Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help in removing "fbdownloader" as its "SELF SET" as my home page


  • This topic is locked This topic is locked
9 replies to this topic

#1 RyanKelly8235

RyanKelly8235

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 September 2014 - 11:51 AM

I had this on my win 7 laptop once b4 but for the life of me I cannot seem to recall has to how on earth I ended up removing it and now that it is BACK I need just a little help to getting rid of it and hopefully for GOOD thank you for your help in this manner.

Attached Files

  • Attached File  DDS1.txt   28.57KB   5 downloads


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:44 PM

Posted 27 September 2014 - 06:04 AM

:welcome:

Hello RyanKelly8235,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 RyanKelly8235

RyanKelly8235
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 September 2014 - 04:22 AM

Hello Jo I have just now had a chance to log in and check for a reply to my question/topic and thank you for the help I am pretty savvy whenever it comes to electronics and tech stuff so I am sure that will help out as I stated in my first post I have had this issue before and removed it through combo fix I THINK however although I am running Microsoft Security Ess on my laptop now and always I still somehow managed to download this mostly irritating worm/virus lol though not everything is perfect in this world so I do understand how/why it could/did miss this one but here are the attachments that you asked for and once more THANK YOU for your help.

 

CHECKUP.TXT

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader out of Date!
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 42% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````END OF LOG``````````````````````
 
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by Ryan Kelly at 2014-09-28 03:45:14
Running from C:\Users\Ryan Kelly\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30182 - BitTorrent Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0216.726.13233 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0216.726.13233 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0216.726.13233 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help English (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help French (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help German (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
ccc-utility64 (Version: 2011.0216.726.13233 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DownTango Launcher Toolbar (HKLM-x32\...\{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1) (Version:  - DownTango Launcher Toolbar) <==== ATTENTION
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKCU\...\Inkscape) (Version: 0.48.2 - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 Preview (HKLM\...\Office15.PROPLUS) (Version: 15.0.4128.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 Preview - English (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 Preview - French (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 Preview - Spanish (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft OSM MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft OSM UX MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Professional Plus 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Proofing (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Shared 32-bit MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Shared MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4128.1014 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mobile Hotspot Admin (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plantronics MyHeadset Updater (x64) (HKLM\...\{D85873EE-09C9-4E3D-BC2E-F8DCE2F79ADD}) (Version: 2.8.26503.0 - Plantronics, Inc.)
Plantronics Spokes Software (HKLM-x32\...\{DFA4B07C-2DC9-42CC-9765-EEF71DDE0D88}) (Version: 2.8.38701.2 - Plantronics, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.1 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
unlock-allphones version 4.2 (HKLM-x32\...\{AB6B4C80-0FFA-4B94-AA93-FF133C57DCC1}_is1) (Version: 4.2 - unlock-allphones.com, Inc.)
Update for Image Editor (HKCU\...\Digital Sites) (Version:  - Update for Image Editor) <==== ATTENTION
Update for Microsoft Outlook 2013 Previ (HKLM\...\{20150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B4E0635D-5901-4984-B1BF-70A841B4115D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USIM Editor 1.0.25.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version:  - )
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wondershare Dr.Fone for iOS(Build 4.5.1.6) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.5.1.6 - Wondershare Software Co.,Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-833437875-179481982-3674708652-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-833437875-179481982-3674708652-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-833437875-179481982-3674708652-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-833437875-179481982-3674708652-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-07-2014 18:40:42 Windows Update
16-07-2014 12:10:09 Windows Backup
16-07-2014 13:44:17 Configured NTI Backup Now EZ
21-09-2014 03:58:25 Scheduled Checkpoint
21-09-2014 07:07:23 Windows Update
21-09-2014 08:27:37 Windows Update
22-09-2014 14:39:34 Windows Update
23-09-2014 17:49:03 Windows Modules Installer
25-09-2014 01:56:44 Windows Update
26-09-2014 15:23:37 Installed Java 7 Update 67
28-09-2014 05:59:17 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ___AC C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {154D133C-4214-4C45-BC70-F99EA87D1F48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {18F16F9B-40FA-4CF3-AE21-7681ECB298A4} - System32\Tasks\{F626A87D-D2D7-4DD3-BC93-66FAB02DB973} => C:\Program Files (x86)\unlock-allphones\IPhoneHack.exe [2013-12-03] ()
Task: {1AEEABF0-EDF0-4BF9-A72C-EA771EF631CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {1DC57A48-AFCB-4F6C-A780-5003DB7060CF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-06-23] (Microsoft Corporation)
Task: {28EF8F03-A714-4720-A4FF-B3CECA3C6028} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-06-23] (Microsoft Corporation)
Task: {2F2B19C1-5FEA-4D94-B21F-27B804B9BBEA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {39A3F16F-AADB-4EDE-BD97-3240C5DF194B} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {3B00781B-B236-4A3D-9AD0-E458B7902938} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {3B12DE43-7326-47FA-8D11-16B7B06DF914} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001UA => C:\Users\Ryan Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {3CBB2B87-C0CD-49E1-BAB2-EE6BDB9FA2C2} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] (Trusted Software ApS) <==== ATTENTION
Task: {486BB5BF-4BB2-47C5-B474-B9EE61CF46D3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5194D984-03A9-446C-8D54-F565F65EA84B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {6841F72D-2158-4C15-ACFB-16B25A63A095} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {6A108F16-A4AD-4014-B878-5F74D856146A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6F6DE62C-2506-4CCF-AE31-AAE894E1BC07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-06-23] (Microsoft Corporation)
Task: {745214A5-0BF3-462C-AFBF-4E14021ED340} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {74607F2E-41D2-4D17-8B89-812F1A54A7F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {79FCF924-DD88-4DD1-9607-A301A25AB372} - System32\Tasks\{8748BB9A-536E-47CE-855C-89C8874373EB} => C:\Program Files (x86)\unlock-allphones\IPhoneHack.exe [2013-12-03] ()
Task: {7E81EF85-689A-40E6-872C-5060ED50DA57} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {8DF3FF48-CC55-420E-82BD-BA49E54722D7} - System32\Tasks\Bitvise\Persistent BvSshServer Control Panel\S-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files\Bitvise SSH Server\BssCtrl.exe
Task: {976207D1-9983-4E14-865E-36595B9D7D2B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {9A3CA6E7-0D6F-4749-96D0-22081A79D8EA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {9BB5B46B-55F8-4584-9A5A-C809804AD30C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001Core => C:\Users\Ryan Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {C2B0833B-8604-4B62-900D-A51EB04DFE87} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C52CE3B0-39B7-45FB-812B-BD14CC0CD573} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E171423E-CB13-487A-A823-B4FE8B72F5F5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {E4E969F1-689C-46E7-B041-4C5E75942448} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-833437875-179481982-3674708652-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {E6F405EA-BBAE-40CA-B62C-4835957C431F} - System32\Tasks\AmiUpdXp => C:\Users\Ryan Kelly\AppData\Local\23088\a29851.exe [2014-05-26] () <==== ATTENTION
Task: {F0214AD1-9150-4C25-8456-ACC3E890FCEA} - System32\Tasks\AdobeAAMUpdater-1.0-Ryans-Laptop-Ryan Kelly => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {FEA930F4-3B83-47D6-84E0-88F97DF3A609} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Ryan Kelly\AppData\Local\23088\a29851.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001Core.job => C:\Users\Ryan Kelly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001UA.job => C:\Users\Ryan Kelly\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-23 02:40 - 2014-06-23 02:55 - 00073728 ____C () C:\windows\SysWOW64\afasrv64.exe
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 ____C () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 ____C () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-06-23 19:19 - 2012-06-23 19:19 - 06307928 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-04-07 18:07 - 2010-04-07 18:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2011-03-29 21:48 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2013-10-27 22:50 - 2013-03-22 10:56 - 00776480 ____C () C:\Program Files\Plantronics\GameCom780\GameCom780.exe
2014-06-23 02:55 - 2014-06-23 02:55 - 05124608 ____C () C:\Program Files (x86)\USIM Editor\iconcs6211741.exe
2011-02-16 09:25 - 2011-02-16 09:25 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-19 16:15 - 2010-10-19 16:15 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 ____C () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-09-28 03:35 - 2014-09-28 03:35 - 00854417 ____C () C:\Users\Ryan Kelly\Downloads\SecurityCheck.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 ____C () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-05-26 09:39 - 2014-05-26 09:39 - 00859224 ____C () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-04-04 02:10 - 2013-04-04 02:10 - 00032768 ____C () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll
2013-10-27 22:50 - 2013-03-22 10:56 - 00149792 ____C () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll
2014-03-06 22:23 - 2014-03-06 22:23 - 00067984 ____C () C:\windows\assembly\GAC_MSIL\Plantronics.Config.XmlSerializers\2.8.38701.2__a8048bce41894b6e\Plantronics.Config.XmlSerializers.dll
2013-10-30 10:33 - 2013-10-30 10:33 - 00098704 _____ () C:\Program Files (x86)\Plantronics\PlantronicsURE\Plantronics.UC.Rest.dll
2013-10-30 10:33 - 2013-10-30 10:33 - 00016784 _____ () C:\Program Files (x86)\Plantronics\PlantronicsURE\Plantronics.UC.Rest.JsonpExtension.dll
2012-11-17 01:47 - 2012-11-17 01:48 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2014-09-28 00:47 - 2014-09-28 00:47 - 00098816 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32api.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00110080 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\pywintypes27.dll
2014-09-28 00:47 - 2014-09-28 00:47 - 00364544 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\pythoncom27.dll
2014-09-28 00:47 - 2014-09-28 00:47 - 00045568 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_socket.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 01160704 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_ssl.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00320512 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32com.shell.shell.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00713216 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_hashlib.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 01175040 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._core_.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00805888 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._gdi_.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00811008 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._windows_.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 01062400 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._controls_.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00735232 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._misc_.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00128512 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_elementtree.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00127488 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\pyexpat.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00557056 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\pysqlite2._sqlite.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00007168 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\hashobjs_ext.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00087552 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_ctypes.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00119808 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32file.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00108544 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32security.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00018432 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32event.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00038912 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32inet.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00070656 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._html2.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00167936 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32gui.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00011264 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32crypt.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00027136 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\_multiprocessing.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00686080 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\unicodedata.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00122368 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._wizard.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00010240 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\select.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00024064 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32pipe.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00025600 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32pdh.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00525640 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\windows._lib_cacheinvalidation.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00035840 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32process.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00017408 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32profile.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00022528 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\win32ts.pyd
2014-09-28 00:47 - 2014-09-28 00:47 - 00078336 ____C () C:\Users\Ryan Kelly\AppData\Local\Temp\_MEI50242\wx._animate.pyd
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-06-23 19:20 - 2012-06-23 19:20 - 06307928 ____C () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-24 19:28 - 2014-09-22 23:06 - 01098056 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 19:28 - 2014-09-22 23:06 - 00174408 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 19:28 - 2014-09-22 23:07 - 08577864 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 19:28 - 2014-09-22 23:07 - 00331592 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 19:28 - 2014-09-22 23:06 - 01660232 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 19:28 - 2014-09-22 23:07 - 14891848 ____C () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-833437875-179481982-3674708652-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Seagate Dashboard Services => 2
MSCONFIG\Services: Tether => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: YahooAUService => 2
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-833437875-179481982-3674708652-500 - Administrator - Disabled)
Guest (S-1-5-21-833437875-179481982-3674708652-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-833437875-179481982-3674708652-1010 - Limited - Enabled)
iPhone 4s (S-1-5-21-833437875-179481982-3674708652-1008 - Limited - Enabled)
Ryan 5s (S-1-5-21-833437875-179481982-3674708652-1012 - Limited - Enabled)
Ryan Kelly (S-1-5-21-833437875-179481982-3674708652-1001 - Administrator - Enabled) => C:\Users\Ryan Kelly
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/28/2014 00:55:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418207
 
Error: (09/28/2014 00:47:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 00:45:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/26/2014 05:35:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 05:34:38 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/26/2014 01:39:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MDCrashReportTool.exe, version: 17.863.1.44, time stamp: 0x52fa24ee
Faulting module name: objc.dll, version: 1.528.0.29, time stamp: 0x52a192bc
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0xcd0
Faulting application start time: 0xMDCrashReportTool.exe0
Faulting application path: MDCrashReportTool.exe1
Faulting module path: MDCrashReportTool.exe2
Report Id: MDCrashReportTool.exe3
 
Error: (09/26/2014 11:03:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Exception code: 0xc0000005
Fault offset: 0x000000000003dff2
Faulting process id: 0x7c8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/26/2014 10:23:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418207
 
Error: (09/26/2014 10:14:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 10:13:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
Error: (09/28/2014 03:43:38 AM) (Source: WudfUsbccidDriver) (EventID: 7) (User: NT AUTHORITY)
Description: ReaderCompletionUnknownMsgType0x0
 
 
Microsoft Office Sessions:
=========================
Error: (09/28/2014 00:55:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418207
 
Error: (09/28/2014 00:47:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 00:45:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/26/2014 05:35:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 05:34:38 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/26/2014 01:39:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MDCrashReportTool.exe17.863.1.4452fa24eeobjc.dll1.528.0.2952a192bcc000000500006be4cd001cfd9b7d0357642C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll7bce6210-45ac-11e4-b080-00266ccb2972
 
Error: (09/26/2014 11:03:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4Explorer.EXE6.1.7601.175674d672ee4c0000005000000000003dff27c801cfd99c5b1282b5C:\windows\Explorer.EXEC:\windows\Explorer.EXEaed31130-4596-11e4-b080-00266ccb2972
 
Error: (09/26/2014 10:23:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418207
 
Error: (09/26/2014 10:14:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 10:13:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
==================== Memory info =========================== 
 
Processor: AMD C-50 Processor
Percentage of memory in use: 67%
Total physical RAM: 2662.87 MB
Available physical RAM: 855.5 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 2216.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:166.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2B538AD9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)
 
==================== End Of Log ============================
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by Ryan Kelly (administrator) on RYANS-LAPTOP on 28-09-2014 03:41:19
Running from C:\Users\Ryan Kelly\Downloads
Loaded Profile: Ryan Kelly (Available profiles: Ryan Kelly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\afasrv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\Program Files (x86)\USIM Editor\iconcs6211741.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
() C:\Users\Ryan Kelly\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-04-04] (Plantronics)
HKLM\...\Run: [PAC207_Monitor] => C:\windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [(default)] => [X]
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs5301522.exe RunFromReg
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PlantronicsURE.exe] => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-10-30] (Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-10-30] (Plantronics, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-11-17] (Google)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DBAgent] => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs6211741.exe [5124608 2014-06-23] ()
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [googletalk] => C:\Users\Ryan Kelly\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Google Update] => C:\Users\Ryan Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-30] (Google Inc.)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Facebook Update] => "C:\Users\Ryan Kelly\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [SCheck] => C:\Users\Ryan Kelly\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Snoozer] => C:\Users\Ryan Kelly\AppData\Roaming\Snz\Snz.exe [1620064 2014-09-06] ()
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [DataMgr] => C:\Users\Ryan Kelly\AppData\Roaming\DataMgr\DataMgr.exe [168776 2013-01-26] (HTTO Group, Ltd.)
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Intermediate] => C:\Users\Ryan Kelly\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Sixth] => C:\Users\Ryan Kelly\AppData\Roaming\Sixth\Sixth.exe [63618 2014-08-19] ()
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\Run: [Seventh] => C:\Users\Ryan Kelly\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-19] ()
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\MountPoints2: {211f9506-bf9c-11e3-b559-00266ccb2972} - E:\Setup.exe
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\MountPoints2: {59b5e551-29bf-11e3-a789-00266ccb2972} - E:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\MountPoints2: {af60427a-7543-11e2-b3f8-00266ccb2972} - E:\LaunchU3.exe
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\MountPoints2: {fab4626b-facd-11e3-853b-00266ccb2972} - E:\AutoRun.exe
HKU\S-1-5-21-833437875-179481982-3674708652-1001\...\MountPoints2: {fab46278-facd-11e3-853b-00266ccb2972} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [ImperioServer] => C:\Program Files (x86)\Imperio\Imperio Server\ImperioServer.exe MIN
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-02] (Client Connect LTD)
AppInit_DLLs-x32:  C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-11-17] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Ryan Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Ryan Kelly\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
Startup: C:\Users\Ryan Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe (Oracle Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=msus200fbdgy6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3954BD25-1FB7-4FC4-B2AB-3240803580B4} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
SearchScopes: HKCU - {59B4EA34-0EEA-4C9E-8991-1BC00BC82ED3} URL = 
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=FVUJm0l5b9bcSFVSFO3lDZaxHJI?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
SearchScopes: HKCU - {BF004E38-B5EF-431E-BA2A-B2595C1AA21E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DownTango Launcher Toolbar -> {b52d0735-ec19-448a-abde-e01b5bd275d2} -> C:\Users\Ryan Kelly\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll (Simplytech Ltd.)
BHO-x32: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DownTango Launcher Toolbar - {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\Ryan Kelly\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan Kelly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npffividiplg.dll (iVIDI.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan Kelly\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan Kelly\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (Search by Image (by Google)) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-01]
CHR Extension: (Voice Search) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2014-03-01]
CHR Extension: (RealPlayer Downloader) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-04]
CHR Extension: (Google Voice (by Google)) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-01]
CHR Extension: (Whois this!!) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-02-13]
CHR Extension: (SearchLock) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2014-09-26]
CHR Extension: (Fiery Horse chrome Theme) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp [2014-09-26]
CHR Extension: (Google Wallet) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (SpeakIt!) - C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-03-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\RYANKE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [ejdabpabkmacjiiooccecnpakonoibah] - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AfaService; C:\windows\SysWOW64\afasrv64.exe [73728 2014-06-23] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2998232 2014-09-02] (Client Connect LTD)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-11-17] (Google)
R2 HPSLPSVC; C:\Users\Ryan Kelly\AppData\Local\Temp\7zS27A0\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-26] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2011-02-25] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2013-04-04] (CSR plc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
S3 rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66088 2009-10-21] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2012-02-05] (The OpenVPN Project) [File not signed]
S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-12-29] (ZTE Incorporated)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 03:41 - 2014-09-28 03:43 - 00039743 ____C () C:\Users\Ryan Kelly\Downloads\FRST.txt
2014-09-28 03:40 - 2014-09-28 03:41 - 00000000 ___DC () C:\FRST
2014-09-28 03:38 - 2014-09-28 03:38 - 02108928 ____C (Farbar) C:\Users\Ryan Kelly\Downloads\FRST64.exe
2014-09-28 03:35 - 2014-09-28 03:35 - 00854417 ____C () C:\Users\Ryan Kelly\Downloads\SecurityCheck.exe
2014-09-26 11:54 - 2014-09-26 11:54 - 00029256 ____C () C:\Users\Ryan Kelly\Downloads\DDS1.txt
2014-09-26 11:40 - 2014-09-26 11:40 - 00029256 ____C () C:\Users\Ryan Kelly\Desktop\DDS2.txt
2014-09-26 11:39 - 2014-09-26 11:39 - 00029256 ____C () C:\Users\Ryan Kelly\Desktop\DDS1.txt
2014-09-26 11:37 - 2014-09-26 11:37 - 00025683 ____C () C:\Users\Ryan Kelly\Desktop\attach.txt
2014-09-26 11:37 - 2014-09-26 11:36 - 00029256 ____C () C:\Users\Ryan Kelly\Desktop\dds.txt
2014-09-26 11:29 - 2014-09-26 11:30 - 00688992 ___RC (Swearware) C:\Users\Ryan Kelly\Downloads\dds.com
2014-09-26 10:28 - 2014-09-26 10:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-26 10:28 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-26 10:28 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-26 10:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-26 10:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-26 10:25 - 2014-09-26 10:28 - 00004489 ____C () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-24 19:16 - 2014-09-24 20:08 - 821860884 ____C () C:\Users\Ryan Kelly\Downloads\iPhone6,1_7.1.2_11D257_Restore.ipsw
2014-09-24 19:01 - 2014-09-24 20:58 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-24 19:01 - 2014-09-24 20:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 13:00 - 2014-09-23 13:04 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-23 13:00 - 2014-09-23 13:04 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-23 12:59 - 2014-09-23 13:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-23 12:59 - 2014-09-23 13:04 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-23 12:59 - 2014-09-23 13:04 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-23 12:59 - 2014-09-23 13:04 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-23 12:59 - 2014-09-23 13:04 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-23 12:59 - 2014-09-23 13:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-23 12:59 - 2014-09-23 13:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-23 12:59 - 2014-09-23 13:04 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-23 12:59 - 2014-09-23 13:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-23 12:59 - 2014-09-23 13:03 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-23 12:59 - 2014-09-23 13:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-23 12:58 - 2014-09-23 13:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-23 12:58 - 2014-09-23 13:04 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-23 12:58 - 2014-09-23 13:04 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-22 19:35 - 2014-09-22 19:35 - 00003234 ____C () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-833437875-179481982-3674708652-1001
2014-09-22 19:32 - 2014-09-28 00:47 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\Seventh
2014-09-22 11:28 - 2014-09-22 11:28 - 00001233 ____C () C:\Users\Ryan Kelly\Desktop\Pangu_v1.2.1.exe - Shortcut.lnk
2014-09-22 10:34 - 2014-09-28 03:16 - 00003380 ____C () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001
2014-09-22 10:34 - 2014-09-28 03:16 - 00003256 ____C () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-833437875-179481982-3674708652-1001
2014-09-22 10:03 - 2014-09-22 10:03 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-22 10:03 - 2014-09-22 10:03 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-22 09:49 - 2014-09-22 09:59 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-09-22 09:49 - 2014-09-22 09:59 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-09-22 09:49 - 2014-09-22 09:59 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-09-22 09:49 - 2014-09-22 09:59 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-09-22 09:48 - 2014-09-22 09:59 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-09-22 09:48 - 2014-09-22 09:59 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-09-22 09:46 - 2014-09-22 09:59 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-09-22 09:46 - 2014-09-22 09:59 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-09-22 09:42 - 2014-09-22 09:42 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\Snz
2014-09-22 09:42 - 2014-09-22 09:42 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\Sixth
2014-09-22 09:42 - 2014-09-22 09:42 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\Intermediate
2014-09-21 19:24 - 2014-09-22 12:42 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-21 19:24 - 2014-09-22 12:42 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-21 19:24 - 2014-09-22 11:32 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-21 19:24 - 2014-09-22 11:32 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-09-21 19:24 - 2014-09-22 11:24 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-09-21 19:24 - 2014-09-22 11:14 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-09-21 19:23 - 2014-09-22 10:29 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-21 19:23 - 2014-09-22 10:29 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-21 19:18 - 2014-09-22 10:05 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-21 19:18 - 2014-09-22 10:05 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-21 19:18 - 2014-09-22 10:05 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-21 19:18 - 2014-09-22 10:05 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-21 19:18 - 2014-09-22 10:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-21 19:17 - 2014-09-22 10:02 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-09-21 19:17 - 2014-09-22 10:02 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-21 19:17 - 2014-09-22 10:02 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-21 19:17 - 2014-09-22 10:01 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-09-21 19:17 - 2014-09-22 10:01 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-09-21 03:30 - 2014-09-21 18:45 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-21 03:30 - 2014-09-21 18:45 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-21 03:30 - 2014-09-21 18:45 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-21 03:30 - 2014-09-21 18:45 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-21 03:29 - 2014-09-23 13:24 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-21 03:28 - 2014-09-21 18:46 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-21 03:28 - 2014-09-21 18:46 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-21 03:28 - 2014-09-21 18:46 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-21 03:28 - 2014-09-21 18:46 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-20 20:54 - 2014-09-26 13:29 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Local\pangu
2014-09-20 20:52 - 2014-09-20 20:58 - 35796928 ____C () C:\Users\Ryan Kelly\Downloads\Pangu_v1.2.1 (1).exe
2014-09-20 20:48 - 2014-09-20 20:52 - 35796928 ____C () C:\Users\Ryan Kelly\Downloads\Pangu_v1.2.1.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 03:30 - 2012-03-31 23:20 - 00000830 ____C () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 03:16 - 2011-07-02 22:23 - 01820741 ____C () C:\windows\WindowsUpdate.log
2014-09-28 03:02 - 2011-11-30 21:18 - 00000928 ____C () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001UA.job
2014-09-28 02:55 - 2009-07-13 22:20 - 00000000 ___DC () C:\windows\system32\NDF
2014-09-28 02:46 - 2011-07-02 23:15 - 00000912 ____C () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 02:35 - 2009-07-14 00:13 - 00786558 ____C () C:\windows\system32\PerfStringBackup.INI
2014-09-28 02:02 - 2011-11-30 21:18 - 00000876 ____C () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833437875-179481982-3674708652-1001Core.job
2014-09-28 00:58 - 2009-07-13 23:45 - 00024608 ___HC () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 00:58 - 2009-07-13 23:45 - 00024608 ___HC () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 00:49 - 2014-05-07 16:13 - 00000000 __RDC () C:\Users\Ryan Kelly\Google Drive
2014-09-28 00:48 - 2014-05-26 09:34 - 00000364 ____C () C:\windows\Tasks\AmiUpdXp.job
2014-09-28 00:47 - 2011-07-02 23:15 - 00000908 ____C () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 00:46 - 2011-12-11 20:26 - 00000440 ____C () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-28 00:45 - 2014-05-11 18:12 - 00026142 ____C () C:\windows\setupact.log
2014-09-28 00:45 - 2009-07-14 00:08 - 00000006 ___HC () C:\windows\Tasks\SA.DAT
2014-09-26 13:39 - 2011-11-08 21:25 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Local\CrashDumps
2014-09-26 10:37 - 2014-02-14 00:44 - 00000000 ___DC () C:\ProgramData\Oracle
2014-09-26 10:33 - 2012-03-31 23:20 - 00003768 ____C () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 10:32 - 2012-03-31 23:20 - 00701104 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 10:32 - 2011-11-09 20:21 - 00071344 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 10:28 - 2012-11-03 07:33 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-09-23 13:26 - 2010-11-20 22:47 - 00610692 ____C () C:\windows\PFRO.log
2014-09-22 20:07 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 19:35 - 2014-06-17 17:17 - 00003358 ____C () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-833437875-179481982-3674708652-1001
2014-09-22 13:09 - 2009-07-13 23:45 - 04992344 ____C () C:\windows\system32\FNTCACHE.DAT
2014-09-22 13:07 - 2013-03-18 00:02 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight
2014-09-22 13:07 - 2011-03-29 21:55 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 13:03 - 2009-07-13 22:20 - 00000000 ___DC () C:\windows\PolicyDefinitions
2014-09-22 11:18 - 2011-11-28 15:04 - 00779172 ____C () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-22 11:13 - 2011-11-28 15:05 - 00002155 ____C () C:\windows\epplauncher.mif
2014-09-22 11:13 - 2011-11-28 15:04 - 00002165 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-22 11:12 - 2012-04-27 18:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-22 11:12 - 2011-11-28 15:04 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-22 11:11 - 2013-10-04 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-22 11:06 - 2013-10-12 08:28 - 00000000 ___DC () C:\windows\system32\MRT
2014-09-22 10:21 - 2013-10-06 11:29 - 00002067 ____C () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-22 10:21 - 2013-10-06 11:29 - 00002067 ____C () C:\ProgramData\Desktop\Adobe Reader X.lnk
2014-09-22 10:21 - 2011-03-29 21:53 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-22 09:42 - 2013-02-07 18:33 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\DataMgr
2014-09-22 09:41 - 2013-02-07 18:33 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\SCheck
2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 ____C (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-20 20:28 - 2014-06-23 01:54 - 00002088 ____C () C:\Users\Public\Desktop\Google Sheets.lnk
2014-09-20 20:28 - 2014-06-23 01:54 - 00002088 ____C () C:\ProgramData\Desktop\Google Sheets.lnk
2014-09-20 20:28 - 2014-05-07 15:34 - 00002090 ____C () C:\Users\Public\Desktop\Google Slides.lnk
2014-09-20 20:28 - 2014-05-07 15:34 - 00002090 ____C () C:\ProgramData\Desktop\Google Slides.lnk
2014-09-20 20:28 - 2014-05-07 15:34 - 00002078 ____C () C:\Users\Public\Desktop\Google Docs.lnk
2014-09-20 20:28 - 2014-05-07 15:34 - 00002078 ____C () C:\ProgramData\Desktop\Google Docs.lnk
2014-09-20 20:28 - 2014-05-07 15:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-20 19:41 - 2014-06-16 22:28 - 00000000 ___DC () C:\Program Files (x86)\SearchProtect
2014-09-20 19:25 - 2014-05-20 16:05 - 00001365 ____C () C:\Users\Ryan Kelly\Desktop\ifaith-v1.5.9.zip - Shortcut.lnk
2014-09-20 19:15 - 2012-11-16 21:53 - 00000000 ___DC () C:\Users\Ryan Kelly\AppData\Roaming\Apple Computer
2014-08-29 13:01 - 2011-11-25 17:41 - 101694776 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Ryan Kelly\AppData\Local\Temp\app.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\dlLogic.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\drvinstal.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\JavaIC.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\lowproc.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\mpegc.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\msscct32.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\nsz6339.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\nszF221.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\PhoneSMSAPI.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\spstub.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\sqlite-3.7.15-x86-sqlitejdbc.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\stubhelper.dll
C:\Users\Ryan Kelly\AppData\Local\Temp\USmartEditor.exe
C:\Users\Ryan Kelly\AppData\Local\Temp\x2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-20 22:51
 
==================== End Of Log ============================
 
Well here you go and again thank you for your time/help Jo :clapping:  :thumbup2:  :thumbsup2:  :thumbsup:
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:44 PM

Posted 28 September 2014 - 05:31 AM

Hello RyanKelly8235,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:44 PM

Posted 04 October 2014 - 09:23 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 RyanKelly8235

RyanKelly8235
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 04 October 2014 - 11:15 AM

Hello Jo I'm sorry for the delay & yes I do still need help but having issues accessing website from my LapTop so I'm using my iPhone now but I'm going to be downloading Malware Per your advice & will post back ASAP Thank You for your patients



#7 RyanKelly8235

RyanKelly8235
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 04 October 2014 - 11:51 AM

hello Jo I see that youre online now and I have JUST managed to access this page via my LapTop so I am now installing the programs you suggested



#8 RyanKelly8235

RyanKelly8235
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 04 October 2014 - 12:08 PM

# AdwCleaner v3.311 - Report created 04/10/2014 at 11:55:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan Kelly - RYANS-LAPTOP
# Running from : C:\Users\Ryan Kelly\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : CltMngSvc
Service Found : SPPD
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
File Found : C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Ryan Kelly\AppData\Local\speedial.crx
File Found : C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\psvuszy8.default-1361905402364\searchplugins\fbdownloader_search.xml
File Found : C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\psvuszy8.default-1361905402364\searchplugins\WSE Rocket.xml
File Found : C:\windows\SysWOW64\installd.exe
Folder Found : C:\Program Files (x86)\DownTangoLauncherToolbar
Folder Found : C:\Program Files (x86)\File Type Assistant
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\Program Files (x86)\Red Sky
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Ryan Kelly\AppData\Local\apn
Folder Found : C:\Users\Ryan Kelly\AppData\Local\DownTango
Folder Found : C:\Users\Ryan Kelly\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Found : C:\Users\Ryan Kelly\AppData\Local\PackageAware
Folder Found : C:\Users\Ryan Kelly\AppData\Local\Rocket
Folder Found : C:\Users\Ryan Kelly\AppData\Local\SearchProtect
Folder Found : C:\Users\Ryan Kelly\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Ryan Kelly\AppData\LocalLow\DownTangoLauncherToolbar
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Babylon
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Common\LuaRT
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\DataMgr
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\DownTangoLauncherToolbar
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\fbDownloader
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Intermediate
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\psvuszy8.default-1361905402364\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\NCH Software
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\RocketUpdater
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\SCheck
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Seventh
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Sixth
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\Snz
Folder Found : C:\Users\Ryan Kelly\AppData\Roaming\SSync
Folder Found : C:\Users\Ryan Kelly\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : AmiUpdXp
Task Found : ProgramUpdateCheck
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\simplytech
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\FileTypeAssistant
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\iVIDI Plugin
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Protector
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\FileTypeAssistant
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\iVIDI Plugin
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\ProtectedSearch
Key Found : [x64] HKCU\Software\Protector
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Classes\wtb.Band
Key Found : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Found : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Found : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Found : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Found : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Found : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bittorrent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bittorrent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-icon-tool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-icon-tool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Seventh]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B52D0735-EC19-448A-ABDE-E01B5BD275D2}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.fbdownloader.com/?channel=msus200fbdgy6
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Ryan Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\psvuszy8.default-1361905402364\prefs.js ]
 
Line Found : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=msus200fbdgy6");
Line Found : user_pref("browser.search.selectedEngine", "FBDownloader Search");
Line Found : user_pref("browser.search.defaultenginename", "FBDownloader Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q=");
Line Found : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q=");
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Ryan Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [15734 octets] - [04/10/2014 11:55:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15795 octets] ##########
 
Here Is one of them and it looks as if it has found my issues too the MalWareBytes is running right now and I will send it ASAP although I really do not think it is going to find much as this Adware remover seems to have found SEVERAL. but Again as I stated I will send the other report as soon as it is finished thank you again.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:44 PM

Posted 07 October 2014 - 04:20 AM

Please post the MBAR-log.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:44 PM

Posted 11 October 2014 - 02:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users