Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Related to `Barowwsoe2Save `elimination

  1. #1
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default Related to `Barowwsoe2Save `elimination

    http://forums.spybot.info/showthread...e&goto=newpost

    ==============
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by cp2012 (administrator) on CP2012-HP on 25-01-2015 06:08:45
    Running from C:\Users\cp2012\Downloads
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Dropbox, Inc.) C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    () C:\Program Files (x86)\Content Manager\CmTray.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [My Scrap Nook Home Page Guard 64 bit] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe"
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-08-16] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226704 2013-03-07] (Research In Motion Limited)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
    HKU\S-1-5-18\...\Run: [ISUSPM] => -scheduler
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
    ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\cp2012\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-4211978626-972589915-279576106-1000] => http=127.0.0.1:49450;https=127.0.0.1:49450
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
    URLSearchHook: HKU\S-1-5-21-4211978626-972589915-279576106-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
    SearchScopes: HKLM -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\cp2012\AppData\Roaming\Mozilla\Firefox\Profiles\6od7941t.default-1401247939329
    FF DefaultSearchEngine: Google
    FF Homepage: https://www.google.ca/
    FF NetworkProxy: "http_port", 1
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4211978626-972589915-279576106-1000: @citrixonline.com/appdetectorplugin -> C:\Users\cp2012\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Extension: Buzz Social Points - C:\Program Files (x86)\Mozilla Firefox\extensions\buzzsocial@buzzsocialpoints.com.xpi [2015-01-14]
    FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-16]
    FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
    FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-08-11]
    FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: Buzz Social Points - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR Profile: C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SEOquake) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-06-17]
    CHR Extension: (Google Wallet) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
    CHR HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-08-11]
    CHR HKLM-x32\...\Chrome\Extension: [gikoeigmfnoggdlhnobkbbbkohiahbko] - C:\Program Files (x86)\BuzzSocialPoints\chrome.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
    R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-16] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-12] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 06:08 - 2015-01-25 06:08 - 00000000 ____D () C:\Users\cp2012\Downloads\FRST-OlderVersion
    2015-01-23 22:33 - 2015-01-23 22:46 - 00000000 ____D () C:\10af7caede595e38e1
    2015-01-22 18:55 - 2015-01-22 18:55 - 00000000 ____D () C:\Users\cp2012\AppData\Local\{ECBDDCC1-7ABD-4BFF-AD48-31C107E46370}
    2015-01-22 00:13 - 2015-01-22 00:13 - 00008887 _____ () C:\Users\cp2012\Desktop\JRT.txt
    2015-01-21 14:41 - 2015-01-21 14:43 - 225890304 _____ () C:\Users\cp2012\Downloads\LibreOffice_4.3.5_Win_x86(1).msi
    2015-01-21 13:14 - 2015-01-21 13:14 - 01707939 _____ (Thisisu) C:\Users\cp2012\Downloads\JRT(2).exe
    2015-01-21 10:32 - 2015-01-24 13:35 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-21 10:32 - 2015-01-24 13:35 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-18 19:37 - 2015-01-18 19:48 - 00000000 ____D () C:\Users\cp2012\Desktop\ParkingDetroit
    2015-01-18 16:08 - 2015-01-18 16:08 - 01707939 _____ (Thisisu) C:\Users\cp2012\Downloads\JRT(1).exe
    2015-01-18 03:35 - 2015-01-18 03:35 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-18 03:33 - 2015-01-18 03:33 - 01707939 _____ (Thisisu) C:\Users\cp2012\Downloads\JRT.exe
    2015-01-18 03:33 - 2015-01-18 03:33 - 00010884 _____ () C:\Users\cp2012\Desktop\AdwCleaner[S1].txt
    2015-01-18 03:23 - 2015-01-18 03:24 - 02186752 _____ () C:\Users\cp2012\Downloads\adwcleaner_4.108.exe
    2015-01-18 03:16 - 2015-01-18 03:16 - 00000988 _____ () C:\Users\cp2012\Desktop\checkup.txt
    2015-01-18 02:56 - 2015-01-18 02:56 - 00852504 _____ () C:\Users\cp2012\Downloads\SecurityCheck.exe
    2015-01-16 23:31 - 2015-01-16 23:33 - 225890304 _____ () C:\Users\cp2012\Downloads\LibreOffice_4.3.5_Win_x86.msi
    2015-01-14 23:33 - 2015-01-14 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-14 09:56 - 2015-01-14 09:56 - 00069765 _____ () C:\Users\cp2012\Downloads\statement(2).aspx
    2015-01-14 09:56 - 2015-01-14 09:56 - 00068746 _____ () C:\Users\cp2012\Downloads\statement(1).aspx
    2015-01-14 09:55 - 2015-01-14 09:55 - 00068746 _____ () C:\Users\cp2012\Downloads\statement.aspx
    2015-01-13 14:51 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 14:51 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 14:51 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 14:51 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 14:51 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 14:51 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 14:51 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 14:51 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 11:18 - 2015-01-13 12:18 - 00003879 _____ () C:\Users\cp2012\Downloads\aswMBR.txt
    2015-01-13 11:18 - 2015-01-13 12:18 - 00000512 _____ () C:\Users\cp2012\Downloads\MBR.dat
    2015-01-13 11:13 - 2015-01-13 11:13 - 05198336 _____ (AVAST Software) C:\Users\cp2012\Downloads\aswMBR.exe
    2015-01-13 11:13 - 2015-01-13 11:13 - 00045991 _____ () C:\Users\cp2012\Downloads\Addition.txt
    2015-01-13 11:12 - 2015-01-25 06:08 - 00026174 _____ () C:\Users\cp2012\Downloads\FRST.txt
    2015-01-13 11:10 - 2015-01-25 06:08 - 02129920 _____ (Farbar) C:\Users\cp2012\Downloads\FRST64.exe
    2015-01-13 11:10 - 2015-01-25 06:08 - 00000000 ____D () C:\FRST
    2015-01-13 11:10 - 2015-01-13 11:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CP2012-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2015-01-13 11:09 - 2015-01-13 11:09 - 00000000 ____D () C:\Users\cp2012\CP2012-HP
    2015-01-13 11:06 - 2015-01-13 11:06 - 00002237 _____ () C:\Users\cp2012\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-13 11:05 - 2015-01-13 11:05 - 04215584 _____ () C:\Users\cp2012\Downloads\tweaking.com_registry_backup_setup.exe
    2015-01-13 10:34 - 2015-01-13 10:34 - 01054912 _____ (Adobe) C:\Users\cp2012\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
    2015-01-12 12:52 - 2015-01-12 12:52 - 00153894 _____ () C:\Users\cp2012\Desktop\Copy of Squirt Calender 2015 --Schram.xlsx
    2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2015-01-03 17:30 - 2015-01-03 18:02 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Anvsoft
    2015-01-03 17:30 - 2015-01-03 17:30 - 00000000 ____D () C:\Users\cp2012\Documents\Any Video Converter
    2015-01-03 17:29 - 2015-01-03 17:29 - 33259320 _____ (Any-Video-Converter.com ) C:\Users\cp2012\Downloads\avc-setup-5.7.6(1).exe
    2015-01-03 17:26 - 2015-01-03 17:26 - 00231808 _____ () C:\Users\cp2012\Downloads\avc-setup-5.7.6.exe
    2015-01-03 17:10 - 2015-01-03 17:10 - 02520172 _____ () C:\Users\cp2012\Desktop\JakeVideo-1Dec2015ppm.ppm
    2015-01-03 16:44 - 2015-01-03 16:45 - 19512268 _____ () C:\Users\cp2012\Downloads\JakeVideo-2Dec2015.odp
    2015-01-03 16:43 - 2015-01-03 16:43 - 00082064 _____ () C:\Users\cp2012\Downloads\JakeVideo-1Dec2015.odp
    2015-01-01 18:11 - 2015-01-01 18:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-27 22:22 - 2014-12-27 22:22 - 00803392 _____ ( ) C:\Users\cp2012\Downloads\FlvPlayerSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-25 05:57 - 2012-08-27 11:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-25 05:52 - 2012-07-14 02:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-25 04:43 - 2012-07-14 02:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 04:43 - 2012-07-14 02:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 04:43 - 2012-04-12 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-25 04:42 - 2012-08-27 11:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-24 20:03 - 2012-07-05 22:09 - 01581239 _____ () C:\Windows\WindowsUpdate.log
    2015-01-24 19:06 - 2012-09-13 22:26 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-24 19:03 - 2012-07-05 22:19 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F7652-FBD3-4B12-89F2-B7F72B5A1255}
    2015-01-24 13:37 - 2013-06-23 19:25 - 00000000 ___RD () C:\Users\cp2012\Dropbox
    2015-01-24 13:37 - 2013-06-23 19:22 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Dropbox
    2015-01-24 10:49 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 10:49 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 10:48 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-24 10:41 - 2012-04-12 16:43 - 00000000 ____D () C:\ProgramData\PDFC
    2015-01-24 10:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-24 10:41 - 2009-07-13 23:51 - 00088443 _____ () C:\Windows\setupact.log
    2015-01-24 07:29 - 2012-07-09 08:35 - 00000000 ____D () C:\Users\cp2012\AppData\Local\CrashDumps
    2015-01-24 07:27 - 2013-08-26 21:58 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-24 07:27 - 2013-08-24 18:10 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-23 23:01 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\Cy
    2015-01-23 22:38 - 2011-02-11 12:15 - 00767290 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-23 16:36 - 2012-07-10 13:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-23 16:35 - 2012-07-21 18:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-21 15:18 - 2012-12-05 08:39 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcp2012
    2015-01-21 15:18 - 2012-12-05 08:39 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcp2012.job
    2015-01-21 15:15 - 2012-10-18 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-01-21 14:58 - 2012-07-05 22:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Adobe
    2015-01-21 14:53 - 2013-11-27 14:52 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
    2015-01-21 10:41 - 2014-10-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-21 10:39 - 2014-06-03 13:46 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-18 19:27 - 2014-03-23 21:24 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Windows Live
    2015-01-18 03:28 - 2010-11-20 22:47 - 02256118 _____ () C:\Windows\PFRO.log
    2015-01-18 03:27 - 2014-04-21 08:54 - 00000000 ____D () C:\AdwCleaner
    2015-01-17 00:12 - 2012-10-11 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-16 23:30 - 2013-10-04 12:31 - 00799744 ___SH () C:\Users\cp2012\Desktop\Thumbs.db
    2015-01-15 00:00 - 2014-12-02 00:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
    2015-01-13 21:27 - 2013-06-23 19:25 - 00001025 _____ () C:\Users\cp2012\Desktop\Dropbox.lnk
    2015-01-13 21:27 - 2013-06-23 19:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-01-13 14:55 - 2013-07-14 08:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 14:51 - 2012-07-11 22:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 11:09 - 2012-07-05 22:11 - 00000000 ____D () C:\Users\cp2012
    2015-01-12 11:12 - 2012-11-28 14:49 - 00000000 ____D () C:\Users\cp2012\Desktop\a-Jake
    2015-01-12 11:11 - 2012-08-03 08:48 - 00127776 _____ () C:\Users\cp2012\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-12 08:42 - 2012-07-05 22:20 - 00000000 ____D () C:\Users\cp2012\AppData\Local\PDFC
    2015-01-09 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-03 18:27 - 2012-07-20 15:57 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\SoftGrid Client
    2015-01-03 18:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-01-03 16:44 - 2012-12-07 18:54 - 00012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-01 19:47 - 2014-08-19 22:31 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Adobe
    2015-01-01 18:07 - 2009-07-14 00:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-30 10:22 - 2014-10-13 10:32 - 00032012 _____ () C:\Users\cp2012\Desktop\InsuranceComparison.ods
    2014-12-28 19:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-26 07:56 - 2014-04-08 11:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15

    ==================== Files in the root of some directories =======

    2012-08-13 03:59 - 2012-08-13 03:59 - 125106169 _____ () C:\Program Files\openofficeorg1.cab
    2012-08-13 03:58 - 2012-08-13 03:58 - 3162112 _____ () C:\Program Files\openofficeorg341.msi
    2012-08-13 03:58 - 2012-08-13 03:58 - 0473600 _____ () C:\Program Files\setup.exe
    2012-08-13 03:58 - 2012-08-13 03:58 - 0000294 _____ () C:\Program Files\setup.ini
    2013-06-26 17:14 - 2014-03-20 22:39 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.Exception.log
    2013-10-01 08:42 - 2014-03-16 22:32 - 0005569 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000462 _____ () C:\Users\cp2012\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2013-10-01 08:57 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Transcoder.Exception.log
    2012-12-07 18:54 - 2015-01-03 16:44 - 0012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-21 23:44 - 2013-05-21 23:44 - 0000877 _____ () C:\Users\cp2012\AppData\Local\recently-used.xbel

    Some content of TEMP:
    ====================
    C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpubhvvs.dll
    C:\Users\cp2012\AppData\Local\Temp\_isF620.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-21 11:20

    ==================== End Of Log ===============================================


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2015-01-25 06:14:00
    -----------------------------
    06:14:00.099 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:14:00.099 Number of processors: 4 586 0x2A07
    06:14:00.099 ComputerName: CP2012-HP UserName: cp2012
    06:14:05.050 Initialize success
    06:15:52.310 AVAST engine defs: 15012401
    06:41:53.170 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:41:53.171 Disk 0 Vendor: ST2000DL HP16 Size: 1907729MB BusType: 3
    06:41:53.300 Disk 0 MBR read successfully
    06:41:53.302 Disk 0 MBR scan
    06:41:53.358 Disk 0 Windows 7 default MBR code
    06:41:53.368 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    06:41:53.383 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1889177 MB offset 206848
    06:41:53.421 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18450 MB offset 3869241344
    06:41:53.486 Disk 0 scanning C:\Windows\system32\drivers
    06:42:04.537 Service scanning
    06:42:25.177 Modules scanning
    06:42:25.182 Disk 0 trace - called modules:
    06:42:25.226 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    06:42:25.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a027060]
    06:42:25.240 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007ae4050]
    06:42:29.237 AVAST engine scan C:\Windows
    06:42:31.932 AVAST engine scan C:\Windows\system32
    06:45:33.834 AVAST engine scan C:\Windows\system32\drivers
    06:45:49.569 AVAST engine scan C:\Users\cp2012
    06:48:11.252 Disk 0 MBR has been saved successfully to "C:\Users\cp2012\Desktop\ScanFiles\MBR.dat"
    06:48:11.257 The log file has been saved successfully to "C:\Users\cp2012\Desktop\ScanFiles\aswMBR.txt"


    ==================

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Your last topic was closed due to inactivity. Please keep me informed if you need additional time to complete the tasks requested so we can clear up your computer problems quickly and efficiently.

    Tools need to be located on the Desktop. Please relocate FRST before proceeding.

    Did you set this Proxy Server?

    ProxyServer: [S-1-5-21-4211978626-972589915-279576106-1000] => http=127.0.0.1:49450;https=127.0.0.1:49450

    =========================

    You have numerous McAfee & AVG entries in your logs. Do you, or have you used McAfee & AVG in the past?

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-4211978626-972589915-279576106-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = 
    Toolbar: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
    EmptyTemp:
    CMD: ipconfig /flushdns
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • What symptoms are you experiencing
    • Provide information with regards to my questions asked above.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
    Ran by cp2012 at 2015-01-27 10:55:35 Run:1
    Running from C:\Users\cp2012\Downloads\FRST-OlderVersion
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-4211978626-972589915-279576106-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL =
    Toolbar: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> No Name - {F9BBF004-6E40-4019-8214-C43A37E1D058} - No File
    EmptyTemp:
    CMD: ipconfig /flushdns
    End
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f9bbf004-6e40-4019-8214-c43a37e1d058} => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-4211978626-972589915-279576106-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC}" => Key deleted successfully.
    HKCR\CLSID\{44AB3196-E782-4E57-B65F-8EFAAAF62DDC} => Key not found.
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F9BBF004-6E40-4019-8214-C43A37E1D058} => value deleted successfully.
    HKCR\CLSID\{F9BBF004-6E40-4019-8214-C43A37E1D058} => Key not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========



    ==============
    I did not set up a proxy server, do not know how did it get in there.
    We do have AVG up to date version but mcAfe is not the latest at all, perhaps we may not need it. Don`t know what need to be done here. I have noticed sometimes it get installed along with the Adobe installation.
    Still the internet stop working quiet often and ask me to stop or continue the script running.

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Before you proceed, please see my instructions above that states "all tools must be located on the desktop". Please move or download any tools I request you to run directly to the Desktop. I appreciate your cooperation.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Select the Addition box
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • It will also make (Addition.txt). Please attach it to your reply

    =========================

    In your next post please provide the following:
    • checkup.txt
    • FRST.txt
    • Addition.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    Results of screen317's Security Check version 0.99.95
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Spybot - Search and Destroy
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Java 8 Update 31
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.296
    Adobe Reader XI
    Mozilla Firefox (35.0.1)
    Google Chrome 31.0.1650.57 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
    ===============================================================
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by cp2012 (administrator) on CP2012-HP on 28-01-2015 09:56:28
    Running from C:\Users\cp2012\Desktop
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Dropbox, Inc.) C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [My Scrap Nook Home Page Guard 64 bit] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe"
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-08-16] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226704 2013-03-07] (Research In Motion Limited)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-27] (Google Inc.)
    HKU\S-1-5-18\...\Run: [ISUSPM] => -scheduler
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
    ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\cp2012\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-4211978626-972589915-279576106-1000] => http=127.0.0.1:49450;https=127.0.0.1:49450
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
    SearchScopes: HKLM -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\cp2012\AppData\Roaming\Mozilla\Firefox\Profiles\6od7941t.default-1401247939329
    FF DefaultSearchEngine: Google
    FF Homepage: https://www.google.ca/
    FF NetworkProxy: "http_port", 1
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4211978626-972589915-279576106-1000: @citrixonline.com/appdetectorplugin -> C:\Users\cp2012\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Extension: Buzz Social Points - C:\Program Files (x86)\Mozilla Firefox\extensions\buzzsocial@buzzsocialpoints.com.xpi [2015-01-27]
    FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-16]
    FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
    FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-08-11]
    FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: Buzz Social Points - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR Profile: C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SEOquake) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-06-17]
    CHR Extension: (Google Wallet) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
    CHR HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-08-11]
    CHR HKLM-x32\...\Chrome\Extension: [gikoeigmfnoggdlhnobkbbbkohiahbko] - C:\Program Files (x86)\BuzzSocialPoints\chrome.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
    R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-16] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-12] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 09:23 - 2015-01-28 09:23 - 00852573 _____ () C:\Users\cp2012\Desktop\SecurityCheck.exe
    2015-01-27 15:56 - 2015-01-27 15:56 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-27 15:56 - 2015-01-27 15:56 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-27 10:54 - 2015-01-28 09:56 - 00025370 _____ () C:\Users\cp2012\Desktop\FRST.txt
    2015-01-27 10:54 - 2015-01-27 10:55 - 00043429 _____ () C:\Users\cp2012\Desktop\Addition.txt
    2015-01-27 10:34 - 2015-01-27 10:34 - 00000770 _____ () C:\Users\cp2012\Desktop\fixlist.txt
    2015-01-27 09:13 - 2015-01-27 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-26 08:30 - 2015-01-26 08:30 - 00323010 _____ () C:\Users\cp2012\Downloads\viewDownload.go
    2015-01-25 16:28 - 2015-01-25 16:28 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
    2015-01-25 16:28 - 2015-01-25 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
    2015-01-25 13:27 - 2015-01-25 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-01-25 13:26 - 2015-01-25 13:26 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2015-01-25 13:26 - 2015-01-25 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-01-25 13:26 - 2015-01-25 13:26 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2015-01-25 13:24 - 2015-01-25 13:24 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files\iPod
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-25 06:13 - 2015-01-25 06:13 - 04745728 _____ (AVAST Software) C:\Users\cp2012\Desktop\aswMBR(1).exe
    2015-01-25 06:12 - 2015-01-25 06:12 - 03551720 _____ (K9 Tools ) C:\Users\cp2012\Downloads\setup.exe
    2015-01-25 06:09 - 2015-01-25 06:48 - 00000000 ____D () C:\Users\cp2012\Desktop\ScanFiles
    2015-01-25 06:08 - 2015-01-28 09:32 - 00000000 ____D () C:\Users\cp2012\Downloads\FRST-OlderVersion
    2015-01-23 22:33 - 2015-01-23 22:46 - 00000000 ____D () C:\10af7caede595e38e1
    2015-01-22 18:55 - 2015-01-22 18:55 - 00000000 ____D () C:\Users\cp2012\AppData\Local\{ECBDDCC1-7ABD-4BFF-AD48-31C107E46370}
    2015-01-22 00:13 - 2015-01-22 00:13 - 00008887 _____ () C:\Users\cp2012\Desktop\JRT.txt
    2015-01-21 14:41 - 2015-01-21 14:43 - 225890304 _____ () C:\Users\cp2012\Downloads\LibreOffice_4.3.5_Win_x86(1).msi
    2015-01-21 13:14 - 2015-01-21 13:14 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT(2).exe
    2015-01-21 10:32 - 2015-01-24 13:35 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-21 10:32 - 2015-01-24 13:35 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-18 19:37 - 2015-01-18 19:48 - 00000000 ____D () C:\Users\cp2012\Desktop\ParkingDetroit
    2015-01-18 16:08 - 2015-01-18 16:08 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT(1).exe
    2015-01-18 03:35 - 2015-01-18 03:35 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-18 03:33 - 2015-01-18 03:33 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT.exe
    2015-01-18 03:33 - 2015-01-18 03:33 - 00010884 _____ () C:\Users\cp2012\Desktop\AdwCleaner[S1].txt
    2015-01-18 03:23 - 2015-01-18 03:24 - 02186752 _____ () C:\Users\cp2012\Desktop\adwcleaner_4.108.exe
    2015-01-18 03:16 - 2015-01-18 03:16 - 00000988 _____ () C:\Users\cp2012\Desktop\checkup.txt
    2015-01-16 23:31 - 2015-01-16 23:33 - 225890304 _____ () C:\Users\cp2012\Downloads\LibreOffice_4.3.5_Win_x86.msi
    2015-01-14 09:56 - 2015-01-14 09:56 - 00069765 _____ () C:\Users\cp2012\Downloads\statement(2).aspx
    2015-01-14 09:56 - 2015-01-14 09:56 - 00068746 _____ () C:\Users\cp2012\Downloads\statement(1).aspx
    2015-01-14 09:55 - 2015-01-14 09:55 - 00068746 _____ () C:\Users\cp2012\Downloads\statement.aspx
    2015-01-13 14:51 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 14:51 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 14:51 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 14:51 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 14:51 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 14:51 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 14:51 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 14:51 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 11:18 - 2015-01-13 12:18 - 00003879 _____ () C:\Users\cp2012\Desktop\aswMBR.txt
    2015-01-13 11:18 - 2015-01-13 12:18 - 00000512 _____ () C:\Users\cp2012\Desktop\MBR.dat
    2015-01-13 11:13 - 2015-01-13 11:13 - 05198336 _____ (AVAST Software) C:\Users\cp2012\Desktop\aswMBR.exe
    2015-01-13 11:13 - 2015-01-13 11:13 - 00045991 _____ () C:\Users\cp2012\Downloads\Addition.txt
    2015-01-13 11:12 - 2015-01-27 10:40 - 00042503 _____ () C:\Users\cp2012\Downloads\FRST.txt
    2015-01-13 11:10 - 2015-01-28 09:56 - 00000000 ____D () C:\FRST
    2015-01-13 11:10 - 2015-01-25 06:08 - 02129920 _____ (Farbar) C:\Users\cp2012\Desktop\FRST64.exe
    2015-01-13 11:10 - 2015-01-13 11:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CP2012-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2015-01-13 11:09 - 2015-01-13 11:09 - 00000000 ____D () C:\Users\cp2012\CP2012-HP
    2015-01-13 11:06 - 2015-01-13 11:06 - 00002237 _____ () C:\Users\cp2012\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-13 11:05 - 2015-01-13 11:05 - 04215584 _____ () C:\Users\cp2012\Desktop\tweaking.com_registry_backup_setup.exe
    2015-01-13 10:34 - 2015-01-13 10:34 - 01054912 _____ (Adobe) C:\Users\cp2012\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
    2015-01-12 12:52 - 2015-01-12 12:52 - 00153894 _____ () C:\Users\cp2012\Desktop\Copy of Squirt Calender 2015 --Schram.xlsx
    2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2015-01-03 17:30 - 2015-01-03 18:02 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Anvsoft
    2015-01-03 17:30 - 2015-01-03 17:30 - 00000000 ____D () C:\Users\cp2012\Documents\Any Video Converter
    2015-01-03 17:29 - 2015-01-03 17:29 - 33259320 _____ (Any-Video-Converter.com ) C:\Users\cp2012\Downloads\avc-setup-5.7.6(1).exe
    2015-01-03 17:26 - 2015-01-03 17:26 - 00231808 _____ () C:\Users\cp2012\Downloads\avc-setup-5.7.6.exe
    2015-01-03 16:44 - 2015-01-03 16:45 - 19512268 _____ () C:\Users\cp2012\Downloads\JakeVideo-2Dec2015.odp
    2015-01-03 16:43 - 2015-01-03 16:43 - 00082064 _____ () C:\Users\cp2012\Downloads\JakeVideo-1Dec2015.odp
    2015-01-01 18:11 - 2015-01-01 18:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 09:52 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\Cy
    2015-01-28 09:52 - 2012-07-14 02:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-28 09:36 - 2012-11-28 14:49 - 00000000 ____D () C:\Users\cp2012\Desktop\a-Jake
    2015-01-28 09:34 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\b-Moira
    2015-01-28 09:25 - 2012-09-13 22:26 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-28 09:11 - 2012-08-27 11:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-28 09:11 - 2012-07-05 22:09 - 01700927 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 06:44 - 2012-07-05 22:19 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F7652-FBD3-4B12-89F2-B7F72B5A1255}
    2015-01-27 16:03 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-27 16:03 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-27 16:02 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-27 15:58 - 2013-06-23 19:25 - 00000000 ___RD () C:\Users\cp2012\Dropbox
    2015-01-27 15:58 - 2013-06-23 19:22 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Dropbox
    2015-01-27 15:57 - 2012-11-28 19:04 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Apple Computer
    2015-01-27 15:56 - 2013-10-04 12:31 - 00840192 ___SH () C:\Users\cp2012\Desktop\Thumbs.db
    2015-01-27 15:56 - 2012-04-12 16:43 - 00000000 ____D () C:\ProgramData\PDFC
    2015-01-27 15:55 - 2012-08-27 11:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-27 15:55 - 2009-07-13 23:45 - 00509264 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-27 15:54 - 2012-10-11 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-27 15:54 - 2010-11-20 22:47 - 02256794 _____ () C:\Windows\PFRO.log
    2015-01-27 15:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-27 15:54 - 2009-07-13 23:51 - 00088555 _____ () C:\Windows\setupact.log
    2015-01-27 10:58 - 2012-08-27 11:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-01-27 10:58 - 2012-08-27 11:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-25 21:34 - 2012-12-05 08:39 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcp2012
    2015-01-25 21:34 - 2012-12-05 08:39 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcp2012.job
    2015-01-25 16:31 - 2012-08-03 08:48 - 00129800 _____ () C:\Users\cp2012\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-25 16:28 - 2013-11-27 14:52 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
    2015-01-25 16:27 - 2012-11-28 19:03 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Apple
    2015-01-25 13:24 - 2014-09-15 06:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-01-25 13:24 - 2012-11-28 19:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-25 06:52 - 2012-12-07 18:45 - 00000000 ____D () C:\Users\cp2012\.smplayer
    2015-01-25 04:43 - 2012-07-14 02:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 04:43 - 2012-07-14 02:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 04:43 - 2012-04-12 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-24 07:29 - 2012-07-09 08:35 - 00000000 ____D () C:\Users\cp2012\AppData\Local\CrashDumps
    2015-01-23 22:38 - 2011-02-11 12:15 - 00767290 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-23 16:36 - 2012-07-10 13:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-23 16:35 - 2012-07-21 18:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-21 15:15 - 2012-10-18 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-01-21 14:58 - 2012-07-05 22:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Adobe
    2015-01-21 10:41 - 2014-10-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-21 10:39 - 2014-06-03 13:46 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-18 19:27 - 2014-03-23 21:24 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Windows Live
    2015-01-18 03:27 - 2014-04-21 08:54 - 00000000 ____D () C:\AdwCleaner
    2015-01-13 21:27 - 2013-06-23 19:25 - 00001025 _____ () C:\Users\cp2012\Desktop\Dropbox.lnk
    2015-01-13 21:27 - 2013-06-23 19:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-01-13 14:55 - 2013-07-14 08:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 14:51 - 2012-07-11 22:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 11:09 - 2012-07-05 22:11 - 00000000 ____D () C:\Users\cp2012
    2015-01-12 08:42 - 2012-07-05 22:20 - 00000000 ____D () C:\Users\cp2012\AppData\Local\PDFC
    2015-01-09 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-03 18:27 - 2012-07-20 15:57 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\SoftGrid Client
    2015-01-03 18:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-01-03 16:44 - 2012-12-07 18:54 - 00012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-01 19:47 - 2014-08-19 22:31 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Adobe
    2015-01-01 18:07 - 2009-07-14 00:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-30 10:22 - 2014-10-13 10:32 - 00032012 _____ () C:\Users\cp2012\Desktop\InsuranceComparison.ods

    ==================== Files in the root of some directories =======

    2012-08-13 03:59 - 2012-08-13 03:59 - 125106169 _____ () C:\Program Files\openofficeorg1.cab
    2012-08-13 03:58 - 2012-08-13 03:58 - 3162112 _____ () C:\Program Files\openofficeorg341.msi
    2012-08-13 03:58 - 2012-08-13 03:58 - 0473600 _____ () C:\Program Files\setup.exe
    2012-08-13 03:58 - 2012-08-13 03:58 - 0000294 _____ () C:\Program Files\setup.ini
    2013-06-26 17:14 - 2014-03-20 22:39 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.Exception.log
    2013-10-01 08:42 - 2014-03-16 22:32 - 0005569 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000462 _____ () C:\Users\cp2012\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2013-10-01 08:57 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Transcoder.Exception.log
    2012-12-07 18:54 - 2015-01-03 16:44 - 0012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-21 23:44 - 2013-05-21 23:44 - 0000877 _____ () C:\Users\cp2012\AppData\Local\recently-used.xbel

    Some content of TEMP:
    ====================
    C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprve1wv.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-25 23:49

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by cp2012 at 2015-01-28 09:57:07
    Running from C:\Users\cp2012\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
    AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
    AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    BlackBerry Backup Extractor (HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\BlackBerry Backup Extractor) (Version: 1.1.6.0 - Reincubate Ltd)
    BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
    BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite DCP-7060D (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
    BuzzSocialPoints version 1.0 (HKLM-x32\...\BuzzSocialPoints_is1) (Version: 1.0 - BuzzSocialPoints)
    BuzzSocialPoints_IE (HKLM-x32\...\BuzzSocialPoints_IE) (Version: 1.0.0.0 - BuzzSocialPoints)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
    Coby Media Manager (HKLM-x32\...\{D7F70937-6EC3-4129-8089-4974C5873C99}) (Version: 1.0.6316 - Coby)
    Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
    HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
    HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
    HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
    HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
    HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
    Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{9B197B38-038D-47B5-9572-AE07E34F6AD0}) (Version: 4.2.2.1 - The Document Foundation)
    LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
    LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
    Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{D8D25854-D7F0-45C5-8702-D650A5A23E21}) (Version: 2.3.2208 - Microsoft Corporation)
    Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
    Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Musicnotes Player V1.40.3 and Viewer V1.20.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.40.3 - Musicnotes Inc.)
    My Scrap Nook Toolbar (HKLM-x32\...\MyScrapNook_12bar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
    Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
    RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
    Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
    Spelling Bee Coaching Application [Junior] version 1.0 (HKLM-x32\...\{006B99DB-5711-4B22-9FA9-49CE16516FF7}_is1) (Version: 1.0 - Spelling Bee of Canada (c))
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    YouTube Downloader 5 (HKLM-x32\...\YouTube Downloader_is1) (Version: - Kotato)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cp2012\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4211978626-972589915-279576106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    18-01-2015 19:21:17 Windows Backup
    21-01-2015 10:32:46 Windows Update
    21-01-2015 14:46:58 Installed LibreOffice 4.3.5.2
    23-01-2015 22:32:30 Windows Update
    25-01-2015 16:27:15 Installed LibreOffice 4.3.5.2
    25-01-2015 19:31:06 Windows Backup
    27-01-2015 05:32:16 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2013-12-03 19:32 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {04B40466-A83B-48DD-ABF0-E884AF6AB760} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {0A84E25F-2928-4B7F-B440-A19C2A799A99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {0E22359C-36A6-498E-8F4D-B8ECD8D0F04D} - System32\Tasks\BuzzSocialPoints_li_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    Task: {14BB80B3-9E64-4B8B-9C80-AB4AB2956113} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {1A3D80A5-41DE-46B7-9A79-29A4B1CAFB29} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {1DE9B808-E427-47DF-B7C5-E6799D5DA5D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-27] (Google Inc.)
    Task: {218FA806-3B4E-40CB-BD51-494ED94FA0FF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {21A64FF2-06CE-4D84-A656-7B1B266A5D69} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {2326134B-8B45-4C65-A5D2-E316B50A0384} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {2808B6C6-58A6-4D37-B9BA-76FF0981F5F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {298E465E-6D69-45F5-9FA9-EB3F7A85E2EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-27] (Google Inc.)
    Task: {30613810-3553-4397-B11C-C37BA95E4D05} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {3D8A1A9F-F454-4604-8834-E461639A0498} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {3EC402B2-D42F-4E62-AA62-1FD00616E964} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {40752DD2-118B-4B0B-BB9F-49F16D6911CF} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    Task: {42222E2B-8A2A-4AB5-9221-15A14643AADE} - System32\Tasks\{6715E06D-2610-4E87-B690-CA21DD025FB6} => pcalua.exe -a C:\Users\cp2012\Downloads\DownloadManagerSetup.exe -d C:\Users\cp2012\Downloads
    Task: {444AECE7-7AB0-4548-91A7-87767DA2E777} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
    Task: {4873E2B8-EB67-4778-8060-AE14963333F6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {5873113E-DF3E-44C9-8BD5-DC13B98EE7A4} - System32\Tasks\HPCeeScheduleForcp2012 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {5BA387EC-E985-40BE-9E92-CF40FADA502E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {627975E2-ADC6-4662-92E0-C3EA5BB38A97} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {6A99E4A8-8289-49F1-929C-F4FF3B7791E5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {79FFC635-7EE9-4628-94FA-231CC40763CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {9AACBEC8-5F89-4AFD-872B-372F6A23BA39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A3753A57-6BCA-4C45-A2E4-3A0A77243E22} - System32\Tasks\Real Player online update program => c:\program files (x86)\real\realplayer\Update\realsched.exe [2014-08-16] (RealNetworks, Inc.)
    Task: {BFFB2D5E-C9AD-4AB9-A736-DF3BABB44B70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {C138DB40-3BE9-4F1D-A40D-0227528C9C7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {D3FB6106-C888-4474-B3E1-2E1BD076DA62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {E1FBDCD3-0B41-4695-8D2E-751D62992144} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
    Task: {EE3F8FA3-32AB-476C-B110-0204E17FAC18} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
    Task: {F6B2CA0A-530B-42F6-92BE-9A2C74921726} - System32\Tasks\{6B3C84A2-2864-4121-A375-4CF1256FEB48} => pcalua.exe -a "C:\Program Files (x86)\LibreOffice 4\program\scalc.exe" -c -o "C:\Users\cp2012\Desktop\Tball2014\T-ball 2014.ods"
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForcp2012.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-04-08 11:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-11-23 08:32 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2012-04-12 16:21 - 2011-09-19 02:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-06-27 15:00 - 2014-08-16 11:01 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2013-12-03 19:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-03-06 20:14 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-12-03 19:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-02-01 01:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-12-03 19:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-01-08 15:44 - 2015-01-08 15:44 - 00750080 _____ () C:\Users\cp2012\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-27 15:58 - 2015-01-27 15:58 - 00043008 _____ () c:\users\cp2012\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprve1wv.dll
    2015-01-08 15:44 - 2015-01-08 15:44 - 00047616 _____ () C:\Users\cp2012\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-01-08 15:44 - 2015-01-08 15:44 - 00863744 _____ () C:\Users\cp2012\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-01-08 15:44 - 2015-01-08 15:44 - 00200704 _____ () C:\Users\cp2012\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-11-23 08:30 - 2014-11-23 08:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2013-08-02 21:16 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2015-01-27 09:13 - 2015-01-27 09:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-01-25 04:43 - 2015-01-25 04:43 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:373E1720

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-4211978626-972589915-279576106-500 - Administrator - Disabled)
    cp2012 (S-1-5-21-4211978626-972589915-279576106-1000 - Administrator - Enabled) => C:\Users\cp2012
    Guest (S-1-5-21-4211978626-972589915-279576106-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4211978626-972589915-279576106-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/28/2015 09:52:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WINWORD.EXE, version: 15.0.4673.1000, time stamp: 0x54588338
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x002ad854
    Faulting process id: 0x2bb8
    Faulting application start time: 0xWINWORD.EXE0
    Faulting application path: WINWORD.EXE1
    Faulting module path: WINWORD.EXE2
    Report Id: WINWORD.EXE3

    Error: (01/28/2015 09:47:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WINWORD.EXE, version: 15.0.4673.1000, time stamp: 0x54588338
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0037db4c
    Faulting process id: 0x37dc
    Faulting application start time: 0xWINWORD.EXE0
    Faulting application path: WINWORD.EXE1
    Faulting module path: WINWORD.EXE2
    Report Id: WINWORD.EXE3

    Error: (01/28/2015 09:11:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (01/27/2015 10:38:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WINWORD.EXE, version: 15.0.4673.1000, time stamp: 0x54588338
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0046d540
    Faulting process id: 0xf538
    Faulting application start time: 0xWINWORD.EXE0
    Faulting application path: WINWORD.EXE1
    Faulting module path: WINWORD.EXE2
    Report Id: WINWORD.EXE3

    Error: (01/27/2015 07:58:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (01/27/2015 01:28:08 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3042

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/26/2015 08:50:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2044


    System errors:
    =============
    Error: (01/27/2015 03:55:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (01/27/2015 03:55:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (01/27/2015 10:56:22 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CalendarSynchService service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (01/27/2015 10:55:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (01/28/2015 09:52:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WINWORD.EXE15.0.4673.100054588338unknown0.0.0.000000000c0000005002ad8542bb801d03b0a069f75c1C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEunknown491a4c2d-a6fd-11e4-ba27-e840f28b3bc9

    Error: (01/28/2015 09:47:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WINWORD.EXE15.0.4673.100054588338unknown0.0.0.000000000c00000050037db4c37dc01d03b0956487f41C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEunknown9b365aac-a6fc-11e4-ba27-e840f28b3bc9

    Error: (01/28/2015 09:11:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (01/27/2015 10:38:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WINWORD.EXE15.0.4673.100054588338unknown0.0.0.000000000c00000050046d540f53801d03a47449aa4b7C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEunknown8be87209-a63a-11e4-b913-e840f28b3bc9

    Error: (01/27/2015 07:58:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (01/27/2015 01:28:08 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3042

    Error: (01/26/2015 08:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/26/2015 08:50:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2044


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-28 09:14:03.810
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-28 06:44:55.811
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 16:06:11.836
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:22:27.904
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:22:27.893
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:14:47.863
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:14:47.852
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:03:19.833
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 11:03:19.833
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-27 09:45:19.857
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8098.52 MB
    Available physical RAM: 6030.74 MB
    Total Pagefile: 16195.21 MB
    Available Pagefile: 13088.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:1844.9 GB) (Free:1685.88 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:18.02 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5C798ED8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1844.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. #6
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Your Security Check log indicates that you are using Spybot - Search and Destroy as your anti-virus. Is your Spybot subscription a paid version?

    Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • McAfee Security Scan Plus

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ProxyServer: [S-1-5-21-4211978626-972589915-279576106-1000] => http=127.0.0.1:49450;https=127.0.0.1:49450
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    FF NetworkProxy: "http_port", 1
    FF NetworkProxy: "type", 4
    FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File
    FF HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: Buzz Social Points - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    CHR HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gikoeigmfnoggdlhnobkbbbkohiahbko] - C:\Program Files (x86)\BuzzSocialPoints\chrome.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    Task: {0E22359C-36A6-498E-8F4D-B8ECD8D0F04D} - System32\Tasks\BuzzSocialPoints_li_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    Task: {40752DD2-118B-4B0B-BB9F-49F16D6911CF} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Still the internet stop working quiet often and ask me to stop or continue the script running.
    Which browser/s does this occur while using?

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • Reply to question/s asked.
    • How is the computer running, any change in performance?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #7
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
    Ran by cp2012 at 2015-01-30 21:34:07 Run:2
    Running from C:\Users\cp2012\Desktop
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ProxyServer: [S-1-5-21-4211978626-972589915-279576106-1000] => http=127.0.0.1:49450;https=127.0.0.1:49450
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    FF NetworkProxy: "http_port", 1
    FF NetworkProxy: "type", 4
    FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File
    FF HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: Buzz Social Points - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    CHR HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gikoeigmfnoggdlhnobkbbbkohiahbko] - C:\Program Files (x86)\BuzzSocialPoints\chrome.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\cp2012\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [Not Found]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    Task: {0E22359C-36A6-498E-8F4D-B8ECD8D0F04D} - System32\Tasks\BuzzSocialPoints_li_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    Task: {40752DD2-118B-4B0B-BB9F-49F16D6911CF} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => No running process found
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    Firefox Proxy settings were reset.
    Firefox Proxy settings were reset.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin" => Key deleted successfully.
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
    C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
    "HKU\S-1-5-21-4211978626-972589915-279576106-1000\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gikoeigmfnoggdlhnobkbbbkohiahbko" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi" => Key deleted successfully.
    McComponentHostService => Service deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E22359C-36A6-498E-8F4D-B8ECD8D0F04D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E22359C-36A6-498E-8F4D-B8ECD8D0F04D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\BuzzSocialPoints_li_Checker => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_li_Checker" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40752DD2-118B-4B0B-BB9F-49F16D6911CF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40752DD2-118B-4B0B-BB9F-49F16D6911CF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\BuzzSocialPoints_DNS_Checker => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker" => Key deleted successfully.
    EmptyTemp: => Removed 35.4 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 21:34:10 ====
    Right now, I see the browser takes a little time showing the whirls and waiting for a few seconds to go to a specific site/location etc. Other than there is no too much waiting noticed.
    I think I paid between 11 and 15 dollars(it was in euros) for Spyboat
    Mainly Firefox browser is used on this computer

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Flush the FireFox Cache
    (these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
    • In Firefox, Options
    • Select Options
    • Select Privacy tab
    • Find the section that reads: You might want to clear your recent history or remove individual cookies
    • Select clear your recent history
    • Click the Details drop-down arrow
    • Make sure a check mark is placed in the following boxes:
      • Cookies
      • Cache
    • Next select the Time Range to Clear drop-down menu
    • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
    • Click Clear Now

    =========================

    AdwCleaner v3: Scan & Clean
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    Reboot

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • AdwCleaner[S0].txt
    • JRT.txt
    • new FRST.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Junior Member
    Join Date
    Jan 2015
    Posts
    10

    Default

    I followed the order you suggested, however it created a file called AdwCleaner[S2]
    instead of [S0]. Then I used JRT, I tried 4 times, and finally I received the file you wanted me to post. Then I did the FRST.
    After the completion of all these tasks unfortunately, I could find the AdwCleaner[S2] file on my computer, so I did re run the program and obtained a file called AdwCleaner[S3]. Hope this helps. thank you so much.

    ===================

    # AdwCleaner v4.109 - Report created 02/02/2015 at 11:36:33
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : cp2012 - CP2012-HP
    # Running from : C:\Users\cp2012\Desktop\adwcleaner_4.109.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v40.0.2214.94


    *************************

    AdwCleaner[R0].txt - [45258 octets] - [21/04/2014 08:55:01]
    AdwCleaner[R1].txt - [10852 octets] - [18/01/2015 03:25:39]
    AdwCleaner[R2].txt - [1154 octets] - [31/01/2015 13:20:19]
    AdwCleaner[R3].txt - [1163 octets] - [02/02/2015 11:34:58]
    AdwCleaner[S0].txt - [45294 octets] - [21/04/2014 08:56:33]
    AdwCleaner[S1].txt - [10884 octets] - [18/01/2015 03:27:01]
    AdwCleaner[S2].txt - [1218 octets] - [31/01/2015 13:25:53]
    AdwCleaner[S3].txt - [1085 octets] - [02/02/2015 11:36:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1145 octets] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by cp2012 on 01/02/2015 at 13:40:59.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/02/2015 at 10:10:21.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by cp2012 (administrator) on CP2012-HP on 02-02-2015 11:10:58
    Running from C:\Users\cp2012\Desktop
    Loaded Profiles: cp2012 (Available profiles: cp2012)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Dropbox, Inc.) C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files (x86)\Content Manager\CmTray.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Leader Technologies/Epson) C:\Users\cp2012\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [My Scrap Nook Home Page Guard 64 bit] => "C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe"
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-08-16] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226704 2013-03-07] (Research In Motion Limited)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-27] (Google Inc.)
    HKU\S-1-5-18\...\Run: [ISUSPM] => -scheduler
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\cp2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
    ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\cp2012\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
    Startup: C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    HKU\S-1-5-21-4211978626-972589915-279576106-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
    SearchScopes: HKLM -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-4211978626-972589915-279576106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\cp2012\AppData\Roaming\Mozilla\Firefox\Profiles\6od7941t.default-1401247939329
    FF DefaultSearchEngine: Google
    FF Homepage: https://www.google.ca/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4211978626-972589915-279576106-1000: @citrixonline.com/appdetectorplugin -> C:\Users\cp2012\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Extension: Buzz Social Points - C:\Program Files (x86)\Mozilla Firefox\extensions\buzzsocial@buzzsocialpoints.com.xpi [2015-01-27]
    FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-16]
    FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
    FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-08-11]
    FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR Profile: C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SEOquake) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-06-17]
    CHR Extension: (Google Wallet) - C:\Users\cp2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
    CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-08-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
    S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
    S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-16] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-12] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-02 10:10 - 2015-02-02 10:10 - 00000716 _____ () C:\Users\cp2012\Desktop\JRT.txt
    2015-02-01 17:43 - 2015-02-01 17:43 - 00430868 _____ () C:\Users\cp2012\Downloads\Attachments_201521.zip
    2015-02-01 13:41 - 2015-02-01 13:41 - 00006464 _____ () C:\Windows\system32\PerfStringBackup.TMP
    2015-01-31 23:17 - 2015-01-31 23:17 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT.exe
    2015-01-31 13:19 - 2015-01-31 13:19 - 02194432 _____ () C:\Users\cp2012\Desktop\adwcleaner_4.109.exe
    2015-01-31 08:51 - 2015-01-31 08:51 - 00022974 _____ () C:\Users\cp2012\Downloads\viewDownload(1).go
    2015-01-30 21:32 - 2015-02-02 11:10 - 00000000 ____D () C:\Users\cp2012\Desktop\FRST-OlderVersion
    2015-01-28 09:23 - 2015-01-28 09:23 - 00852573 _____ () C:\Users\cp2012\Desktop\SecurityCheck.exe
    2015-01-27 15:56 - 2015-02-01 13:34 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-27 15:56 - 2015-02-01 13:34 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-27 10:54 - 2015-02-02 11:11 - 00022758 _____ () C:\Users\cp2012\Desktop\FRST.txt
    2015-01-27 10:54 - 2015-01-28 09:58 - 00044203 _____ () C:\Users\cp2012\Desktop\Addition.txt
    2015-01-27 09:13 - 2015-01-27 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-26 08:30 - 2015-01-26 08:30 - 00323010 _____ () C:\Users\cp2012\Downloads\viewDownload.go
    2015-01-25 16:28 - 2015-01-25 16:28 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
    2015-01-25 16:28 - 2015-01-25 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
    2015-01-25 13:27 - 2015-01-25 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-01-25 13:26 - 2015-01-25 13:26 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2015-01-25 13:26 - 2015-01-25 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-01-25 13:26 - 2015-01-25 13:26 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2015-01-25 13:24 - 2015-01-25 13:24 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files\iPod
    2015-01-25 13:24 - 2015-01-25 13:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-25 06:13 - 2015-01-25 06:13 - 04745728 _____ (AVAST Software) C:\Users\cp2012\Desktop\aswMBR(1).exe
    2015-01-25 06:09 - 2015-01-25 06:48 - 00000000 ____D () C:\Users\cp2012\Desktop\ScanFiles
    2015-01-25 06:08 - 2015-01-28 09:32 - 00000000 ____D () C:\Users\cp2012\Downloads\FRST-OlderVersion
    2015-01-23 22:33 - 2015-01-23 22:46 - 00000000 ____D () C:\10af7caede595e38e1
    2015-01-21 13:14 - 2015-01-21 13:14 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT(2).exe
    2015-01-21 10:32 - 2015-02-02 11:08 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-21 10:32 - 2015-02-02 11:08 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4211978626-972589915-279576106-1000
    2015-01-18 19:37 - 2015-01-18 19:48 - 00000000 ____D () C:\Users\cp2012\Desktop\ParkingDetroit
    2015-01-18 16:08 - 2015-01-18 16:08 - 01707939 _____ (Thisisu) C:\Users\cp2012\Desktop\JRT(1).exe
    2015-01-18 03:35 - 2015-01-18 03:35 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-18 03:33 - 2015-01-18 03:33 - 00010884 _____ () C:\Users\cp2012\Desktop\AdwCleaner[S1].txt
    2015-01-18 03:16 - 2015-01-18 03:16 - 00000988 _____ () C:\Users\cp2012\Desktop\checkup.txt
    2015-01-14 09:56 - 2015-01-14 09:56 - 00069765 _____ () C:\Users\cp2012\Downloads\statement(2).aspx
    2015-01-14 09:56 - 2015-01-14 09:56 - 00068746 _____ () C:\Users\cp2012\Downloads\statement(1).aspx
    2015-01-14 09:55 - 2015-01-14 09:55 - 00068746 _____ () C:\Users\cp2012\Downloads\statement.aspx
    2015-01-13 14:51 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 14:51 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 14:51 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-13 14:51 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-13 14:51 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-13 14:51 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-13 14:51 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-13 14:51 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-13 14:51 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 14:51 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 14:51 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 11:18 - 2015-01-13 12:18 - 00003879 _____ () C:\Users\cp2012\Desktop\aswMBR.txt
    2015-01-13 11:18 - 2015-01-13 12:18 - 00000512 _____ () C:\Users\cp2012\Desktop\MBR.dat
    2015-01-13 11:13 - 2015-01-13 11:13 - 05198336 _____ (AVAST Software) C:\Users\cp2012\Desktop\aswMBR.exe
    2015-01-13 11:13 - 2015-01-13 11:13 - 00045991 _____ () C:\Users\cp2012\Downloads\Addition.txt
    2015-01-13 11:12 - 2015-01-27 10:40 - 00042503 _____ () C:\Users\cp2012\Downloads\FRST.txt
    2015-01-13 11:10 - 2015-02-02 11:11 - 00000000 ____D () C:\FRST
    2015-01-13 11:10 - 2015-02-02 11:10 - 02131456 _____ (Farbar) C:\Users\cp2012\Desktop\FRST64.exe
    2015-01-13 11:10 - 2015-01-13 11:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CP2012-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2015-01-13 11:09 - 2015-01-13 11:09 - 00000000 ____D () C:\Users\cp2012\CP2012-HP
    2015-01-13 11:06 - 2015-01-13 11:06 - 00002237 _____ () C:\Users\cp2012\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-13 11:06 - 2015-01-13 11:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-13 11:05 - 2015-01-13 11:05 - 04215584 _____ () C:\Users\cp2012\Desktop\tweaking.com_registry_backup_setup.exe
    2015-01-12 12:52 - 2015-01-12 12:52 - 00153894 _____ () C:\Users\cp2012\Desktop\Copy of Squirt Calender 2015 --Schram.xlsx
    2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2015-01-03 17:30 - 2015-01-03 18:02 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Anvsoft
    2015-01-03 17:30 - 2015-01-03 17:30 - 00000000 ____D () C:\Users\cp2012\Documents\Any Video Converter

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-02 11:12 - 2012-09-13 22:26 - 00000000 ____D () C:\ProgramData\MFAData
    2015-02-02 11:11 - 2013-06-23 19:25 - 00000000 ___RD () C:\Users\cp2012\Dropbox
    2015-02-02 11:11 - 2013-06-23 19:22 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Dropbox
    2015-02-02 11:09 - 2012-04-12 16:43 - 00000000 ____D () C:\ProgramData\PDFC
    2015-02-02 11:08 - 2012-08-27 11:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-02 11:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-02 11:08 - 2009-07-13 23:51 - 00089059 _____ () C:\Windows\setupact.log
    2015-02-02 11:07 - 2012-07-05 22:09 - 01817050 _____ () C:\Windows\WindowsUpdate.log
    2015-02-02 11:03 - 2012-08-27 11:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-02 10:52 - 2012-07-14 02:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-01 22:48 - 2012-07-05 22:19 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C9F7652-FBD3-4B12-89F2-B7F72B5A1255}
    2015-02-01 20:25 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\c-Anya
    2015-02-01 13:42 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-01 13:42 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-01 11:17 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\b-Moira
    2015-02-01 07:24 - 2012-07-09 08:35 - 00000000 ____D () C:\Users\cp2012\AppData\Local\CrashDumps
    2015-02-01 01:49 - 2012-11-28 14:50 - 00000000 ____D () C:\Users\cp2012\Desktop\Cy
    2015-02-01 01:44 - 2011-02-11 12:15 - 00792262 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-01 00:19 - 2012-11-28 14:49 - 00000000 ____D () C:\Users\cp2012\Desktop\a-Jake
    2015-02-01 00:12 - 2012-11-28 14:48 - 00000000 ____D () C:\Users\cp2012\Desktop\Anula
    2015-01-31 23:55 - 2014-09-19 17:51 - 00000000 ____D () C:\Users\cp2012\Desktop\WalgrrensSept2014
    2015-01-31 13:42 - 2012-08-27 11:28 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Google
    2015-01-31 13:34 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-31 13:27 - 2010-11-20 22:47 - 02257108 _____ () C:\Windows\PFRO.log
    2015-01-31 13:26 - 2014-04-21 08:54 - 00000000 ____D () C:\AdwCleaner
    2015-01-31 07:01 - 2012-12-05 08:39 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcp2012
    2015-01-31 07:01 - 2012-12-05 08:39 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForcp2012.job
    2015-01-30 21:36 - 2013-10-04 12:31 - 00840192 ___SH () C:\Users\cp2012\Desktop\Thumbs.db
    2015-01-30 21:31 - 2012-07-21 18:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-30 21:31 - 2012-07-10 13:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-27 15:57 - 2012-11-28 19:04 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Apple Computer
    2015-01-27 15:55 - 2009-07-13 23:45 - 00509264 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-27 15:54 - 2012-10-11 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-27 10:58 - 2012-08-27 11:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-01-27 10:58 - 2012-08-27 11:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-25 16:31 - 2012-08-03 08:48 - 00129800 _____ () C:\Users\cp2012\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-25 16:28 - 2013-11-27 14:52 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
    2015-01-25 16:27 - 2012-11-28 19:03 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Apple
    2015-01-25 13:24 - 2014-09-15 06:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-01-25 13:24 - 2012-11-28 19:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-25 06:52 - 2012-12-07 18:45 - 00000000 ____D () C:\Users\cp2012\.smplayer
    2015-01-25 04:43 - 2012-07-14 02:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 04:43 - 2012-07-14 02:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 04:43 - 2012-04-12 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-21 15:15 - 2012-10-18 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-01-21 14:58 - 2012-07-05 22:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Adobe
    2015-01-21 10:41 - 2014-10-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-21 10:39 - 2014-06-03 13:46 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-18 19:27 - 2014-03-23 21:24 - 00000000 ____D () C:\Users\cp2012\AppData\Local\Windows Live
    2015-01-13 21:27 - 2013-06-23 19:25 - 00001025 _____ () C:\Users\cp2012\Desktop\Dropbox.lnk
    2015-01-13 21:27 - 2013-06-23 19:23 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-01-13 14:55 - 2013-07-14 08:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 14:51 - 2012-07-11 22:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 11:09 - 2012-07-05 22:11 - 00000000 ____D () C:\Users\cp2012
    2015-01-12 08:42 - 2012-07-05 22:20 - 00000000 ____D () C:\Users\cp2012\AppData\Local\PDFC
    2015-01-09 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-03 18:27 - 2012-07-20 15:57 - 00000000 ____D () C:\Users\cp2012\AppData\Roaming\SoftGrid Client
    2015-01-03 18:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-01-03 16:44 - 2012-12-07 18:54 - 00012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Files in the root of some directories =======

    2012-08-13 03:59 - 2012-08-13 03:59 - 125106169 _____ () C:\Program Files\openofficeorg1.cab
    2012-08-13 03:58 - 2012-08-13 03:58 - 3162112 _____ () C:\Program Files\openofficeorg341.msi
    2012-08-13 03:58 - 2012-08-13 03:58 - 0473600 _____ () C:\Program Files\setup.exe
    2012-08-13 03:58 - 2012-08-13 03:58 - 0000294 _____ () C:\Program Files\setup.ini
    2013-06-26 17:14 - 2014-03-20 22:39 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.Exception.log
    2013-10-01 08:42 - 2014-03-16 22:32 - 0005569 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-10-01 08:46 - 2014-12-04 17:00 - 0000462 _____ () C:\Users\cp2012\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2013-10-01 08:57 - 2014-12-04 17:00 - 0000539 _____ () C:\Users\cp2012\AppData\Roaming\Rim.Transcoder.Exception.log
    2012-12-07 18:54 - 2015-01-03 16:44 - 0012288 _____ () C:\Users\cp2012\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-21 23:44 - 2013-05-21 23:44 - 0000877 _____ () C:\Users\cp2012\AppData\Local\recently-used.xbel

    Some content of TEMP:
    ====================
    C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn4jkmb.dll
    C:\Users\cp2012\AppData\Local\Temp\Quarantine.exe
    C:\Users\cp2012\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-25 23:49

    ==================== End Of Log ============================

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi spyCype,

    Each time you run AdwCleaner the log it will generate will have a different number assigned to that scan [S0, S1, S2 etc or R0, R1, R2 etc] depending on if I asked you to just run a scan [R+ number] or do a scan plus a clean [S + number].

    If I need you to run AdwCleaner again, just post the most recent log it has provided. Also, all logs can be found here: C:\AdwCleaner\ (provided C is your hard drive location).

    Are you actively using AVG - anti-virus?
    If not uninstall it via the Control Panel.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    SearchScopes: HKLM -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {44AB3196-E782-4E57-B65F-8EFAAAF62DDC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    C:\Users\cp2012\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn4jkmb.dll
    C:\Users\cp2012\AppData\Local\Temp\Quarantine.exe
    C:\Users\cp2012\AppData\Local\Temp\sqlite3.dll
    EmptyTemp:
    Hosts:
    CMD: ipconfig /flushdns
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Malwarebytes' Anti-Malware

    Download Malwarebytes' Anti-Malware (save it to your desktop).
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Select Scan tab.
    • Select type of scan to perform:

      • Threat Scan < --- Select this type of scan
      • Custom Scan
      • Hyper Scan
    • Next click the Scan button.
    • When the scan is complete, if no malicious items are found you can close the program.
    • If malicious items are found be sure that everything is checked, and click Quarantine .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • Fixlog.txt
    • MBAM log
    • ESET's log.txt
    • How's the computer running?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •