View Full Version : Not sure what's wrong.
1205512056I ran spybot and there were no issues. When my computer starts there are two dll errors which come up. The issue I am having is when I get to certain sites and need to log in there is sometimes a 2 to 3 minute delay. I have checked internet connection which is fine. I am sure something has affected these dll's.120521205312054
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 01
Ran by Owner (administrator) on OWNER-PC on 11-02-2015 11:52:24
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
() C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\program\soffice.exe
(OpenOffice.org) C:\Program Files\program\soffice.bin
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => "C:\windows\system32\thpsrv" /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [214328 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [33352 2009-07-17] (ATT)
HKLM\...\Run: [Toshiba DetectAC Utility] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe [221184 2010-08-18] ()
HKLM\...\Run: [Toshiba DetectAC Utility1] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe [266240 2010-08-03] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-31] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\Trademanager\npwangwang.dll ( )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: NetDvr_Plugins -> C:\Program Files\NetDvr\Plugins\npDvr.dll (DVR)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: {@alibaba.com/alisetup;version=1.0} -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
FF Extension: Test Pilot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-01-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-17]
FF HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-07-15] (SmithMicro Inc.)
S3 CAATT; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-07-15] (SmithMicro Inc.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-05] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [69632 2008-12-09] (Sophos Plc) [File not signed]
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [98304 2008-12-09] (Sophos Plc) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2012-03-14] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2012-03-14] (ESET)
S3 GT72NDISIPXP; C:\windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2014-12-06] ()
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
S3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-13] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\windows\System32\DRIVERS\savonaccess.sys [85312 2008-07-18] (Sophos Plc) [File not signed]
S4 SophosBootDriver; C:\windows\System32\DRIVERS\SophosBootDriver.sys [20288 2008-05-23] (Sophos Plc) [File not signed]
R3 swmsflt; C:\windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S4 LMIRfsClientNP; No ImagePath
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 11:52 - 2015-02-11 11:54 - 00028402 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-11 11:48 - 2015-02-11 11:52 - 00000000 ____D () C:\FRST
2015-02-11 11:47 - 2015-02-11 11:47 - 00000207 _____ () C:\windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(32-bit).dat
2015-02-11 11:43 - 2015-02-11 11:43 - 01124864 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-02-11 11:40 - 2015-02-11 11:40 - 00000000 ____D () C:\RegBackup
2015-02-11 11:37 - 2015-02-11 11:37 - 04804736 _____ () C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-11 11:36 - 2015-02-11 11:36 - 04804736 _____ () C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-11 11:34 - 2015-02-11 11:38 - 00002156 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Documents\rptEmployee_Sales_Summary.txt
2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Desktop\rptEmployee_Sales_Summary.txt
2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
2015-02-08 09:37 - 2015-02-06 17:10 - 40423424 _____ () C:\Users\Owner\Desktop\SSM_BackupSaturday.ADB
2015-02-02 15:41 - 2015-02-02 15:41 - 00162976 _____ () C:\Users\Owner\Documents\Online Bill Payment.mht
2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
2015-02-02 14:48 - 2015-02-02 15:39 - 00000098 ____H () C:\Users\Owner\Documents\.~lock.password.odt#
2015-01-22 16:56 - 2015-01-20 18:42 - 40093696 _____ () C:\Users\Owner\Desktop\SSM_BackupWednesday.ADB
2015-01-13 22:31 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 22:31 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-13 22:31 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 22:31 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 22:30 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 22:30 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 11:34 - 2012-11-28 13:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job
2015-02-11 11:32 - 2012-10-27 17:25 - 01964450 _____ () C:\windows\WindowsUpdate.log
2015-02-11 11:26 - 2012-11-28 13:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job
2015-02-11 11:25 - 2012-10-27 17:23 - 00071462 _____ () C:\windows\setupact.log
2015-02-11 11:24 - 2012-04-05 16:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 11:24 - 2011-10-26 15:32 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-11 11:24 - 2010-02-07 08:15 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 12:19 - 2011-04-26 21:34 - 00000000 ____D () C:\Salon
2015-02-04 13:35 - 2010-02-07 08:15 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:46 - 2014-01-25 15:14 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-03 14:46 - 2014-01-25 15:14 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-03 14:46 - 2013-01-26 15:22 - 00086912 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00085864 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00031592 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00000000 ____D () C:\Program Files\LogMeIn
2015-02-02 21:30 - 2011-03-31 16:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-02-02 15:39 - 2013-02-09 00:19 - 00026829 _____ () C:\Users\Owner\Documents\password.odt
2015-01-23 17:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 17:31 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 17:08 - 2011-08-28 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-01-22 17:07 - 2011-08-28 09:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-01-22 17:04 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-14 03:31 - 2009-08-31 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-14 03:13 - 2013-08-16 06:59 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 03:01 - 2009-10-23 11:45 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
==================== Files in the root of some directories =======
2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
2011-01-04 20:35 - 2011-01-04 20:35 - 0057649 _____ () C:\Program Files\eula.rtf
2012-08-13 09:57 - 2012-08-13 09:57 - 0012927 _____ () C:\Program Files\readme.html
2012-08-13 09:57 - 2012-08-13 09:57 - 0012558 _____ () C:\Program Files\readme.txt
2012-10-25 12:15 - 2012-12-19 15:44 - 0106623 _____ () C:\Users\Owner\AppData\Roaming\iQmetrixErrorLog.txt
2009-10-28 19:57 - 2012-10-24 10:06 - 0000792 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-06-17 22:30 - 2014-12-03 17:00 - 0130511 _____ () C:\Users\Owner\AppData\Local\ars.cache
2011-06-17 22:30 - 2014-12-03 17:00 - 0522804 _____ () C:\Users\Owner\AppData\Local\census.cache
2010-08-12 10:03 - 2012-05-24 13:53 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-19 11:55 - 2010-05-19 11:55 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-12-03 16:49 - 2014-12-03 16:49 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2013-02-23 13:49 - 2013-02-23 14:00 - 0000808 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplboaik.dll
C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 00:46
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-15 17:33:09
-----------------------------
17:33:09.453 OS Version: Windows 6.1.7601 Service Pack 1
17:33:09.454 Number of processors: 2 586 0x170A
17:33:09.456 ComputerName: OWNER-PC UserName: Owner
17:33:14.882 Initialize success
17:33:15.177 VM: initialized successfully
17:33:15.180 VM: Intel CPU virtualization not supported
17:35:43.434 AVAST engine defs: 15021501
17:41:18.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:41:18.331 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
17:41:18.468 Disk 0 MBR read successfully
17:41:18.473 Disk 0 MBR scan
17:41:18.553 Disk 0 Windows VISTA default MBR code
17:41:18.558 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:41:18.566 Disk 0 default boot code
17:41:18.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295617 MB offset 3074048
17:41:18.646 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8127 MB offset 608497664
17:41:18.691 Disk 0 scanning sectors +625141760
17:41:18.886 Disk 0 scanning C:\windows\system32\drivers
17:41:49.244 Service scanning
17:42:54.412 Modules scanning
17:42:54.425 Disk 0 trace - called modules:
17:42:54.472 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
17:42:54.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be2030]
17:42:54.495 3 CLASSPNP.SYS[8b5ca59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x86be1030]
17:42:54.505 5 thpdrv.sys[8b7d799f] -> nt!IofCallDriver -> [0x861b2308]
17:42:54.515 7 ACPI.sys[8aec33d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x861b3028]
17:42:55.530 AVAST engine scan C:\windows
17:42:59.240 AVAST engine scan C:\windows\system32
17:48:34.151 AVAST engine scan C:\windows\system32\drivers
17:49:02.120 AVAST engine scan C:\Users\Owner
18:38:26.691 AVAST engine scan C:\ProgramData
18:44:44.534 Disk 0 statistics 4790880/0/0 @ 0.81 MB/s
18:44:44.549 Scan finished successfully
19:37:29.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:37:29.883 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
19:37:31.023 Disk 0 MBR read successfully
19:37:31.035 Disk 0 MBR scan
19:37:31.050 Disk 0 Windows VISTA default MBR code
19:37:31.112 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:37:31.339 Disk 0 default boot code
19:37:31.409 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295617 MB offset 3074048
19:37:31.477 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8127 MB offset 608497664
19:37:31.944 Disk 0 scanning sectors +625141760
19:37:32.561 Disk 0 scanning C:\windows\system32\drivers
19:38:14.900 Service scanning
19:39:10.436 Modules scanning
19:39:10.456 Disk 0 trace - called modules:
19:39:10.503 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll
19:39:10.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be2030]
19:39:10.526 3 CLASSPNP.SYS[8b5ca59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x86be1030]
19:39:11.783 AVAST engine scan C:\windows
19:39:56.824 AVAST engine scan C:\windows\system32
19:49:18.899 AVAST engine scan C:\windows\system32\drivers
19:49:41.845 AVAST engine scan C:\Users\Owner
20:44:38.156 AVAST engine scan C:\ProgramData
20:48:27.460 Disk 0 statistics 9581333/0/0 @ 0.73 MB/s
20:48:27.495 Scan finished successfully
22:01:47.618 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\comp repair\MBR.dat"
22:01:47.632 The log file has been saved successfully to "C:\Users\Owner\Desktop\comp repair\aswMBR.txt"
LiquidTension
2015-02-16, 10:59
Hello sewall, welcome to Safer Networking's Malware Removal forum!
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
======================================================
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean".
======================================================
Important: Please disable Spybot's Tea Timer. See here for instructions (http://forums.majorgeeks.com/showthread.php?t=103692&highlight=Teatimer).
STEP 1
http://i.imgur.com/6JO0hXH.png Revo Uninstaller
Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/start_freeware_download.html).
Double-click Revo Uninstaller to run the programme.
From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
Ask Toolbar Updater
Coupon Printer for Windows
Yahoo! Search Protection
Yahoo! Toolbar
Double-click the programme.
When prompted if you want to uninstall click Yes.
Ensure the Moderate option is selected and click Next.
The programme will run. If prompted again click Yes.
Once the built-in uninstaller is finished click Next.
Once the programme has searched for leftovers click Next.
Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
When prompted click Yes, followed by Next.
Click Select all, followed by Delete.
When prompted click Yes, followed by Next.
Once done click Finish.
STEP 2
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
C:\Users\Owner\AppData\Local\AVworks
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
C:\Users\Owner\AppData\Local\Ofpics
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]
C:\Program Files\FreeHDSport.TV
S4 LMIRfsClientNP; No ImagePath
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
Task: {1D9A8049-0B43-4C68-ACE0-387A042E0500} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70980440.sys => ""="Driver"
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
EmptyTemp:
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 3
http://i.imgur.com/E3feWj5.png Junkware Removal Tool (JRT)
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) and save the file to your Desktop.
Create a System Restore Point. For instructions, please refer to the following link (http://windows.microsoft.com/en-GB/windows7/create-a-restore-point) (W7).
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click JRT.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.
STEP 4
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
======================================================
STEP 5
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Did the programmes uninstall OK?
Fixlog.txt
JRT.txt
AdwCleaner[S0].txt
Disabling spybot' I could not disable misc locks. I am only have an admin login but was told I that admin rights were needed. With revo uninstaller the first two "ask toolbar" and "coupon printer" an error code appeared saying something like uninstaller code failed but the programs were uninstalled. Farbar recovery I could not open the notepad as requested , so I manually opened notepad and copied and pasted the requested script and put it in the same folder as requested. here are the requested logs.
fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by Owner at 2015-02-17 21:10:30 Run:1
Running from C:\Users\Owner\Desktop\comp repair
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Ofpics] => C:\Users\Owner\AppData\Local\Ofpics\Dntv7.exe
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [AVworks] => regsvr32.exe C:\Users\Owner\AppData\Local\AVworks\DialogcryptDb.dll <===== ATTENTION
C:\Users\Owner\AppData\Local\AVworks
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [YkPack] => C:\Windows\System32\regsvr32.exe C:\Users\Owner\AppData\Local\Ofpics\ClipHelpspi.dll
C:\Users\Owner\AppData\Local\Ofpics
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CD03EC31-C6F0-447A-AABB-BEDB2D98BB3C&apn_sauid=4CE457E0-1002-4947-AE7A-3EFDC117E69B
BHO: No Name -> {465E08E7-F005-4389-980F-1D8764B3486C} -> No File
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv [2013-10-07]
FF Extension: qualitink - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net [2013-10-07]
FF Extension: FreeHDSport TV 3 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-10-07]
CHR Extension: (qualitink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf [2013-10-07]
CHR Extension: (FreeHDSport TV 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-10-07]
CHR HKLM\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files\FreeHDSport.TV\freehdsporttv10.crx [Not Found]
C:\Program Files\FreeHDSport.TV
S4 LMIRfsClientNP; No ImagePath
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
2015-02-08 09:58 - 2015-02-08 09:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB}
2015-02-02 14:52 - 2015-02-02 14:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC}
C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
Task: {1D9A8049-0B43-4C68-ACE0-387A042E0500} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70980440.sys => ""="Driver"
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
EmptyTemp:
end
*****************
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ofpics => value deleted successfully.
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVworks => value deleted successfully.
C:\Users\Owner\AppData\Local\AVworks => Moved successfully.
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YkPack => value deleted successfully.
C:\Users\Owner\AppData\Local\Ofpics => Moved successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3}" => Key deleted successfully.
HKCR\CLSID\{D0066D9E-66D0-4B66-B1A4-2F5EB076EAE3} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}" => Key deleted successfully.
HKCR\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => Key not found.
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} => value deleted successfully.
HKCR\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} => Key not found.
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\firefox@qualitink.net => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\fhdp3@freehdsp.tv.xpi => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej directory not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf directory not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn" => Key deleted successfully.
"C:\Program Files\FreeHDSport.TV" => File/Directory not found.
LMIRfsClientNP => Service deleted successfully.
RSUSBSTOR => Service deleted successfully.
C:\Users\Owner\AppData\Local\{77C138AC-546E-4EE6-B61B-3657C75071AB} => Moved successfully.
C:\Users\Owner\AppData\Local\{23C437F5-B97E-4761-8217-9D7D91B5F6FC} => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\UNINSTALL.exe => Moved successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9A8049-0B43-4C68-ACE0-387A042E0500}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9A8049-0B43-4C68-ACE0-387A042E0500}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\70980440.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\70980440.sys" => Key deleted successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
EmptyTemp: => Removed 5.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 21:14:19 ====
jrt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Tue 02/17/2015 at 21:25:52.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_power-mixer[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_power-mixer[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
~~~ Files
Successfully deleted: [File] "C:\windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\billeo"
Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{001A7E56-B27B-495D-BDB7-91EBCFD82723}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{012D102C-D5A0-444D-BFA6-7D62125DE616}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{01BA07D7-6692-452D-98BC-38EF4DA504B4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0246BBFA-C68F-42D5-A791-2509F70C4156}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{031FF23D-496D-4642-AD06-0E26BC8D31CB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{04DA626B-0C72-4E12-BE27-1ADB9138884B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{06B08780-D0B8-4077-A0FC-46F7AA66C137}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{09E842B0-1DD0-42D5-AA53-860D3FD164CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0A085D58-F005-4A88-9372-D1FE368A22FA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0D58C62E-2033-45FF-818B-D7DAED89B0B4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0DF27042-BDF6-415B-A659-D4754ED91946}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0E05A60C-C864-4E58-A583-DEAF7672743C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{10C8E6A2-696F-4353-A2C5-DBB407E325C7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{10EECF89-FDCA-4673-A44F-B1D8F5B11A5F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{11CBD1FB-36CA-4511-82B9-31E7A280BA51}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14020C94-0FC7-43B4-B3E6-70404802E489}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14F44474-1335-4777-AEB5-72E33323FF6F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{179611A8-6BC4-4014-8145-B95933C74713}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1887FC0A-0CCD-4A55-995B-094894ADBF0F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1B4C699B-1C8B-4C82-A3DE-1BCCDB8B7D74}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1E10F11E-4A24-42BB-AFBE-CFEDE40529A6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1EABA6A8-75A7-4981-8A9E-A45342AE24F0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{228ED573-8FA3-425C-8190-BA6B22714C42}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{22BF9738-6A16-4267-B00B-4FB58647782B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2672393C-E213-4E50-AE9D-E9A20E6C8418}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2739861C-9365-4091-B0C7-C1CF1E63AD2A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{297BAA65-2742-4F80-8853-341F72C9B546}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{29E87534-7504-43D1-9E79-DD83086F57F7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2ACB9AD2-94D7-412F-81D6-DA6E60F2A496}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2CBCD7F6-845F-47EA-BAEF-18DB325A42C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D0B905F-ACDE-4430-995F-B926D3C8D3E3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2E24F62A-7EA2-4474-AAA0-F9050C9765F8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{30070DBA-81AE-4B2D-A68D-E676EC869EB6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36772568-3422-44D4-8F1B-01C3C1238E46}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36FA55E8-07DE-4235-8B3F-76399516BFD6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{385C44AA-E95C-42B9-B052-53D7CF622CA4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{39862A29-6324-4B94-88FB-D14FD933F745}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{39F54E47-C80E-48EA-A8B2-294A62DD887D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3CC3F1B3-4D18-46F3-976C-D7838CBC6E99}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3D9D7AB5-9178-4FCC-B025-A5BFF31055DA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{41F013C4-74EB-47EE-94DF-22B9D321CE2C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{42ADC149-C197-43CA-97B3-6FF8069B630F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{453BF278-0800-4DFF-9444-37CA105348D0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{453E7D4C-5571-4CCF-A734-C75CDCEFC418}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{46DFBBAF-5947-4A5E-90C8-A6401BCFA4E9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{48DDFF4F-9A37-4575-8C8E-BABCA0C520DF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4A1C44FE-EE90-4B50-A782-1EFED244A1B4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4B04F3A2-CCB1-41B1-8909-5008C1F5B0B0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4DD301B7-471F-4B8F-8D32-7C6FF6F82E5E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4DFED509-7F45-45D4-949E-F00E83AC25ED}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4F725308-F144-4511-BB81-7ABA095CB6ED}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{52BB6B5D-120D-4D72-87AF-77238CFAE863}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{56A6802A-FB43-4B00-A9E2-75735340F50F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{59AE93A3-A825-4C85-AF86-0908FEB11C17}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5AFF9CFE-F124-4DF1-A2E1-7AA67B10B88C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5BAB9129-9C68-409B-927D-2A051DC10317}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5CE0D68C-8FCB-4D18-AB31-ED61AF60A6C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5F8A6DF9-2F5A-4570-AE33-8F0134A8E1E5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{61272315-72D8-456B-AFEE-2115CFB9C6C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{642E4F2B-1973-4685-A936-8DF35A09CBC4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{66150DA1-9324-4D72-9A62-3A740A75B390}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{666B5647-5672-49E4-82BB-55B7D67C4477}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6AD53552-E731-42FF-BDC5-6FE0DE9FB1F0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6B191835-D995-48B5-A3E6-63C5153B282A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6B336146-8B82-426D-875D-EE05896C7A76}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6BDF375A-19C8-495B-A970-9E771078ACDD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6FC4D5C7-0AE0-4A29-B339-E4418C90E7AF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{728CEB4E-4F49-4598-B56D-FDA73EF45FE9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{730A6ACA-2385-48BB-BCE9-A334418582DE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{74B11824-9015-45F7-91FC-E4E756B6F523}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{76A09623-F2F7-45D5-B0F7-03741B46FF0E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{76C6E69D-C63A-4768-A68B-E47E0E811E1D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{78401CD4-FE0F-4BBF-A387-EB681D2A11F6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{79CF8C84-70D7-4A3A-A2B6-5E691039CD53}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7E128E5B-BE45-4334-B731-743FCAEFB0D0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F1E1803-D0DB-4A16-8A86-09D6B54BE8C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F2CD076-5404-4161-9D6C-641B4384D33B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{80A06C5D-0A07-4E77-93A2-7CC13B002A75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{82C18937-9B46-4BAC-806A-CF694C58E45D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{835F925C-FDCD-46DB-98CC-B29AE52D4863}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{84865027-6B97-4128-8721-A717F9DEFFF7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{84BCA402-BE27-45BB-B497-769B6611ACAF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{862FCB85-75FF-4D7A-8A1E-D63A20B9AA15}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8747431F-B557-4AB3-933A-2E77B79C55D9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{878A2EB8-1347-4B61-B539-4A9B29F06051}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{89D73EEC-41B4-4198-94A1-B461CF3FA311}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AE42D41-4191-4B05-A74A-A0E614D407C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AF6A9B1-17DC-46B9-85F1-477B9D52912E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C3E2896-FC07-4D7B-A28D-9FCA75CDACDF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C883421-B32A-45C5-8578-D9861B669454}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8CB59A61-5125-4403-B025-5AE208854ABD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D35DCAB-D699-4A79-AFF8-15D75EC726FA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8EF5F38D-07F9-41F6-9C1C-A48A04FDD806}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{908AC5E5-896C-490F-8B7A-6A8516B73F55}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{909F9A62-C3F6-47DE-A755-7D3561D56CFF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92D26F99-E3F5-4B59-8918-7555DCE563CD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92DA00F9-AC1D-4700-86F5-412DF953C2B7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{93B6F080-8406-43A2-8341-B6EB52529680}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{93F29AE6-4F08-497B-B14D-F8BF5FD456D2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9899763A-E0D7-45F4-B217-C75D4CE60194}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9904CAD0-0992-48A8-8C13-8BEB4B78CE5E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{99D33435-882F-47D5-B2CB-C4046F576FC9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DBC7F97-5159-415C-A6B6-B83503F145B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DF31EB2-58A2-4121-9B7E-96C93B603777}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9EA46F5C-39DA-4DD4-B54D-D31B1C493670}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A0E803EF-F2EF-413B-ADF4-ACF651B3CA09}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A51B0782-11DF-4749-A26E-1E1CF87F5185}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A56CF317-320A-410D-9102-A0D2174C93D0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A69F01ED-1C05-48A9-B6C5-0A26F9CD3EA3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A9ADDF91-3578-4DE8-BD8A-98BA1B978090}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AA205B8B-1979-4FEA-B9ED-5E5EB0CA3DB3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AB6672E7-A054-4903-BDB1-54E860EB7F73}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AF440940-F9C1-4210-B862-F5CDF3B44F57}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B004D6A8-6D8B-4A47-86C8-AFD5D3E7FF62}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B283773C-72F4-4EBF-BDE4-22B1AC1392F3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B350E0D9-12D1-4AA7-9FFF-1C4A590CD85C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B4C864F0-814D-4F04-8D90-EE0BAC9B798C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B4F0BD09-1287-4C65-914C-8DC2E6C1FFB3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCC227F1-41FF-4364-BD4F-AC1FF4F9863C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCDEC147-188E-4437-B227-3756115B3EDD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BED5C0CF-ADD0-4BB7-864F-1802652179B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C275BC5C-36B4-40CB-AF6D-0704495800FF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3BA092C-B14A-450B-BCCD-1A1510EE4CA9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3F93260-4D52-4532-95F9-7463FAE5A4E7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5173184-62AB-4E6D-BD34-40C0B73D67B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C65A0F05-D0E8-477D-B032-9704347BFDB4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C68E1C85-4BE6-4346-934A-BA0DA2332552}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C6E67D74-FAE8-418C-8D77-39A394A29E9F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C8397526-C76C-4C5A-B7AE-CE1C5B20ABF6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C8438B72-7A31-43B8-BB93-1491E7E61B28}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CACDAB9F-A2F3-44AA-BA2B-29524DCAE43C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CDE6A5AB-A71F-4884-A32B-623E8E9F3240}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CEC49E07-AAFC-4688-BB90-5C9CC7182AD2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CFFBF36B-2223-4C87-9780-9F22151F240B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D04721DD-899C-46BF-B341-E2CAF24E0692}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D1FAB4BD-6D9D-45E7-A1A1-E5F5DA9F7971}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D3B3025F-0B21-42D8-AB6C-A2FB846DE730}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D3FDE3B5-F94A-42AF-9C00-6A53EEF8F8C4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D5C99206-FF10-4DDB-A0E8-302723108182}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D785EC90-D4B4-4157-88F0-78C0AA597F4F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D7E53466-A295-4596-9CDE-CA2CEFDA2A81}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D8CD4EA0-221C-42D3-896D-8039DD63A378}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D915A9CA-74F3-49D2-9211-D68E608780D5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DB1F4A8E-BFC7-4653-AD32-ED2325DC7BA1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DC710D22-8730-4188-9EBC-A205786D14C2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DE01E16A-F3B5-4D7F-868E-481182E07020}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DE5A5545-10ED-4F9C-A5F4-CB92FD385475}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DEFD9AF7-C5AC-4375-BA8B-5CC57D61CF7E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF9B1737-B66A-458A-9F46-50B9A052C85D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E1467328-46AA-4691-9F37-4D8EA6BCCD2F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E22814A6-7377-4B7D-A972-9CA92C5ABFEB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E25B40DB-DE80-4241-B51A-08E445902E97}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E2E396A3-804B-4AC4-AFF5-C136A1BB2C42}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E4A2EBE4-28FC-4C6E-BA7E-6039C38922B5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E4C0B5A2-90EF-4708-9C4E-A2E7E2067934}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E7BCD36F-553F-4FEB-9C60-291A7FEE18F6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EBB5ACCF-C245-4E1D-A2BA-64F19B92F770}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EC656D6D-E984-4801-A3BD-8CEFDDDB5D82}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ED9EA37E-7215-48B0-A3C7-3998464D26E8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F2960F82-1A35-41D3-8652-10374F0E4CC7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F29BC553-54F6-44C2-847C-18F3163B5E4F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F3071D3F-788E-481A-9D44-8F9D7FA704A7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F48CB2B2-D698-4024-B972-336D4316B1D8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F79B1906-A341-481B-91E2-4254D3358D95}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7B6B41B-A6FA-44C8-A50B-A77DB2B5E5C3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F842D080-F8B1-4827-834C-1C3463343873}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F917A9D3-01BA-4708-97D0-B779BB6C033D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9BCDF60-136C-4908-A344-F22C0651F8C0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA4E6888-3A87-4770-A6EC-41A75A3C357B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FC25F54C-87AA-41AF-A14D-142F24D144A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FC7CDF1F-E431-42ED-BC07-0BA516E026A8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FED57D5B-5FA1-46AB-BD6A-E23C3E7BD4B6}
~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search.xml"
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\invalidprefs.js
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\f516h429.default\prefs.js
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "80609c6a00000000000000225ffc53fb");
user_pref("extensions.delta.instlDay", "15985");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.619:31:50");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=125311&tsp=5028");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 21:29:42.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.110 - Logfile created 17/02/2015 at 21:37:19
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : YahooAUService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\Coupons
Folder Deleted : C:\Program Files\LSHunter.TV
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\LSHunter.TV
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\search.xml
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\536d8d9bd6fea10
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-
AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-
7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-
FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-
FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-
371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-
12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-
FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-
EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-
F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-
B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-
07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-
78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-
88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-
8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-
3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-
CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-
924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-
36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-
A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-
592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-
A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-
74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-
984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-
7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-
DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-
B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-
8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-
6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-
9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-
9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-
9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-
FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-
303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-
201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-
03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-
4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-
4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-
E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-
9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-
6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-
D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-
2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-
D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-
68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-
152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-
B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-
C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights
\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v10.0.2 (en-US)
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [6561 bytes] - [17/02/2015 21:33:57]
AdwCleaner[S0].txt - [6622 bytes] - [17/02/2015 21:37:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6681 bytes]
##########
LiquidTension
2015-02-18, 12:33
Hello,
With revo uninstaller the first two "ask toolbar" and "coupon printer" an error code appeared saying something like uninstaller code failed but the programs were uninstalled.
Thank you for letting me know.
Please open FRST.exe. Ensure Addition.txt has a checkmark and click Scan. Copy/paste the contents of FRST.txt and Addition.txt.
Thanks. Please call me wayne
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Owner at 2015-02-18 09:51:59
Running from C:\Users\Owner\Desktop\comp repair
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advantage Software (HKLM\...\Advantage Software) (Version: - )
AliSetup 0.1.0.52 (HKLM\...\AliSetup) (Version: 0.1.0.52 - °˘Ŕď°Í°ÍŁ¨ÖĐąúŁ©ÓĐĎŢą«Ëľ)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Communication Manager (HKLM\...\{A04929ED-DBF8-4FAE-96E1-AA9A93B8E0A9}) (Version: 7.00.0058.0 - AT&T)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Aurora 19.0a2 (x86 en-US) (HKLM\...\Aurora 19.0a2 (x86 en-US)) (Version: 19.0a2 - Mozilla)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CyberFlashing (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\cc9402a8f5ffe20e) (Version: 2.2.0.2 - CyberFlashing)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{EF181DC1-0ECB-4546-9772-C3C3F58E5747}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
F2400 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
FileZilla Client 3.4.0 (HKLM\...\FileZilla Client) (Version: 3.4.0 - )
Geek Squad 24 Hour Computer Support (HKLM\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Invoice Magic 2.10.7.1 (HKLM\...\Invoice Magic) (Version: 2.10.7.1 - Powernet Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LogMeIn (HKLM\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0a2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NetDvrPlugin 1.0 (HKLM\...\NetDvrPlugin) (Version: 1.0 - )
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Nitro Reader 3 (HKLM\...\{E12CDEE0-AFF5-4D71-B365-F3F09A9926D3}) (Version: 3.5.1.8 - Nitro)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sophos Anti-Virus (HKLM\...\{034759DA-E21A-4795-BFB3-C66D17FAD183}) (Version: 7.6.2 - Sophos Plc)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Splashtop Remote Client (HKLM\...\InstallShield_{14850F23-BCB2-4A1B-9C60-5DC08B7C4FF1}) (Version: 1.1.6.0 - Splashtop Inc.)
Splashtop Remote Client (Version: 1.1.6.0 - Splashtop Inc.) Hidden
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.2.5.1 - Splashtop Inc.)
Splashtop Streamer (Version: 2.2.5.1 - Splashtop Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
tazti 2.0.2 (HKLM\...\{9C1C4E8D-6F79-495E-8C9A-FAAC8A31BEAB}) (Version: 2.0.2 - Voice Tech Group, Inc.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
Toshiba DetectAC Utility (HKLM\...\InstallShield_{0AA15BEA-12D6-44FC-B3B2-C97B77AB6AF4}) (Version: 1.00.0014 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.9.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}) (Version: 4.01.01.00 - TOSHIBA)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}) (Version: 4.01.01.00 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TradeManager 2011 SP3 (HKLM\...\TradeManager 2011 SP3) (Version: - Alisoft)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)
Web CEO 10.0 (HKLM\...\WebCEO70_is1) (Version: 10.0 - Web CEO Ltd.)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{64677634-F8BA-429F-BBD8-08330E9F31E3}\InprocServer32 -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\Trademanager\modules\8003\GraffitiGUI.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-02-2015 11:53:59 Windows Update
12-02-2015 03:00:41 Windows Update
13-02-2015 11:38:50 Windows Update
17-02-2015 07:55:03 Windows Update
17-02-2015 20:46:51 Revo Uninstaller's restore point - Ask Toolbar Updater
17-02-2015 20:52:13 Revo Uninstaller's restore point - Coupon Printer for Windows
17-02-2015 20:55:23 Revo Uninstaller's restore point - Yahoo! Search Protection
17-02-2015 20:57:56 Revo Uninstaller's restore point - Yahoo! Toolbar
17-02-2015 21:10:31 Restore Point Created by FRST
18-02-2015 09:44:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2013-04-11 17:25 - 00444735 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16CEA78A-4902-4C53-9065-92E564F61B1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {2274680B-26AE-44DA-A33B-1149EB36808D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {25D14CD6-5440-411B-B527-18EF9459E680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {2E279D9B-2974-44A4-B33C-7B70C5D8AC0D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {3A97DE10-6C18-4FA8-9420-2DDD31617F85} - System32\Tasks\{ABDA2FBB-DAC8-404D-BADE-BE4F4D22CFEE} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {477873BE-8BFE-48C8-974A-F5E9EF0CF3F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {4E73B394-3DA6-4E53-B893-A75006755B00} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6A45AB7B-BF71-489F-8F23-F9240B0A99DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {763AB877-1446-49CE-ABEA-3F9C4223E91D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8755378F-0EE1-45DB-B260-6012795BC2D3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8B8069B6-241F-42C7-BC46-A5425904CABA} - System32\Tasks\{8D9C3A4F-4548-4795-B97D-4A356382F344} => pcalua.exe -a "C:\Program Files\Power Mixer\Uninst.exe"
Task: {BB910B01-E72C-490C-B1FF-158F0369CEA7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BBFD9DF5-9C08-4375-995C-34CABEC39EB3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C66E260D-38B9-433F-9C5F-1D0AF9F95F0E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CDEF0D9F-09A9-4482-85D2-4E93D374C43E} - System32\Tasks\{322D294C-CE97-4FD5-965A-5FF26D5F19E8} => pcalua.exe -a C:\install.exe -d C:\
Task: {CE971DEA-C59B-4416-81A0-8A0AC10C42B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DED4C60D-7082-40D0-BACD-5694CAA51371} - System32\Tasks\{7C592588-411D-46B1-9908-687F727889AA} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTMLW0HP\billeo-home-setup[1].exe" -d C:\Users\Owner\Desktop
Task: {EBE6F388-949A-4B73-B4FE-F792BA07F36F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-03-27 15:11 - 2011-03-27 15:11 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-07-16 17:27 - 2009-07-16 17:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 17:27 - 2009-07-16 17:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-31 22:05 - 2009-06-22 17:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 13:07 - 2009-07-25 13:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-08-18 09:44 - 2010-08-18 09:44 - 00221184 _____ () C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-30 21:28 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-30 21:28 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-17 22:03 - 2015-02-17 22:03 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgteew.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\program\libxml2.dll
2015-02-17 22:02 - 2015-02-17 22:02 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32api.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pywintypes27.dll
2015-02-17 22:02 - 2015-02-17 22:02 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pythoncom27.dll
2015-02-17 22:02 - 2015-02-17 22:02 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_socket.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_ssl.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_hashlib.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._core_.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._windows_.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._controls_.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._misc_.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_elementtree.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\pyexpat.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_ctypes.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32file.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32security.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32gui.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32event.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32inet.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32crypt.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._html2.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32process.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\unicodedata.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._wizard.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32pipe.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32pdh.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\select.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32profile.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\win32ts.pyd
2015-02-17 22:02 - 2015-02-17 22:02 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI36442\wx._animate.pyd
2009-09-17 14:36 - 2009-09-17 14:36 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-02-06 01:56 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 01:56 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 01:56 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2723962228-3673826885-3304129383-500 - Administrator - Disabled)
Guest (S-1-5-21-2723962228-3673826885-3304129383-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2723962228-3673826885-3304129383-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-2723962228-3673826885-3304129383-1012 - Administrator - Enabled)
Owner (S-1-5-21-2723962228-3673826885-3304129383-1001 - Administrator - Enabled) => C:\Users\Owner
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6490
Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6490
Error: (02/17/2015 10:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz
Percentage of memory in use: 56%
Total physical RAM: 2936.94 MB
Available physical RAM: 1275.21 MB
Total Pagefile: 5872.17 MB
Available Pagefile: 3508.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.9 MB
==================== Drives ================================
Drive c: (TI102763W0F) (Fixed) (Total:288.69 GB) (Free:199.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 80460331)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Owner (administrator) on OWNER-PC on 18-02-2015 09:48:07
Running from C:\Users\Owner\Desktop\comp repair
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
() C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\program\soffice.exe
(OpenOffice.org) C:\Program Files\program\soffice.bin
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => "C:\windows\system32\thpsrv" /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [214328 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [33352 2009-07-17] (ATT)
HKLM\...\Run: [Toshiba DetectAC Utility] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe [221184 2010-08-18] ()
HKLM\...\Run: [Toshiba DetectAC Utility1] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe [266240 2010-08-03] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-31] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\Trademanager\npwangwang.dll ( )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: NetDvr_Plugins -> C:\Program Files\NetDvr\Plugins\npDvr.dll (DVR)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: {@alibaba.com/alisetup;version=1.0} -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Test Pilot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-01-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-17]
FF HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-17]
CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-07-15] (SmithMicro Inc.)
S3 CAATT; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-07-15] (SmithMicro Inc.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-05] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [69632 2008-12-09] (Sophos Plc) [File not signed]
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [98304 2008-12-09] (Sophos Plc) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2012-03-14] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2012-03-14] (ESET)
S3 GT72NDISIPXP; C:\windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2014-12-06] ()
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
S3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-13] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\windows\System32\DRIVERS\savonaccess.sys [85312 2008-07-18] (Sophos Plc) [File not signed]
S4 SophosBootDriver; C:\windows\System32\DRIVERS\SophosBootDriver.sys [20288 2008-05-23] (Sophos Plc) [File not signed]
R3 swmsflt; C:\windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 21:33 - 2015-02-17 21:37 - 00000000 ____D () C:\AdwCleaner
2015-02-17 21:33 - 2015-02-17 21:33 - 02112512 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2015-02-17 21:30 - 2015-02-17 21:30 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (2).exe
2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2015-02-17 20:45 - 2015-02-17 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-17 20:44 - 2015-02-17 20:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2015-02-17 20:43 - 2015-02-17 20:44 - 10801480 _____ (VS Revo Group ) C:\Users\Owner\Downloads\RevoUninProSetup.exe
2015-02-17 18:21 - 2015-02-17 18:21 - 00002176 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-17 08:02 - 2015-02-17 22:03 - 00000000 ___RD () C:\Users\Owner\Google Drive
2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Documents\Google Drive.lnk
2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Desktop\Google Drive.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001971 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001969 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001959 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-12 09:31 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 09:30 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 14:30 - 2015-02-18 09:48 - 00000000 ____D () C:\Users\Owner\Desktop\comp repair
2015-02-11 12:07 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:07 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 12:07 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 12:07 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 12:07 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 12:07 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 12:07 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 12:07 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 12:07 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 12:07 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 12:07 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 12:07 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 12:07 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 12:07 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 12:05 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-11 12:05 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 12:04 - 2015-02-03 21:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 12:04 - 2015-02-03 21:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 12:04 - 2015-01-27 18:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 12:04 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 12:04 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 12:04 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 12:04 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 12:04 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 12:04 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 12:04 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 12:04 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:04 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 12:04 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:04 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 12:04 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 12:04 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 12:04 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 12:04 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 12:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 12:03 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 12:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 12:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 12:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 12:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 12:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 12:03 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 12:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 12:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 12:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 12:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 12:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 12:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 12:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 12:02 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 12:02 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-11 12:02 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-11 12:00 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 11:48 - 2015-02-18 09:48 - 00000000 ____D () C:\FRST
2015-02-11 11:47 - 2015-02-11 11:47 - 00000207 _____ () C:\windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(32-bit).dat
2015-02-11 11:40 - 2015-02-11 11:40 - 00000000 ____D () C:\RegBackup
2015-02-11 11:36 - 2015-02-11 11:36 - 04804736 _____ () C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-11 11:34 - 2015-02-11 11:38 - 00002156 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-08 09:59 - 2015-02-08 09:59 - 00009039 _____ () C:\Users\Owner\Desktop\rptEmployee_Sales_Summary.txt
2015-02-02 15:41 - 2015-02-02 15:41 - 00162976 _____ () C:\Users\Owner\Documents\Online Bill Payment.mht
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 09:47 - 2012-10-27 17:25 - 01739729 _____ () C:\windows\WindowsUpdate.log
2015-02-18 09:46 - 2012-11-28 13:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job
2015-02-18 09:45 - 2012-10-27 17:23 - 00072302 _____ () C:\windows\setupact.log
2015-02-18 09:45 - 2012-04-05 16:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 09:45 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 09:45 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 09:44 - 2011-10-26 15:32 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-17 22:05 - 2011-08-28 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-02-17 22:05 - 2011-08-28 09:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-02-17 22:03 - 2014-01-25 15:14 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-17 22:03 - 2014-01-25 15:14 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-17 22:02 - 2010-02-07 08:15 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 22:02 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-17 21:15 - 2012-11-29 03:27 - 00170304 _____ () C:\windows\PFRO.log
2015-02-17 20:59 - 2009-12-16 09:57 - 00000000 ____D () C:\Program Files\Yahoo!
2015-02-17 20:55 - 2009-12-16 10:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
2015-02-17 19:27 - 2012-06-25 21:35 - 00000000 ____D () C:\Users\Owner\Documents\My Received Files
2015-02-17 19:24 - 2011-04-30 14:47 - 00000000 ____D () C:\Users\Owner\Documents\spa
2015-02-17 17:04 - 2009-07-13 23:53 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-17 11:04 - 2012-11-28 13:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job
2015-02-17 08:02 - 2009-10-23 11:18 - 00000000 ____D () C:\Users\Owner
2015-02-17 07:59 - 2009-10-23 12:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-17 07:59 - 2009-08-31 22:07 - 00000000 ____D () C:\Program Files\Google
2015-02-13 16:45 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2015-02-13 16:06 - 2011-04-26 21:34 - 00000000 ____D () C:\Salon
2015-02-13 11:42 - 2011-08-28 09:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 03:46 - 2009-07-13 23:33 - 00456056 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 03:41 - 2014-12-10 03:36 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 03:41 - 2014-04-24 02:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 03:23 - 2013-08-16 06:59 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 03:10 - 2009-10-23 11:45 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-12 03:08 - 2009-09-17 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 12:47 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-02-11 12:04 - 2009-08-31 22:06 - 00779172 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 13:35 - 2010-02-07 08:15 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:46 - 2013-01-26 15:22 - 00086912 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00085864 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00031592 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00000000 ____D () C:\Program Files\LogMeIn
2015-02-02 21:30 - 2011-03-31 16:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
==================== Files in the root of some directories =======
2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
2011-01-04 20:35 - 2011-01-04 20:35 - 0057649 _____ () C:\Program Files\eula.rtf
2012-08-13 09:57 - 2012-08-13 09:57 - 0012927 _____ () C:\Program Files\readme.html
2012-08-13 09:57 - 2012-08-13 09:57 - 0012558 _____ () C:\Program Files\readme.txt
2012-10-25 12:15 - 2012-12-19 15:44 - 0106623 _____ () C:\Users\Owner\AppData\Roaming\iQmetrixErrorLog.txt
2009-10-28 19:57 - 2012-10-24 10:06 - 0000792 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-06-17 22:30 - 2014-12-03 17:00 - 0130511 _____ () C:\Users\Owner\AppData\Local\ars.cache
2011-06-17 22:30 - 2014-12-03 17:00 - 0522804 _____ () C:\Users\Owner\AppData\Local\census.cache
2010-08-12 10:03 - 2012-05-24 13:53 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-19 11:55 - 2010-05-19 11:55 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-12-03 16:49 - 2014-12-03 16:49 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2013-02-23 13:49 - 2013-02-23 14:00 - 0000808 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgteew.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 13:17
==================== End Of Log ============================
LiquidTension
2015-02-18, 20:21
Hi Wayne,
Lets check for malware remnants.
Please do the following.
STEP 1
http://i.imgur.com/GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)
Open Malwarebytes Anti-Malware and click Update Now.
Once updated, click the Settings tab and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply.
STEP 2
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Hide advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click Finish.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
STEP 3
http://i.imgur.com/mlEX1wH.png RogueKiller
Please download RogueKiller (x32) (http://www.bleepingcomputer.com/download/roguekiller/dl/121/) and save the file to your Desktop.
Close any running programmes.
Right-Click RogueKiller.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
A browser window may open. Close the browser window.
Click http://i.imgur.com/jpgUwzp.png. Upon completion, click http://i.imgur.com/phPvmc6.png.
Close the programme. Do not fix anything!
A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
Note: If RogueKiller is unable to run, please retry. If you find after several attempts the programme will still not run, please rename RogueKiller.exe to winlogon.exe and try again.
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
MBAM Log
ESET Log
RKreport.txt
So I completed the steps. Here are the files
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/18/2015
Scan Time: 3:58:05 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.18.08
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 327240
Time Elapsed: 17 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, Quarantined, [2de51307c0ca61d543aa152e35ce4fb1],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, Quarantined, [967c170339513afc8a636ad941c20cf4],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\UNINSTALL.exe.xBAD a variant of Win32/Toolbar.iMedix.A potentially unwanted application
C:\Users\Owner\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Windows\Installer\e3fd637.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Scan -- Date : 02/18/2015 19:38:05
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe(1524) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll[7] -> Unloaded
¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1C8AE68F-EADE-4AF3-B5CC-BCB3255A71F1} | DhcpNameServer : 209.183.35.23 209.183.33.23 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome.dll) NETAPI32.dll - NetGetJoinInformation : C:\windows\system32\wkscli.dll @ 0x73e72c3f
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenServiceW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b92
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - CloseServiceHandle : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b4a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - OpenSCManagerW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b82
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ADVAPI32.dll - StartServiceW : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411ba2
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5c411b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x5bfbfa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files\Google\Chrome\Application\chrome.exe @ 0xf2b5fd (jmp 0xffffffff895e4cf5)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] dba07aa1bc1832356d9f0f4d69fc2170
[BSP] 290c22aaaab728af5823c5614cfadfce : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
LiquidTension
2015-02-19, 13:32
Hello Wayne,
Please delete this file: C:\Windows\Installer\e3fd637.msi
Right-Click your Recycle Bin and click Empty afterwards.
How is your computer performing? Do you have any outstanding issues or concerns?
I have completed the final steps and the dll errors are no longer there on boot up. I still get an ERNDT error which is from ERUNT - The Emergency Recovery Utility NT. Should I uninstall this program? I installed it to try and fix what you were able to do.
My computer is running much better, however it seems very slow on start up. I installed google chrome as suggested and the first time I open it after starting my computer it opens and is blank for around a minute before it seems to connect. I noticed and my very last reboot my internet icon in the sys tray disappeared for a minute or so and chrome of course would not connect. Then it popped up and all was good. Any thoughts.
Lastly what type of virus protection firewall etc would you suggest. My laptop is used from home 95% of the time.
Thanks again
Wayne
LiquidTension
2015-02-20, 12:25
Hi Wayne,
Please uninstall ERUNT. Also uninstall Sophos Anti-Virus.
Lastly what type of virus protection firewall etc would you suggest. My laptop is used from home 95% of the time.
You have ESET Smart Security installed. This is a high-end security suite, which includes a Firewall. The programme is outdated, so you may wish to update to the latest version. Open the programme, click Update and under Product update, click Check for updates.
I will provide a list of recommended reading material and other programmes that will help reduce the risk of reinfection at the end of this process.
------------
Let me know if the following helps with Chrome:
Please backup your Chrome Bookmarks. Instructions here (http://www.wikihow.com/Export-Bookmarks-from-Chrome).
Now Reset Chrome. Instructions here (https://support.google.com/chrome/answer/3296214?hl=en).
Regarding your slow boot - we can look into this once you've addressed the points above.
I unistalled the two programs and updated chrome. Eset was out of date due to lack of a current registration. I was looking at the differences between esset 5 and 7 when I hit the back button to chrome and it said this site my contain viruses. I am so sorry. Did i screw up all nyour good work. Have not paid for the renewal yet.
Thanks
LiquidTension
2015-02-20, 20:31
Hello Wayne,
ESET Smart Security 8 is the lastest version of the programme.
If you do not wish to renew your ESET license, I suggest you consider uninstalling ESET and installing ONE of the following free programmes:
avast! Free Anti-Virus (http://www.avast.com/en-gb/download-thank-you.php?product=FA-ONLINE&locale=en-gb)
Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions)
From personal experience, ESET Smart Security is a very good product.
I was looking at the differences between esset 5 and 7 when I hit the back button to chrome and it said this site my contain viruses.
Have any malware-related issues started occurring?
You're probably OK, but we can double-check.
Please open FRST. Ensure Addition.txt has a checkmark and click Scan. Two logs (FRST.txt and Addition.txt) will open. Copy the contents of both logs and paste in your next reply.
N o issues. Here are the logs. Which do you prefer avast or microsoft. Do I need a firewall? Should I also run sbybot automatically on open? Any thoughts on the slow boot.
Thanks
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by Owner at 2015-02-20 15:36:53
Running from C:\Users\Owner\Desktop\comp repair
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advantage Software (HKLM\...\Advantage Software) (Version: - )
AliSetup 0.1.0.52 (HKLM\...\AliSetup) (Version: 0.1.0.52 - °˘Ŕď°Í°ÍŁ¨ÖĐąúŁ©ÓĐĎŢą«Ëľ)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Communication Manager (HKLM\...\{A04929ED-DBF8-4FAE-96E1-AA9A93B8E0A9}) (Version: 7.00.0058.0 - AT&T)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Aurora 19.0a2 (x86 en-US) (HKLM\...\Aurora 19.0a2 (x86 en-US)) (Version: 19.0a2 - Mozilla)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CyberFlashing (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\cc9402a8f5ffe20e) (Version: 2.2.0.2 - CyberFlashing)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Smart Security (HKLM\...\{EF181DC1-0ECB-4546-9772-C3C3F58E5747}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
F2400 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
FileZilla Client 3.4.0 (HKLM\...\FileZilla Client) (Version: 3.4.0 - )
Geek Squad 24 Hour Computer Support (HKLM\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Invoice Magic 2.10.7.1 (HKLM\...\Invoice Magic) (Version: 2.10.7.1 - Powernet Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LogMeIn (HKLM\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0a2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NetDvrPlugin 1.0 (HKLM\...\NetDvrPlugin) (Version: 1.0 - )
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Nitro Reader 3 (HKLM\...\{E12CDEE0-AFF5-4D71-B365-F3F09A9926D3}) (Version: 3.5.1.8 - Nitro)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Splashtop Remote Client (HKLM\...\InstallShield_{14850F23-BCB2-4A1B-9C60-5DC08B7C4FF1}) (Version: 1.1.6.0 - Splashtop Inc.)
Splashtop Remote Client (Version: 1.1.6.0 - Splashtop Inc.) Hidden
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.2.5.1 - Splashtop Inc.)
Splashtop Streamer (Version: 2.2.5.1 - Splashtop Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
tazti 2.0.2 (HKLM\...\{9C1C4E8D-6F79-495E-8C9A-FAAC8A31BEAB}) (Version: 2.0.2 - Voice Tech Group, Inc.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
Toshiba DetectAC Utility (HKLM\...\InstallShield_{0AA15BEA-12D6-44FC-B3B2-C97B77AB6AF4}) (Version: 1.00.0014 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.9.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}) (Version: 4.01.01.00 - TOSHIBA)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}) (Version: 4.01.01.00 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TradeManager 2011 SP3 (HKLM\...\TradeManager 2011 SP3) (Version: - Alisoft)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)
Web CEO 10.0 (HKLM\...\WebCEO70_is1) (Version: 10.0 - Web CEO Ltd.)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\Trademanager\AliIMX.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{64677634-F8BA-429F-BBD8-08330E9F31E3}\InprocServer32 -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\Trademanager\modules\8003\GraffitiGUI.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\Trademanager\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-02-2015 03:00:41 Windows Update
13-02-2015 11:38:50 Windows Update
17-02-2015 07:55:03 Windows Update
17-02-2015 20:46:51 Revo Uninstaller's restore point - Ask Toolbar Updater
17-02-2015 20:52:13 Revo Uninstaller's restore point - Coupon Printer for Windows
17-02-2015 20:55:23 Revo Uninstaller's restore point - Yahoo! Search Protection
17-02-2015 20:57:56 Revo Uninstaller's restore point - Yahoo! Toolbar
17-02-2015 21:10:31 Restore Point Created by FRST
18-02-2015 09:44:41 Windows Update
20-02-2015 07:44:06 Removed Sophos Anti-Virus
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2013-04-11 17:25 - 00444735 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16CEA78A-4902-4C53-9065-92E564F61B1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {2274680B-26AE-44DA-A33B-1149EB36808D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {25D14CD6-5440-411B-B527-18EF9459E680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {2E279D9B-2974-44A4-B33C-7B70C5D8AC0D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {3A97DE10-6C18-4FA8-9420-2DDD31617F85} - System32\Tasks\{ABDA2FBB-DAC8-404D-BADE-BE4F4D22CFEE} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {477873BE-8BFE-48C8-974A-F5E9EF0CF3F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {4E73B394-3DA6-4E53-B893-A75006755B00} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6A45AB7B-BF71-489F-8F23-F9240B0A99DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {763AB877-1446-49CE-ABEA-3F9C4223E91D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8755378F-0EE1-45DB-B260-6012795BC2D3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8B8069B6-241F-42C7-BC46-A5425904CABA} - System32\Tasks\{8D9C3A4F-4548-4795-B97D-4A356382F344} => pcalua.exe -a "C:\Program Files\Power Mixer\Uninst.exe"
Task: {BB910B01-E72C-490C-B1FF-158F0369CEA7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BBFD9DF5-9C08-4375-995C-34CABEC39EB3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C66E260D-38B9-433F-9C5F-1D0AF9F95F0E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CDEF0D9F-09A9-4482-85D2-4E93D374C43E} - System32\Tasks\{322D294C-CE97-4FD5-965A-5FF26D5F19E8} => pcalua.exe -a C:\install.exe -d C:\
Task: {CE971DEA-C59B-4416-81A0-8A0AC10C42B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DED4C60D-7082-40D0-BACD-5694CAA51371} - System32\Tasks\{7C592588-411D-46B1-9908-687F727889AA} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTMLW0HP\billeo-home-setup[1].exe" -d C:\Users\Owner\Desktop
Task: {EBE6F388-949A-4B73-B4FE-F792BA07F36F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2009-07-16 17:27 - 2009-07-16 17:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 17:27 - 2009-07-16 17:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-31 22:05 - 2009-06-22 17:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 13:07 - 2009-07-25 13:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-08-18 09:44 - 2010-08-18 09:44 - 00221184 _____ () C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-30 21:28 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-30 21:28 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-19 18:33 - 2015-02-19 18:33 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegtaoc.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files\program\libxml2.dll
2012-08-10 15:50 - 2012-08-10 15:50 - 00170496 _____ () C:\Program Files\program\libxslt.dll
2015-02-19 18:33 - 2015-02-19 18:33 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32api.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\pywintypes27.dll
2015-02-19 18:33 - 2015-02-19 18:33 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\pythoncom27.dll
2015-02-19 18:33 - 2015-02-19 18:33 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_socket.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_ssl.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32com.shell.shell.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_hashlib.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._core_.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._gdi_.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._windows_.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._controls_.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._misc_.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\pysqlite2._sqlite.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_elementtree.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\pyexpat.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_ctypes.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32file.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32security.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\hashobjs_ext.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32gui.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32event.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32inet.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32crypt.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._html2.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\_multiprocessing.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32process.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\unicodedata.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._wizard.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32pipe.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32pdh.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\windows._lib_cacheinvalidation.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\select.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32profile.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\win32ts.pyd
2015-02-19 18:33 - 2015-02-19 18:33 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI35522\wx._animate.pyd
2009-09-17 14:36 - 2009-09-17 14:36 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-03-27 15:11 - 2011-03-27 15:11 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-02-19 23:41 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 23:41 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 23:41 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2723962228-3673826885-3304129383-500 - Administrator - Disabled)
Guest (S-1-5-21-2723962228-3673826885-3304129383-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2723962228-3673826885-3304129383-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-2723962228-3673826885-3304129383-1012 - Administrator - Enabled)
Owner (S-1-5-21-2723962228-3673826885-3304129383-1001 - Administrator - Enabled) => C:\Users\Owner
==================== Faulty Device Manager Devices =============
Name: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/20/2015 03:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10822725
Error: (02/20/2015 03:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10822725
Error: (02/20/2015 03:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2015 03:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10821711
Error: (02/20/2015 03:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10821711
Error: (02/20/2015 03:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2015 03:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10820713
Error: (02/20/2015 03:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10820713
Error: (02/20/2015 03:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2015 03:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10819605
System errors:
=============
Error: (02/18/2015 04:21:25 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
Error: (02/18/2015 02:42:09 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer STAPLES-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C939A8E1-DB7F-43F2-A4C7-4880063.
The master browser is stopping or an election is being forced.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz
Percentage of memory in use: 64%
Total physical RAM: 2936.94 MB
Available physical RAM: 1038.38 MB
Total Pagefile: 5872.17 MB
Available Pagefile: 3791.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1855.85 MB
==================== Drives ================================
Drive c: (TI102763W0F) (Fixed) (Total:288.69 GB) (Free:197.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 80460331)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Owner (administrator) on OWNER-PC on 20-02-2015 15:35:41
Running from C:\Users\Owner\Desktop\comp repair
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(OpenOffice.org) C:\Program Files\program\soffice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(OpenOffice.org) C:\Program Files\program\soffice.bin
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => "C:\windows\system32\thpsrv" /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [214328 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [33352 2009-07-17] (ATT)
HKLM\...\Run: [Toshiba DetectAC Utility] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe [221184 2010-08-18] ()
HKLM\...\Run: [Toshiba DetectAC Utility1] => C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe [266240 2010-08-03] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-31] (Google Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> DefaultScope {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
SearchScopes: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> {3DDDC687-932E-4FEC-8958-2D6984EC903C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723962228-3673826885-3304129383-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\Trademanager\npwangwang.dll ( )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: NetDvr_Plugins -> C:\Program Files\NetDvr\Plugins\npDvr.dll (DVR)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723962228-3673826885-3304129383-1001: {@alibaba.com/alisetup;version=1.0} -> C:\Users\Owner\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Test Pilot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f516h429.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-01-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-17]
FF HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-17]
CHR HKU\S-1-5-21-2723962228-3673826885-3304129383-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-07-15] (SmithMicro Inc.)
S3 CAATT; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-07-15] (SmithMicro Inc.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-05] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [551264 2013-01-28] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2012-03-14] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2012-03-14] (ESET)
S3 GT72NDISIPXP; C:\windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2014-12-06] ()
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
S3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-13] (Realtek Semiconductor Corporation )
R3 swmsflt; C:\windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 08:56 - 2015-02-20 10:18 - 00000098 ____H () C:\Users\Owner\Documents\.~lock.password.odt#
2015-02-18 19:21 - 2015-02-18 19:21 - 15530072 _____ () C:\Users\Owner\Downloads\RogueKiller (1).exe
2015-02-18 19:20 - 2015-02-18 19:23 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-02-18 19:20 - 2015-02-18 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-18 19:19 - 2015-02-18 19:20 - 15530072 _____ () C:\Users\Owner\Downloads\RogueKiller.exe
2015-02-18 16:32 - 2015-02-18 16:32 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2015-02-17 21:33 - 2015-02-17 21:37 - 00000000 ____D () C:\AdwCleaner
2015-02-17 21:33 - 2015-02-17 21:33 - 02112512 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2015-02-17 21:30 - 2015-02-17 21:30 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (2).exe
2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2015-02-17 21:25 - 2015-02-17 21:25 - 01388274 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2015-02-17 20:45 - 2015-02-17 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-17 20:44 - 2015-02-17 20:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2015-02-17 20:43 - 2015-02-17 20:44 - 10801480 _____ (VS Revo Group ) C:\Users\Owner\Downloads\RevoUninProSetup.exe
2015-02-17 18:21 - 2015-02-19 23:41 - 00002100 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-17 11:48 - 2015-01-08 21:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-17 11:48 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-17 11:48 - 2015-01-08 21:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-17 08:02 - 2015-02-20 11:17 - 00000000 ___RD () C:\Users\Owner\Google Drive
2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Documents\Google Drive.lnk
2015-02-17 08:02 - 2015-02-17 08:02 - 00001699 _____ () C:\Users\Owner\Desktop\Google Drive.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001971 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001969 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00001959 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-02-17 07:59 - 2015-02-17 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-12 09:31 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 09:30 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 14:30 - 2015-02-20 15:35 - 00000000 ____D () C:\Users\Owner\Desktop\comp repair
2015-02-11 12:07 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:07 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 12:07 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 12:07 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 12:07 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 12:07 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 12:07 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 12:07 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 12:07 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 12:07 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 12:07 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 12:07 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 12:07 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 12:07 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 12:07 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 12:05 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-11 12:05 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 12:04 - 2015-02-03 21:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 12:04 - 2015-02-03 21:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 12:04 - 2015-02-03 21:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 12:04 - 2015-01-27 18:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 12:04 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 12:04 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 12:04 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 12:04 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 12:04 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 12:04 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 12:04 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 12:04 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:04 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 12:04 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:04 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 12:04 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 12:04 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 12:04 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 12:04 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 12:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 12:03 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 12:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 12:03 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 12:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 12:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 12:03 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 12:03 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 12:03 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 12:03 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 12:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 12:03 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 12:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 12:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 12:02 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 12:02 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 12:02 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-11 12:02 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-11 12:00 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 11:48 - 2015-02-20 15:35 - 00000000 ____D () C:\FRST
2015-02-11 11:47 - 2015-02-11 11:47 - 00000207 _____ () C:\windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(32-bit).dat
2015-02-11 11:40 - 2015-02-11 11:40 - 00000000 ____D () C:\RegBackup
2015-02-11 11:36 - 2015-02-11 11:36 - 04804736 _____ () C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-11 11:34 - 2015-02-11 11:38 - 00002156 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-11 11:34 - 2015-02-11 11:34 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-02 15:41 - 2015-02-02 15:41 - 00162976 _____ () C:\Users\Owner\Documents\Online Bill Payment.mht
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 15:32 - 2012-10-27 17:23 - 00072582 _____ () C:\windows\setupact.log
2015-02-20 15:31 - 2012-11-28 13:20 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001UA.job
2015-02-20 15:31 - 2012-04-05 16:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 15:31 - 2010-02-07 08:15 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 11:37 - 2011-10-26 15:32 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-20 10:18 - 2013-02-09 00:19 - 00028337 _____ () C:\Users\Owner\Documents\password.odt
2015-02-20 10:00 - 2012-11-28 13:20 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723962228-3673826885-3304129383-1001Core.job
2015-02-20 04:20 - 2012-10-27 17:25 - 01888950 _____ () C:\windows\WindowsUpdate.log
2015-02-19 18:43 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 18:43 - 2009-07-13 23:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 18:35 - 2011-08-28 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-02-19 18:35 - 2011-08-28 09:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-02-19 18:33 - 2014-01-25 15:14 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-19 18:33 - 2014-01-25 15:14 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-19 18:33 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-19 18:32 - 2012-11-29 03:27 - 00170658 _____ () C:\windows\PFRO.log
2015-02-19 18:32 - 2011-02-11 07:36 - 00000000 ____D () C:\Program Files\ESET
2015-02-18 16:25 - 2014-12-06 14:49 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 13:50 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\tracing
2015-02-17 20:59 - 2009-12-16 09:57 - 00000000 ____D () C:\Program Files\Yahoo!
2015-02-17 20:55 - 2009-12-16 10:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
2015-02-17 19:27 - 2012-06-25 21:35 - 00000000 ____D () C:\Users\Owner\Documents\My Received Files
2015-02-17 19:24 - 2011-04-30 14:47 - 00000000 ____D () C:\Users\Owner\Documents\spa
2015-02-17 17:04 - 2009-07-13 23:53 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-17 08:02 - 2009-10-23 11:18 - 00000000 ____D () C:\Users\Owner
2015-02-17 07:59 - 2009-10-23 12:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-17 07:59 - 2009-08-31 22:07 - 00000000 ____D () C:\Program Files\Google
2015-02-13 16:45 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2015-02-13 16:06 - 2011-04-26 21:34 - 00000000 ____D () C:\Salon
2015-02-13 11:42 - 2011-08-28 09:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 03:46 - 2009-07-13 23:33 - 00456056 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 03:41 - 2014-12-10 03:36 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 03:41 - 2014-04-24 02:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 03:23 - 2013-08-16 06:59 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 03:10 - 2009-10-23 11:45 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-12 03:08 - 2009-09-17 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 12:47 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-02-11 12:04 - 2009-08-31 22:06 - 00779172 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 13:35 - 2010-02-07 08:15 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:46 - 2013-01-26 15:22 - 00086912 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00085864 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00031592 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-02-03 14:46 - 2013-01-26 15:22 - 00000000 ____D () C:\Program Files\LogMeIn
2015-02-02 21:30 - 2011-03-31 16:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
==================== Files in the root of some directories =======
2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
2011-01-04 20:35 - 2011-01-04 20:35 - 0057649 _____ () C:\Program Files\eula.rtf
2012-08-13 09:57 - 2012-08-13 09:57 - 0012927 _____ () C:\Program Files\readme.html
2012-08-13 09:57 - 2012-08-13 09:57 - 0012558 _____ () C:\Program Files\readme.txt
2012-10-25 12:15 - 2012-12-19 15:44 - 0106623 _____ () C:\Users\Owner\AppData\Roaming\iQmetrixErrorLog.txt
2009-10-28 19:57 - 2012-10-24 10:06 - 0000792 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-06-17 22:30 - 2014-12-03 17:00 - 0130511 _____ () C:\Users\Owner\AppData\Local\ars.cache
2011-06-17 22:30 - 2014-12-03 17:00 - 0522804 _____ () C:\Users\Owner\AppData\Local\census.cache
2010-08-12 10:03 - 2012-05-24 13:53 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-19 11:55 - 2010-05-19 11:55 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-12-03 16:49 - 2014-12-03 16:49 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2013-02-23 13:49 - 2013-02-23 14:00 - 0000808 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegtaoc.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 13:17
==================== End Of Log ============================
LiquidTension
2015-02-21, 15:43
Hi Wayne,
Which do you prefer avast or microsoft.
avast! is my choice of free Anti-Virus.
Do I need a firewall?
If you renew your ESET license, no further action is necessary as the suite comes with a Firewall.
If you go with avast! or MSE, you will need to confirm Windows Firewall is enabled.
Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.
Confirm Windows Firewall is enabled.
Should I also run sbybot automatically on open?
Having Spybot lunch at startup will only increase your slow boot time.
--------
Before we address your slow boot, I suggest you deal with your Anti-Virus. Let me know when you've resolved this issue, and we can go from there.
Adam,
I have installed avast and it ran a scan with no issues. As I was writing this avast popped up with an ASK toolbar and suggested to remove it. Then it popped up with google search protector and recommended removing that so it does not interfere with avast. I have not done that yet till I here from you. The firewall is enabled as you suggested.
LiquidTension
2015-02-22, 01:09
Hello Wayne,
Have you also uninstalled ESET?
As I was writing this avast popped up with an ASK toolbar and suggested to remove it.
I'm not sure where this has come from. There was no indication in your FRST logs.
You can allow avast! to remove.
Then it popped up with google search protector and recommended removing that so it does not interfere with avast.
Could you take a screen of this please? Instructions on how to take a screenshot can be found in this article (http://windows.microsoft.com/en-gb/windows/use-snipping-tool-capture-screen-shots#1TC=windows-7). Upload the image to Imgur.com (http://imgur.com/) and paste the URL in your next reply.
1207112071
Hi Adam,
I attached a screen shot of the avast "google search protector" message. I have Uninstalled eset.
Thanks
LiquidTension
2015-02-23, 07:17
Hi Wayne,
Yes, please allow avast! to remove. Then perform a scan with avast!.
Other than the slow boot, do you have any outstanding issues or concerns?
Adam
12073
I ran avast. It cleaned up several items updated software and asked to remove grime which needs a subscription. I think the only issue at this point is the slow boot.
Thanks
LiquidTension
2015-02-24, 19:42
Hello Wayne,
There was no such evidence of "grime" in your FRST logs, and as all (bar the slow boot) appears to be well, I think we can move on.
That particular feature of avast! has been criticised in the past.
To address your slow boot, please run the following programme.
http://i.imgur.com/mfPiyt0.png HijackThis Scan
Please download HijackThis (http://forums.whatthetech.com/index.php?app=downloads&showfile=36) and save the file to your Desktop.
Right-Click HijackThis.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the installer.
Follow the prompts to install the programme. By default it will install to C:\Program Files\Trend Micro\HijackThis.
Once installed, HijackThis will launch.
Click on Do a system scan and save a logfile.
A log will open. Copy the contents of the log and paste in your next reply.
Hello Adam
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:05 PM, on 2/26/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
C:\Windows\vVX3000.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Users\Owner\Downloads\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe"
O4 - HKLM\..\Run: [SynTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon
O4 - HKLM\..\Run: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] "%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"
O4 - HKLM\..\Run: [ConexantAudioPatch] "%ProgramFiles%\ConexantAudioPatch\Audioreset.exe"
O4 - HKLM\..\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] "%ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Toshiba DetectAC Utility] "C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe"
O4 - HKLM\..\Run: [Toshiba DetectAC Utility1] "C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe"
O4 - HKLM\..\Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1058
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
--
End of file - 16185 bytes
LiquidTension
2015-02-27, 01:58
Hi Wayne,
To improve your slow boot time, we are going to reduce the number of programmes that startup. You have a lot of programmes that startup; many of which are unnecessary and can be manually started if necessary by opening the associated executable (.exe) file. To reduce the number of programmes, we are going to use HijackThis. As this is a personal decision, I'm going to ultimately leave it down to you, but I have made my recommendations below.
We are only placing checkmarks next to O4 items. Nothing else.
If you'd like to double-check what an item pertains to, enter the executable file (eg. igfxtray.exe) into SystemLookUp (http://www.systemlookup.com/).
http://i.imgur.com/mfPiyt0.png HijackThis Fix
Right-Click HijackThis.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Do a system scan only.
Ensure all windows other than HJT are closed.
Place a tick next to the following items:
O4 - HKLM\..\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe"
O4 - HKLM\..\Run: [SynTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [SmartFaceVWatcher] "%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"
O4 - HKLM\..\Run: [ConexantAudioPatch] "%ProgramFiles%\ConexantAudioPatch\Audioreset.exe"
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] "%ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Toshiba DetectAC Utility] "C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe"
O4 - HKLM\..\Run: [Toshiba DetectAC Utility1] "C:\Program Files\TOSHIBA\Toshiba DetectAC Utility\CollectInfo.exe"
O4 - HKLM\..\Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Once selected, click Fix checked, followed by Yes to confirm that you would like to remove the selected entries.
Close the HijackThis window.
Hi Adam
Followed your steps and now it takes on boot up. 1 minute to see the icons on my desktop. another minute for me to get internet connection. and then an additional two minutes from the time I get connected to the net for chrome to connect and display the google search bar. Does this seem correct. Once google connects the first time I can close and reopen google and it will connect in 10 to 12 seconds.
Your thoughts.
thanks
LiquidTension
2015-02-28, 19:36
Hello Wayne,
No, that doesn't sound right.
All we've done is stop certain programmes from starting up. This should not have impacted what you described in your post.
Can you reboot a few times, and let me know if this is persistent behaviour.
Hi Adam
The startup times are probably slightly quicker than they were before you helped me. I have rebooted several times and we're still at about a minute to see the desktop another minute to connect to the internet and then another 2 minutes for Chrome to open. It just seems way to slow.
thanks
LiquidTension
2015-03-01, 03:04
Hi Wayne,
Did you remove any items other than those I suggested?
Lets reverse the removal of the startup run values. See here:
http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/#HTRestore
Now please refer to the following article:
http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/
See if the article above helps, and let me know how you get on.
Hi Adam
I did not remove anything other than what u suggested. The computer has been slow for awhile. I thought it was a virus.
Do you still want me to reverse the startup removal values. As I mentioned, I don't think the computer is slo sr now.
LiquidTension
2015-03-02, 10:56
Hi Wayne,
Perhaps I've misunderstood one of your posts.
When you said:
1 minute to see the icons on my desktop. another minute for me to get internet connection. and then an additional two minutes from the time I get connected to the net for chrome to connect and display the google search bar.
Has this been the case for a while, or as a direct result from removing the programmes from starting up?
Hi Adam,
This has been the case for a while. My computer has not always been this slow, but in the last year or two something must have happened.
LiquidTension
2015-03-03, 00:33
Hi Wayne,
In this case, leave the changes made by HijackThis.
I think you would benefit from carrying out the various steps discussed in this article:
http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/
LiquidTension
2015-03-15, 17:22
Due to lack of feedback, this topic is now closed.
If you would like this topic reopened, please send a Private Message (PM) to a member of Staff.