUTER-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-08-19 14:57 - 2014-08-19 14:57 - 00000000 ____D () C:\RegBackup
2014-08-19 14:54 - 2014-08-19 14:54 - 00001982 _____ () C:\Users\doug\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-19 14:54 - 2014-08-19 14:54 - 00000000 ____D () C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-19 14:53 - 2014-08-19 14:53 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-19 14:50 - 2014-08-19 14:53 - 04057608 _____ () C:\Users\doug\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-15 14:43 - 2014-06-26 15:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 14:43 - 2014-06-26 15:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 14:43 - 2014-06-26 15:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 14:42 - 2014-06-05 21:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 13:00 - 2014-07-24 11:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 13:00 - 2014-07-24 10:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 13:00 - 2014-07-24 10:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 13:00 - 2014-07-24 10:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 13:00 - 2014-07-24 10:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 13:00 - 2014-07-24 10:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 13:00 - 2014-07-24 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 13:00 - 2014-07-24 10:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 13:00 - 2014-07-24 10:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 13:00 - 2014-07-24 10:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 13:00 - 2014-07-24 10:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 13:00 - 2014-07-24 10:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 13:00 - 2014-07-24 10:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 13:00 - 2014-07-24 10:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 13:00 - 2014-07-24 10:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 13:00 - 2014-07-24 10:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 13:00 - 2014-07-24 10:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 13:00 - 2014-07-24 10:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 13:00 - 2014-07-24 10:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 13:00 - 2014-07-24 10:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 13:00 - 2014-07-24 10:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 12:59 - 2014-06-02 03:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 12:59 - 2014-06-02 03:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 12:59 - 2014-06-02 03:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 12:59 - 2014-06-02 03:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 12:59 - 2014-06-02 01:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 12:54 - 2014-07-07 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 12:54 - 2014-06-13 17:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 12:54 - 2014-06-13 17:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 12:49 - 2014-07-24 21:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 12:49 - 2014-07-24 19:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-08 12:15 - 2014-08-08 14:09 - 00000000 ____D () C:\Users\doug\AppData\Roaming\Lavasoft
2014-08-08 12:15 - 2014-08-08 12:15 - 00000000 ____D () C:\Users\doug\Desktop\Documents\Lavasoft
2014-08-08 12:10 - 2014-08-08 12:14 - 10882463 _____ () C:\Users\doug\Downloads\tuneup_kit.zip
2014-08-08 10:42 - 2014-08-08 11:36 - 00010752 _____ () C:\Users\doug\Desktop\Documents\SVdecking.xlr
2014-08-07 21:07 - 2014-08-07 21:07 - 00010752 _____ () C:\Users\doug\Downloads\sedona views deck (1).xlr
2014-08-07 21:03 - 2014-08-07 21:03 - 00010752 _____ () C:\Users\doug\Downloads\sedona views deck.xlr
2014-08-07 19:51 - 2014-08-07 20:49 - 00010752 _____ () C:\Users\doug\Desktop\Documents\velvet1262.xlr
2014-08-06 20:59 - 2014-08-06 21:02 - 00010752 _____ () C:\Users\doug\Desktop\Documents\1262 S. Verde Dr.xlr
2014-08-06 20:55 - 2014-08-08 10:46 - 00010752 _____ () C:\Users\doug\Desktop\Documents\sedona views deck.xlr
2014-08-06 20:34 - 2014-08-06 21:03 - 00010752 _____ () C:\Users\doug\Desktop\Documents\Carpender ln..xlr
2014-08-06 20:24 - 2014-08-06 20:23 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 20:23 - 2014-08-06 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 20:23 - 2014-08-06 20:23 - 00000000 ____D () C:\Program Files\Java
2014-08-03 14:47 - 2014-08-03 14:47 - 00107960 _____ () C:\Users\Linda\Downloads\msg0001.WAV
2014-08-02 20:26 - 2014-08-02 20:26 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-08-02 20:20 - 2014-08-02 20:23 - 11241816 _____ (Microsoft Corporation) C:\Users\doug\Downloads\mseinstall.exe
2014-07-21 11:10 - 2014-07-21 11:22 - 35594848 _____ (Skype Technologies S.A.) C:\Users\Linda\Downloads\SkypeSetupFull (2).exe
2014-07-21 10:34 - 2014-07-21 10:55 - 35594848 _____ (Skype Technologies S.A.) C:\Users\Linda\Downloads\SkypeSetupFull (1).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 15:24 - 2014-08-19 15:23 - 00038911 _____ () C:\Users\doug\Downloads\FRST.txt
2014-08-19 15:23 - 2014-08-19 15:22 - 00000000 ____D () C:\FRST
2014-08-19 15:20 - 2014-08-19 15:20 - 01093632 _____ (Farbar) C:\Users\doug\Downloads\FRST.exe
2014-08-19 15:18 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 15:18 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 15:01 - 2014-08-19 15:01 - 00000000 ____D () C:\Users\doug\DOUGS-COMPUTER
2014-08-19 15:01 - 2008-07-31 19:27 - 00000000 ____D () C:\Users\doug
2014-08-19 14:57 - 2014-08-19 14:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DOUGS-COMPUTER-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-08-19 14:57 - 2014-08-19 14:57 - 00000000 ____D () C:\RegBackup
2014-08-19 14:57 - 2012-04-11 06:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 14:54 - 2014-08-19 14:54 - 00001982 _____ () C:\Users\doug\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-19 14:54 - 2014-08-19 14:54 - 00000000 ____D () C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-19 14:53 - 2014-08-19 14:53 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-19 14:53 - 2014-08-19 14:50 - 04057608 _____ () C:\Users\doug\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-19 14:45 - 2012-01-04 19:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000UA.job
2014-08-19 14:41 - 2009-11-22 15:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 13:40 - 2011-01-25 19:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-19 13:34 - 2012-05-15 21:05 - 00000000 ___RD () C:\Users\doug\Google Drive
2014-08-19 13:30 - 2013-05-29 10:30 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-08-19 13:30 - 2009-11-22 15:49 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 13:25 - 2008-07-31 19:24 - 01817535 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 13:18 - 2013-05-23 15:08 - 00138374 _____ () C:\Windows\PFRO.log
2014-08-19 13:18 - 2011-07-10 22:19 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-19 13:18 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 13:18 - 2006-11-02 05:47 - 00809080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 13:17 - 2013-10-27 10:44 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-18 19:14 - 2006-11-02 06:01 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-18 15:50 - 2008-08-03 20:16 - 00002796 _____ () C:\Users\doug\Desktop\Documents\Info.txt
2014-08-17 17:51 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\tracing
2014-08-17 11:10 - 2012-01-04 19:30 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000Core.job
2014-08-16 14:39 - 2014-07-11 18:21 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\HpUpdate
2014-08-15 15:29 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-08-15 15:26 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 15:19 - 2006-11-02 03:33 - 00006564 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 15:04 - 2013-10-04 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 14:49 - 2006-11-02 03:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 08:28 - 2014-03-12 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 08:28 - 2013-10-07 16:18 - 00000764 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-14 08:28 - 2013-04-04 10:20 - 00000410 _____ () C:\Windows\system32\usergui.cfg
2014-08-14 08:28 - 2012-11-08 11:59 - 00004860 _____ () C:\Windows\system32\userawacs.cfg
2014-08-12 07:56 - 2014-07-11 15:24 - 00000000 ____D () C:\Users\Linda\AppData\Local\AVG Secure Search
2014-08-12 07:47 - 2014-02-13 15:41 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-12 07:47 - 2011-11-10 03:03 - 00000000 ____D () C:\Windows\system32\cache
2014-08-12 07:46 - 2012-07-20 23:33 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-09 12:25 - 2011-04-20 15:35 - 00000000 ____D () C:\Users\doug\AppData\Roaming\HpUpdate
2014-08-08 15:46 - 2009-10-25 20:04 - 00000000 ____D () C:\Users\doug\Desktop\Documents\Invoices
2014-08-08 15:44 - 2008-08-01 13:01 - 00019734 _____ () C:\Users\doug\AppData\Roaming\wklnhst.dat
2014-08-08 14:10 - 2010-04-14 16:06 - 00000000 ____D () C:\ProgramData\Venta
2014-08-08 14:09 - 2014-08-08 12:15 - 00000000 ____D () C:\Users\doug\AppData\Roaming\Lavasoft
2014-08-08 13:57 - 2008-12-14 15:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-08 12:15 - 2014-08-08 12:15 - 00000000 ____D () C:\Users\doug\Desktop\Documents\Lavasoft
2014-08-08 12:14 - 2014-08-08 12:10 - 10882463 _____ () C:\Users\doug\Downloads\tuneup_kit.zip
2014-08-08 11:36 - 2014-08-08 10:42 - 00010752 _____ () C:\Users\doug\Desktop\Documents\SVdecking.xlr
2014-08-08 10:46 - 2014-08-06 20:55 - 00010752 _____ () C:\Users\doug\Desktop\Documents\sedona views deck.xlr
2014-08-07 21:07 - 2014-08-07 21:07 - 00010752 _____ () C:\Users\doug\Downloads\sedona views deck (1).xlr
2014-08-07 21:03 - 2014-08-07 21:03 - 00010752 _____ () C:\Users\doug\Downloads\sedona views deck.xlr
2014-08-07 20:58 - 2009-10-25 20:05 - 00010752 _____ () C:\Users\doug\Desktop\invoice.xlr
2014-08-07 20:49 - 2014-08-07 19:51 - 00010752 _____ () C:\Users\doug\Desktop\Documents\velvet1262.xlr
2014-08-06 21:03 - 2014-08-06 20:34 - 00010752 _____ () C:\Users\doug\Desktop\Documents\Carpender ln..xlr
2014-08-06 21:02 - 2014-08-06 20:59 - 00010752 _____ () C:\Users\doug\Desktop\Documents\1262 S. Verde Dr.xlr
2014-08-06 20:23 - 2014-08-06 20:24 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 20:23 - 2014-08-06 20:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 20:23 - 2014-08-06 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 20:23 - 2014-08-06 20:23 - 00000000 ____D () C:\Program Files\Java
2014-08-06 12:48 - 2008-07-31 21:41 - 00005216 _____ () C:\Users\doug\AppData\Local\d3d9caps.dat
2014-08-03 14:47 - 2014-08-03 14:47 - 00107960 _____ () C:\Users\Linda\Downloads\msg0001.WAV
2014-08-02 20:26 - 2014-08-02 20:26 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-08-02 20:23 - 2014-08-02 20:20 - 11241816 _____ (Microsoft Corporation) C:\Users\doug\Downloads\mseinstall.exe
2014-08-01 17:48 - 2014-07-12 13:44 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games
2014-07-30 16:17 - 2012-01-02 19:54 - 00000000 ____D () C:\Users\doug\AppData\Roaming\Skype
2014-07-29 12:05 - 2014-07-14 13:52 - 00000000 ____D () C:\Users\Linda\Desktop\New Folder
2014-07-27 06:49 - 2008-10-24 13:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:44 - 2010-09-09 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 21:26 - 2014-08-14 12:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-24 19:53 - 2014-08-14 12:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 11:07 - 2014-08-14 13:00 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 10:58 - 2014-08-14 13:00 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 10:57 - 2014-08-14 13:00 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 10:52 - 2014-08-14 13:00 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 10:51 - 2014-08-14 13:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 10:51 - 2014-08-14 13:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 10:50 - 2014-08-14 13:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 10:50 - 2014-08-14 13:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 10:49 - 2014-08-14 13:00 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 10:49 - 2014-08-14 13:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 10:49 - 2014-08-14 13:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 10:49 - 2014-08-14 13:00 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 10:49 - 2014-08-14 13:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 10:48 - 2014-08-14 13:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 10:48 - 2014-08-14 13:00 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 10:48 - 2014-08-14 13:00 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 10:48 - 2014-08-14 13:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 10:48 - 2014-08-14 13:00 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 10:48 - 2014-08-14 13:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 10:48 - 2014-08-14 13:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 10:47 - 2014-08-14 13:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-23 20:56 - 2014-07-12 14:21 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype
2014-07-21 11:33 - 2014-07-12 20:55 - 00000000 ____D () C:\Users\Linda\AppData\Local\Adobe
2014-07-21 11:33 - 2014-07-12 15:23 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Adobe
2014-07-21 11:24 - 2009-06-08 21:21 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 11:22 - 2014-07-21 11:10 - 35594848 _____ (Skype Technologies S.A.) C:\Users\Linda\Downloads\SkypeSetupFull (2).exe
2014-07-21 10:55 - 2014-07-21 10:34 - 35594848 _____ (Skype Technologies S.A.) C:\Users\Linda\Downloads\SkypeSetupFull (1).exe
Files to move or delete:
====================
C:\Users\doug\jobq.dat
Some content of TEMP:
====================
C:\Users\doug\AppData\Local\Temp\APNSetup.exe
C:\Users\doug\AppData\Local\Temp\contentDATs.exe
C:\Users\doug\AppData\Local\Temp\GUR5CBF.exe
C:\Users\doug\AppData\Local\Temp\GURE8D7.exe
C:\Users\doug\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\lowproc.exe
C:\Users\doug\AppData\Local\Temp\mssinstaller.exe
C:\Users\doug\AppData\Local\Temp\oi_{EAF27ACA-F617-4D40-BE17-1DF9A971F973}.exe
C:\Users\doug\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\doug\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\doug\AppData\Local\Temp\stubhelper.dll
C:\Users\doug\AppData\Local\Temp\uninst1.exe
C:\Users\doug\AppData\Local\Temp\{0468C3B4-DF77-4425-AE64-78D734C27188}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\doug\AppData\Local\Temp\{C84CBE4F-B862-4E43-AD5D-9F4DF40A2C35}-GoogleEarth-Win-Bundle-7.1.2.2041.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-19 13:36
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by doug at 2014-08-19 15:25:02
Running from C:\Users\doug\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2500 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2500_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2500Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Actiontec Gateway (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version: - )
AddThis Toolbar (HKLM\...\AddThis Toolbar) (Version: 1.514 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
Any DVD Converter Professional 4.1.7 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Any Video Converter 2.7.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000009}) (Version: 2.0.0.0 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.786 - AVG Technologies)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CA Yahoo! Anti-Spy (remove only) (HKLM\...\cayahooantispy) (Version: - CA, Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.2726 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eBook 4 Sale (HKLM\...\eBook 4 Sale) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Forms Maker & Filler (HKLM\...\Forms Maker & Filler) (Version: - )
Free Solitaire (HKLM\...\Free Solitaire) (Version: - )
Funmoods Web Search (HKCU\...\Funmoods Web Search) (Version: - ) <==== ATTENTION
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{9074AFC0-CFDA-11DE-B484-005056806466}) (Version: 5.1.3533.1731 - Google)
Google Photos Screensaver (HKLM\...\{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}) (Version: 2.0.0 - Google Inc.)
Google Quick Search Box (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.5.0.456 (HKCU\...\GoToMeeting) (Version: - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.0.6 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Demo (HKLM\...\{44F3AD4C-D8A0-40DD-94A1-7443BE9953C7}_is1) (Version: HP Demo - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.3309 - Hewlett-Packard)
HP MediaSmart DVD (Version: 2.2.3309 - Hewlett-Packard) Hidden
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Smart Print 1.1.5.0 (HKLM\...\{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}) (Version: 1.1.5.0 - Hewlett-Packard)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
IMSI Utilities (HKLM\...\IMSI Utilities) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetDeviceManager (Version: 82.0.173.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS CAMEDIA Master 2.5 (HKLM\...\{06230E02-2B7E-11D2-92D0-0040051BD005}) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
PrintMaster 5.0 Platinum (HKLM\...\0832-3492-6567-1002) (Version: 5.0.0.15 - Encore Software Inc.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickConnect (Version: 3.6 - Qwest) Hidden
QuickTime (HKLM\...\QuickTime) (Version: - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RewardsArcadeSuite (HKCU\...\RewardsArcadeSuite) (Version: - 215 Apps)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shockwave (HKLM\...\Shockwave) (Version: - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TetriCrisis 100% 5.9 Remix (HKLM\...\TetriCrisis 100%_is1) (Version: - Silent Hero Productions(R))
The Print Shop Business Card Creator (HKLM\...\{BCCBE608-5C44-4507-AE11-55B36AE0E41B}) (Version: - Broderbund Properties LLC)
The Print Shop Home and Office Labels (HKLM\...\{909FDB94-8511-47D3-AF00-EEA27FA11E73}) (Version: - Broderbund LLC)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VZAccess Manager (HKLM\...\{983BAA92-349E-4E75-8BA8-63EEE3670948}) (Version: 7.0.5.9 - Smith Micro Software Inc.)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo SiteBuilder (HKLM\...\Yahoo SiteBuilder) (Version: 2.8.6 - Yahoo! Inc.)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
Yahoo! Mail Advisor (HKLM\...\Yahoo! Mail Advisor) (Version: - )
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION
Yahoo! SiteBuilder (HKLM\...\Yahoo! SiteBuilder) (Version: 2.4.0 - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
ZoomInto (HKLM\...\{B8CFEA15-A660-4742-9AAB-BC659C491046}) (Version: 17.0.0 - ZoomInto.com ,Inc)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\doug\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\456\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{ACDF77A9-9EDA-407F-969F-B3BCBE3217D0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4215910112-895626990-194910188-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\doug\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
15-08-2014 21:15:10 Windows Update
16-08-2014 17:06:38 Scheduled Checkpoint
17-08-2014 15:57:18 Scheduled Checkpoint
18-08-2014 20:49:39 Scheduled Checkpoint
19-08-2014 21:13:55 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 03:23 - 2006-09-18 14:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D92EB2E-8639-4665-B895-9984192534B1} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-10] (Google)
Task: {0F35F5D5-1945-41A0-80F3-2729CA50D5AD} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe [2013-10-13] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24642D66-8E53-4B46-8D0D-D2633BD251FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000Core => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {249234E9-D935-4E71-86E1-4B4C66BE72F1} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {368001CC-FAD6-48DB-A0A7-331B8D7D07B2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BAE54BA9-2A4D-4ADC-B4B2-733A737E4EA7}.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F98C12A-7D1E-4078-BB25-B3544B72FC19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {43C4A228-7287-4003-9856-B5BD239DA328} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {46268D45-D91A-4A90-AA4F-5ECBC6CA1D3F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4215910112-895626990-194910188-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4DFC221E-CF2D-4293-BF9E-56F38D4535D0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4F1F2B23-4736-4DE9-8FF1-BE3EB59635C7} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {5B2E37DD-5429-47E7-9FE9-A3DE19D23D14} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4215910112-895626990-194910188-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5DDB011D-F2E9-4F82-A57C-0E5E77CF8213} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4215910112-895626990-194910188-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6C2C8647-188E-4782-8CFE-D324D4D5CD34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-22] (Google Inc.)
Task: {6CAED93F-9375-43B2-9F59-B1CC5CD599EA} - System32\Tasks\{5B1F924C-B64D-4967-B660-91710B332AE0} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {90F914D3-349B-46F7-9BF9-2818158FDAB1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4215910112-895626990-194910188-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {93E21CBF-C8AC-4370-8B9B-F4C584104F59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-22] (Google Inc.)
Task: {9B0A2EE2-A680-44DD-ADC6-CF6A7D475262} - System32\Tasks\Google Updater and Installer => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {CB567625-305E-4362-854E-0067CBE0A717} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000UA => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {CEF1A9D3-B501-4E87-B5C3-1B1587FEC5FE} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - doug => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {DC871D0D-56D1-41DF-8D9A-5AB6443CFBE7} - System32\Tasks\DSite => C:\Users\doug\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BAE54BA9-2A4D-4ADC-B4B2-733A737E4EA7}.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\doug\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Google Software Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000Core.job => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215910112-895626990-194910188-1000UA.job => C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-05-08 21:20 - 1997-10-17 13:06 - 00018432 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\jDocPrc.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-12 07:47 - 2014-08-12 07:46 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-12 07:47 - 2014-08-12 07:46 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2010-01-26 19:19 - 2011-11-30 23:45 - 00103424 _____ () C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
2014-02-13 15:41 - 2014-08-12 07:46 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-02-13 15:41 - 2014-08-12 07:46 - 01654296 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 00181592 _____ () C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-08-19 13:30 - 2014-08-19 13:30 - 00098816 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32api.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00110080 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\pywintypes27.dll
2014-08-19 13:30 - 2014-08-19 13:30 - 00364544 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\pythoncom27.dll
2014-08-19 13:30 - 2014-08-19 13:30 - 00045568 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_socket.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 01160704 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_ssl.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00320512 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32com.shell.shell.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00713216 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_hashlib.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 01175040 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._core_.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00805888 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._gdi_.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00811008 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._windows_.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 01062400 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._controls_.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00735232 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._misc_.pyd
2014-08-19 13:30 - 2014-08-19 13:31 - 00128512 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_elementtree.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00127488 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\pyexpat.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00557056 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\pysqlite2._sqlite.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00007168 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\hashobjs_ext.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00087552 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_ctypes.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00119808 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32file.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00108544 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32security.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00018432 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32event.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00038912 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32inet.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00070656 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._html2.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00167936 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32gui.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00011264 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32crypt.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00027136 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\_multiprocessing.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00122368 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._wizard.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00010240 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\select.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00024064 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32pipe.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00686080 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\unicodedata.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00025600 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32pdh.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00525640 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\windows._lib_cacheinvalidation.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00035840 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32process.pyd
2014-08-19 13:31 - 2014-08-19 13:31 - 00017408 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32profile.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00022528 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\win32ts.pyd
2014-08-19 13:30 - 2014-08-19 13:30 - 00078336 _____ () C:\Users\doug\AppData\Local\Temp\_MEI44162\wx._animate.pyd
2014-08-14 18:50 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 18:50 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 18:50 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 01:19:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/18/2014 06:24:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/18/2014 11:24:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2014 09:15:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/17/2014 09:15:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/17/2014 08:21:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 06:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x002e006c,
process id 0xc8c, application start time 0xsvchost.exe_HPSLPSVC0.
Error: (08/16/2014 09:18:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 04:23:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/15/2014 04:23:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (08/18/2014 07:14:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (08/18/2014 06:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HP Health Check Service%%1053
Error: (08/18/2014 06:26:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000HP Health Check Service
Error: (08/18/2014 04:03:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (08/18/2014 11:38:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (08/17/2014 07:52:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (08/16/2014 08:55:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (08/16/2014 08:54:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
Error: (08/16/2014 08:53:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
Error: (08/16/2014 06:09:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: HP Network Devices Support1
Microsoft Office Sessions:
=========================
Error: (08/19/2014 01:19:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/18/2014 06:24:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/18/2014 11:24:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2014 09:15:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (08/17/2014 09:15:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (08/17/2014 08:21:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2014 06:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_HPSLPSVC6.0.6001.1800047918b89unknown0.0.0.000000000c0000005002e006cc8c01cfb96dacbd8b1d
Error: (08/16/2014 09:18:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 04:23:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (08/15/2014 04:23:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
CodeIntegrity Errors:
===================================
Date: 2014-08-19 15:24:10.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:09.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:09.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:08.695
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:08.002
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:07.428
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:06.851
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-19 15:24:06.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 08:25:08.343
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 08:25:07.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2036.45 MB
Available physical RAM: 830.18 MB
Total Pagefile: 4326.11 MB
Available Pagefile: 2729.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.8 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:222.85 GB) (Free:144.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.03 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-19 15:33:17
-----------------------------
15:33:17.151 OS Version: Windows 6.0.6002 Service Pack 2
15:33:17.151 Number of processors: 2 586 0xF0D
15:33:17.152 ComputerName: DOUGS-COMPUTER UserName: doug
15:33:22.413 Initialize success
15:33:22.559 VM: initialized successfully
15:33:22.575 VM: Intel CPU virtualization not supported
16:08:50.403 The log file has been saved successfully to "C:\Users\doug\Downloads\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-19 15:33:17
-----------------------------
15:33:17.151 OS Version: Windows 6.0.6002 Service Pack 2
15:33:17.151 Number of processors: 2 586 0xF0D
15:33:17.152 ComputerName: DOUGS-COMPUTER UserName: doug
15:33:22.413 Initialize success
15:33:22.559 VM: initialized successfully
15:33:22.575 VM: Intel CPU virtualization not supported
16:08:50.403 The log file has been saved successfully to "C:\Users\doug\Downloads\aswMBR.txt"
16:32:40.913 AVAST engine defs: 14081900
18:40:47.711 The log file has been saved successfully to "C:\Users\doug\Downloads\aswMBR.txt"
Please uninstall/delete from your add/remove programs list.
Funmoods Web Search
Yahoo! Search Protection
****************
Running from C:\Users\doug\Downloads
This needs to be moved to desktop in order for the created script to run correctly and move the infections out.
Please go to your downloads folder, locate Farbar Recovery Scan Tool (FRST), right click on that and select cut
Go to an open space on your desktop and, right click and select paste. This should move it to desktop.
the system will be rebooted after the fix, please don't be alarmed.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss_din2g&mntrId=6A99001D92EF1EC8
SearchScopes: HKCU - {1B6569FA-16BF-4323-A212-C1DD31E61A1D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EAE88415-6BBE-41D8-9418-6E9CBAC1F6E4&apn_sauid=7B33C468-E8B5-46CC-8CF6-14484DDB7A63
SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL =
SearchScopes: HKCU - {F2C64193-CCE1-4CF1-ACFC-E80150AA87F4} URL = http://isearch.avg.com/search?cid={987EF8E2-48AF-4F80-B79B-5CA91678C042}&mid=cf78d5c81f0b47d6b5a0d154d40bf73b-ee1c65297195f0ac65fc3a4a2b045f8f9b35a58f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-13
15:42:04&v=17.3.1.91&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll No File
BHO: AddThis Toolbar BHO -> {9EBF8AAF-0A31-4786-909A-97A0EF101743} -> C:\Program Files\AddThis Toolbar\Toolbar.dll ()
BHO: RewardsArcadeSuite -> {B6EF6C45-5E8D-4c3b-B580-A5073261A381} -> C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
FF user.js: detected! => C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\user.js
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\g81znd2y.default\searchplugins\delta.xml
FF HKLM\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-01-23]
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox
FF HKCU\...\Firefox\Extensions: [{A10ECFC7-BBE8-4E84-8043-9D35FBF75515}] - C:\Users\doug\AppData\Local\{A10ECFC7-BBE8-4E84-8043-9D35FBF75515}
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\doug\AppData\Local\funmoods.crx [2012-05-28]
CHR HKLM\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\doug\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
CHR HKLM\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\doug\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [2012-11-30]
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\doug\AppData\Local\funmoods.crx [2012-05-28]
C:\Users\doug\jobq.dat
C:\Users\doug\AppData\Local\Temp\APNSetup.exe
C:\Users\doug\AppData\Local\Temp\contentDATs.exe
C:\Users\doug\AppData\Local\Temp\GUR5CBF.exe
C:\Users\doug\AppData\Local\Temp\GURE8D7.exe
C:\Users\doug\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\doug\AppData\Local\Temp\lowproc.exe
C:\Users\doug\AppData\Local\Temp\mssinstaller.exe
C:\Users\doug\AppData\Local\Temp\oi_{EAF27ACA-F617-4D40-BE17-1DF9A971F973}.exe
C:\Users\doug\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\doug\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\doug\AppData\Local\Temp\stubhelper.dll
C:\Users\doug\AppData\Local\Temp\uninst1.exe
C:\Users\doug\AppData\Local\Temp\{0468C3B4-DF77-4425-AE64-78D734C27188}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\doug\AppData\Local\Temp\{C84CBE4F-B862-4E43-AD5D-9F4DF40A2C35}-GoogleEarth-Win-Bundle-7.1.2.2041.exe
Task: {DC871D0D-56D1-41DF-8D9A-5AB6443CFBE7} - System32\Tasks\DSite
C:\Users\doug\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
http://i739.photobucket.com/albums/xx33/emeraldnzl/FRSTconsole-2.jpg (http://s739.photobucket.com/user/emeraldnzl/media/FRSTconsole-2.jpg.html)
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******************************
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
**********************
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please post:
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt