Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible powelik, zoucar infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 cbeau37

cbeau37

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 November 2014 - 01:30 PM

not sure if this is where I post.

 

I believe I had possible powelik, zoucar infection

Norton get trying to get rid of

 

powelik

zoucar.info

Trojan.adclicker.activity

angler exploit kit

 

I am running windows 7 SP1

Ran Norton and malwarebytes

both in safe mode and no improvemeant

 

finally went back to a restore point and all seems to be running better

 

Is there a way to check if all clear?

 

Thanks for all the help.

cbeau37



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 28 November 2014 - 03:35 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 December 2014 - 07:08 PM

both windows and Norton said this is not safe to run

please advise



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 02 December 2014 - 11:14 PM

FRST is safe to run.  If you look through the other threads in this forum you will see that it is used on almost every machine we work on here.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 04 December 2014 - 09:32 AM

ok, got it now, here are my 2 logs

Thanks!!!

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Chris (administrator) on CHRIS-PC on 04-12-2014 09:23:51
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
( ) C:\Windows\System32\lxducoms.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Lua Mouse\Lua Config.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Unifying\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Unifying\LU\LogitechUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [AsioThk32Reg] => %SYSTEMROOT%\SYSWOW64\REGSVR32.EXE /S %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
HKLM\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595616 2007-10-30] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2007-10-30] (Acronis)
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader 64] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SetDefaultMIDI] => C:\Windows\system32\MIDIDef.exe [35840 2005-08-03] (Creative Technology Ltd)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [DellSystemDetect] => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {12995ec1-f6d3-11e2-a2b6-0022191402b8} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {48179c7a-58b5-11e4-9f67-0022191402b8} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {c9b0d6fb-497d-11e3-a956-0022191402b8} - H:\setup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-03] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
SearchScopes: HKLM-x32 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> DefaultScope {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uhhospitalsevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @DailyFitnessCenter_53.com/Plugin -> C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\NP53Stub.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [53ffxtbr@DailyFitnessCenter_53.com] - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2012-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-04]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20]

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch", "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=903578&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Plugin) - C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-24]
CHR Extension: (Google Cast) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-04]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
CHR Extension: (Logitech SetPoint) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
CHR Extension: (Spreed - speed read the web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2014-05-04]
CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-16]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-04]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jmfmbeipcnbmgifkjkhppnjiffmpmpga] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-07-30] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [393216 2009-04-09] () [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-02-05] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
S2 gupdate1caccabb97c9540; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-02-04] ( )
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware) [File not signed]
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492720 2007-10-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [508672 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-30] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-08-27] (BitRaider)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151552 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [573952 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [738560 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [695808 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [208896 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [316928 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [169472 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [356864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [9728 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [676864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [284160 2005-08-03] (Creative Technology Ltd) [File not signed]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
S3 emupia; C:\Windows\System32\drivers\emupia2k.sys [130048 2005-08-03] (Creative Technology Ltd) [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1300480 2005-08-03] (Creative Technology Ltd) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141203.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S2 MCSTRM; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141203.018\ENG64.SYS [129752 2014-11-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141203.018\EX64.SYS [2137304 2014-11-09] (Symantec Corporation)
S3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [205824 2005-08-03] (Creative Technology Ltd.) [File not signed]
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [103936 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [56832 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-09-01 07:00 - 2099-09-01 07:00 - 01162664 _____ () C:\Users\Chris\Downloads\XPS630i-010013a.EXE
2099-09-01 06:47 - 2014-11-10 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2099-09-01 06:47 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2099-09-01 05:19 - 2099-09-01 05:29 - 00000000 ____D () C:\email maessages 060113
2099-09-01 02:13 - 2099-09-01 02:13 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2099-09-01 02:13 - 2013-06-22 08:23 - 00000000 ____D () C:\ProgramData\iolo
2099-09-01 00:37 - 2099-09-01 00:39 - 00000000 ____D () C:\Users\Chris\Downloads\geforce 9800GT driver 060113
2014-12-04 09:23 - 2014-12-04 09:24 - 00040565 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-12-04 09:22 - 2014-12-04 09:23 - 00000000 ____D () C:\FRST
2014-12-04 09:21 - 2014-12-04 09:21 - 02117632 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-12-04 07:08 - 2014-12-04 07:08 - 00000257 _____ () C:\Users\Chris\Desktop\How to create a screenshot and automatically save it as a file in Windows 8.url
2014-12-03 13:10 - 2014-12-03 13:10 - 00000515 _____ () C:\Users\Chris\Desktop\origin com ea charged - Yahoo Search Results.url
2014-12-03 13:09 - 2014-12-03 13:09 - 00000174 _____ () C:\Users\Chris\Desktop\Credit Card charged and I don't know why - Answer HQ.url
2014-11-27 09:23 - 2014-11-27 09:23 - 00000242 _____ () C:\Users\Chris\Desktop\In-Lab Data Recovery  Seagate.url
2014-11-26 07:56 - 2014-11-26 07:56 - 00000268 _____ () C:\Users\Chris\Desktop\Janus - Tax Center.url
2014-11-25 08:23 - 2014-11-25 08:23 - 00000273 _____ () C:\Users\Chris\Desktop\▶ DIY Video 2 How to fix a broken hard drive Beeping noise Get your data Back! Best Kept Secret - YouTube.url
2014-11-25 08:23 - 2014-11-25 08:23 - 00000206 _____ () C:\Users\Chris\Desktop\▶ How to fix a broken hard drive. Beeping noise or clicking GET YOUR DATA BACK FOR FREE! BEST TRICK - YouTube.url
2014-11-25 07:44 - 2014-11-25 07:44 - 00000234 _____ () C:\Users\Chris\Desktop\seagate hard disk clicking - YouTube.url
2014-11-23 13:28 - 2014-11-23 13:28 - 00000218 _____ () C:\Users\Chris\Desktop\Amazon.com Nike+ SportWatch GPS Powered by TomTom (Black-Volt) GPS & Navigation.url
2014-11-20 06:51 - 2014-11-20 06:51 - 00000202 _____ () C:\Users\Chris\Desktop\Netcraft Fish Logo T Shirts - Black with Flo. Yellow Fish Logo.url
2014-11-19 07:03 - 2014-11-19 07:03 - 00000200 _____ () C:\Users\Chris\Desktop\Lenovo Y50 Touch Review & Rating  PCMag.com.url
2014-11-15 19:08 - 2014-11-15 19:08 - 00000243 _____ () C:\Users\Chris\Desktop\Lose the Pooch! The Best Exercises for Lower Abs.url
2014-11-15 17:35 - 2014-11-15 17:35 - 00000244 _____ () C:\Users\Chris\Desktop\Tips for solving problems with USB devices.url
2014-11-15 11:17 - 2014-11-15 11:17 - 00000536 _____ () C:\Users\Chris\Desktop\art glass series tile - Yahoo Search Results.url
2014-11-15 11:00 - 2014-11-15 11:00 - 00000219 _____ () C:\Users\Chris\Desktop\Page 4  Stone Tiles for Kitchen & Bathroom Backsplashes  Tile Bar.url
2014-11-14 08:36 - 2014-11-14 08:36 - 00000365 _____ () C:\Users\Chris\Desktop\Splashback Tile Roman Selection IL Fango Diamond 12 in. x 12 in. x 8 mm Glass Floor and Wall Tile-ROMAN SELECTION IL FANGO DIAMOND at The Home Depot.url
2014-11-12 18:38 - 2014-11-12 18:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Acronis
2014-11-10 08:27 - 2014-12-02 13:38 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-09 15:34 - 2014-11-09 23:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-09 13:02 - 2014-11-09 13:02 - 00000622 _____ () C:\Users\Chris\Downloads\TakeOwnership.zip
2014-11-09 12:30 - 2014-11-09 12:30 - 04163057 _____ () C:\Users\Chris\Downloads\tdsskiller.zip
2014-11-09 08:28 - 2014-11-09 09:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-11-08 16:59 - 2014-11-09 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-08 09:39 - 2014-11-08 09:39 - 00000241 _____ () C:\Users\Chris\Desktop\Ceramic Wall Tile - The Tile Shop.url
2014-11-08 09:35 - 2014-11-08 09:35 - 00000242 _____ () C:\Users\Chris\Desktop\Quartzite Wall Tile - The Tile Shop.url
2014-11-07 09:15 - 2014-11-07 09:15 - 00159679 _____ () C:\Users\Chris\Downloads\487560915545cd3f2674b68.31507079.gpx
2014-11-07 09:14 - 2014-11-07 09:14 - 00178455 _____ () C:\Users\Chris\Downloads\262109689545cd39f1277a1.28225474.gpx
2014-11-07 09:12 - 2014-11-07 09:12 - 00053199 _____ () C:\Users\Chris\Downloads\729546237545cd327053449.95577951.gpx
2014-11-04 08:38 - 2014-11-04 08:38 - 00000138 _____ () C:\Users\Chris\Desktop\MapMyRide GPX Converter.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-09-01 12:44 - 2012-12-19 10:23 - 00000000 ____D () C:\NBRT
2099-09-01 00:43 - 2006-12-31 23:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\NVIDIA
2014-12-04 09:23 - 2012-11-19 16:40 - 00000366 _____ () C:\Windows\Tasks\HP Photo Creations Meijer Communicator.job
2014-12-04 09:20 - 2010-09-03 11:16 - 00002044 ____H () C:\Users\Chris\Documents\Default.rdp
2014-12-04 09:04 - 2009-11-29 08:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-04 09:01 - 2012-11-19 16:39 - 00000270 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-12-04 08:30 - 2009-11-28 18:40 - 01415359 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 08:28 - 2010-03-26 01:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 06:43 - 2010-01-23 13:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6FB57EC-4DF3-4850-8878-7975C2CC2651}
2014-12-03 22:28 - 2010-03-26 01:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 18:49 - 2014-08-03 15:35 - 00000000 ____D () C:\Users\Chris\Desktop\deacon
2014-12-03 18:48 - 2013-03-15 06:10 - 00000000 ____D () C:\Users\Chris\Desktop\kitchen
2014-12-03 12:11 - 2014-08-27 11:11 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Chris).job
2014-12-03 07:47 - 2009-07-14 00:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-02 07:32 - 2014-06-19 12:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-12-02 07:31 - 2012-12-06 06:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-02 07:31 - 2012-12-06 06:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 06:57 - 2009-12-04 06:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\CutePDF Writer
2014-11-30 20:15 - 2010-09-18 13:50 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-11-30 20:15 - 2009-12-01 20:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-11-30 17:22 - 2013-01-14 15:53 - 00016896 _____ () C:\Users\Chris\Desktop\pw jean.xlsx
2014-11-28 15:57 - 2013-03-03 18:34 - 00000000 ____D () C:\Users\Chris\Documents\TurboTax
2014-11-28 15:40 - 2013-01-08 07:17 - 00000000 ____D () C:\Users\Chris\Documents\MSG
2014-11-28 15:14 - 2011-11-22 09:05 - 00000000 ____D () C:\Users\Chris\Documents\flash drive 1
2014-11-28 14:28 - 2011-05-01 08:17 - 00000000 ____D () C:\Games
2014-11-27 09:59 - 2013-03-28 11:40 - 00000000 ____D () C:\Users\Chris\.VirtualBox
2014-11-27 09:56 - 2013-01-24 07:40 - 00000000 ____D () C:\Users\Chris\Desktop\Tools
2014-11-26 17:55 - 2014-01-22 11:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
2014-11-26 10:31 - 2010-03-26 01:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 18:02 - 2014-06-03 09:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
2014-11-19 17:12 - 2012-08-07 14:42 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-11-19 17:10 - 2014-06-03 09:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-19 12:46 - 2011-07-23 08:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Spotify
2014-11-19 12:45 - 2012-07-13 12:38 - 00000000 ____D () C:\Temp
2014-11-19 12:45 - 2012-04-27 18:52 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-11-19 12:45 - 2011-06-13 06:02 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-19 12:44 - 2014-01-25 20:14 - 00009556 _____ () C:\Windows\setupact.log
2014-11-19 12:44 - 2013-06-02 15:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 12:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 04:38 - 2012-02-26 11:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-16 17:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:37 - 2014-06-02 08:49 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-11-13 22:23 - 2010-03-26 01:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 22:23 - 2010-03-26 01:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-10 11:01 - 2014-11-02 15:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-10 11:01 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-11-10 10:59 - 2013-06-16 17:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-10 10:59 - 2010-05-08 23:24 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-11-10 10:59 - 2009-11-29 10:42 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-10 10:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2014-11-10 10:57 - 2012-12-06 06:40 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-10 10:57 - 2011-02-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-10 10:57 - 2010-01-18 06:39 - 00000000 ____D () C:\Windows\SysWOW64\0
2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-11-10 10:56 - 2014-06-02 08:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\OpenCandy
2014-11-10 10:56 - 2012-03-27 20:54 - 00000000 ____D () C:\Users\Chris\Documents\tdsskiller
2014-11-10 10:56 - 2010-08-21 09:43 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-11-10 10:55 - 2014-08-11 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-10 10:55 - 2012-06-21 17:34 - 00000000 ____D () C:\Program Files (x86)\DailyFitnessCenter_53
2014-11-10 10:55 - 2011-06-13 06:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-11-10 10:55 - 2009-11-29 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-10 10:55 - 2009-11-28 14:58 - 00000000 ____D () C:\ProgramData\Norton
2014-11-10 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-10 10:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-10 09:41 - 2010-08-21 09:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 09:25 - 2012-05-03 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-10 08:26 - 2009-11-28 13:12 - 00000000 ____D () C:\Users\Chris
2014-11-09 08:10 - 2009-12-23 13:13 - 00007612 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Chris\AppData\Local\Temp\ose00000.exe
C:\Users\Chris\AppData\Local\Temp\SlimCleanerPlus.x64.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\_is6D5B.exe
C:\Users\Chris\AppData\Local\Temp\_isC846.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 00:36

==================== End Of Log ============================

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Chris at 2014-12-04 09:25:04
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acronis True Image Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8053 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Premiere Elements 4.0 (HKLM-x32\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 4.0 Templates (HKLM-x32\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiosurf Demo (HKLM-x32\...\Steam App 12910) (Version:  - BestGameEver)
AVer Media Center (HKLM-x32\...\InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}) (Version: 1.7 - AVerMedia Technologies, Inc.)
AVer Media Center (x32 Version: 1.7 - AVerMedia Technologies, Inc.) Hidden
AVerMedia H826 series driver 2.0.64.121 (HKLM-x32\...\AVerMedia H826 series driver) (Version: 2.0.64.121 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia Media Center Plug-ins 2.0.8.0 (HKLM-x32\...\AVerMedia Media Center Plug-ins) (Version: 2.0.8.0 - AVerMedia TECHNOLOGIES, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bentley MicroStation V8 XM Edition 08.09.04.88 (HKLM-x32\...\{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}) (Version: 08.09.04088 - Bentley Systems, Incorporated.)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brink (HKLM-x32\...\Steam App 22350) (Version:  - Splash Damage)
Chord Reference eBook (HKLM-x32\...\Chord Reference eBookv. 2) (Version: v. 2 - Music Unlimited Inc.)
COTM Reminder by We-Care.com v4.1.27.2 (HKLM-x32\...\{E4E52AF6-38E4-4CD0-B84E-B73CE47FCBBA}) (Version: 4.1.27.2 - We-Care.com)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Crimecraft: BLEEDOUT  (HKLM-x32\...\Steam App 38830) (Version:  - Vogster Entertainment)
Crysis 2 Demo (HKLM-x32\...\Steam App 99850) (Version:  - )
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DataPilot 7 (HKLM-x32\...\InstallShield_{27CAB1BD-7AED-46AE-855C-D6E3B45FF24B}) (Version: 7.01.0009 - Susteen)
DataPilot 7 (x32 Version: 7.01.0009 - Susteen) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.0.450 - DivX, Inc. )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON PictureMate PM 225 Printer Uninstall (HKLM\...\EPSON PictureMate PM 225) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Plug-In (HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Facebook Plug-In (HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Free Sound Recorder v9.6.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2013 FreeSoundRecorder Technologies, Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Glary Utilities 2.43.0.1419 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.43.0.1419 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox)
HP Photo Creations Meijer (HKLM-x32\...\HP Photo Creations Meijer) (Version: 1.0.0.9452 - HP Photo Creations Meijer)
HydroCAD (HKLM-x32\...\HydroCAD) (Version:  - )
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2624 - Bandoo Media Inc) <==== ATTENTION
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League Manager 2007 (HKLM-x32\...\League Manager 2007_is1) (Version: 2007.0.0 - www.GolfSoftware.com)
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Logitech SetPoint 6.50 (HKLM\...\sp6) (Version: 6.50.152 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 3.1.0.11 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 296.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.69 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 296.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.69 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
Oracle VM VirtualBox 4.2.10 (HKLM\...\{2670E57B-18EB-4AB9-B674-54EF881BEFB9}) (Version: 4.2.10 - Oracle Corporation)
Pazera Free MP4 to AVI Converter 1.7 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.7 - Pazera Jacek)
PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Project: Snowblind Demo (HKLM-x32\...\Steam App 7050) (Version:  - Eidos)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5667 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
ROCCAT Lua Mouse Driver (HKLM-x32\...\InstallShield_{0F5183CD-4A86-43A4-8CAA-1045871F54DE}) (Version: 1.14 - ROCCAT)
ROCCAT Lua Mouse Driver (x32 Version: 1.14 - ROCCAT) Hidden
Rocketfish USB 3.0 PCI Express Card Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.20.0 - Rocketfish)
Rocketfish USB 3.0 PCI Express Card Driver (x32 Version: 3.0.20.0 - Rocketfish) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 4.0 - SAMSUNG) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Sansa Updater (HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Seagate DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8326 - Seagate)
SiSoftware Sandra Lite 2011 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.15.2011.1 - SiSoftware)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
Total War: SHOGUN 2 Demo (HKLM-x32\...\Steam App 34350) (Version:  - The Creative Assembly)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
V1 Home 2.0 (HKLM-x32\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.37 - Interactive Frontiers)
V1 Home 2.0 (x32 Version: 2.02.37 - Interactive Frontiers) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{94055A4F-6F4D-4F6D-85DB-893070B0BE7F}) (Version: 1.11.1201 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}) (Version: 1.11.1001 - SAMSUNG)
War Inc. Battlezone (HKLM-x32\...\Steam App 107900) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

19-11-2014 18:18:36 Scheduled Checkpoint
27-11-2014 05:00:01 Scheduled Checkpoint
04-12-2014 05:00:01 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EE79764-B33C-4B8A-8D55-03EB4779E30C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {23B00581-2450-48FD-B6C2-2D5A6D48691E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {30459FB7-20E2-4B33-8631-6A887FF35024} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Chris) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {3D510C44-E7E1-4DA5-9208-FEFD33963993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {4D829378-458C-4B52-9657-DB4FC7E442CE} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {53540DC2-9D97-4ADA-B96F-91B0AB7171ED} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6804F880-111A-4969-A45E-569907891583} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {7A3D791E-BDF9-4D3B-A736-716A1AAE60E3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {892EF70E-9450-442D-A56F-E8BB7833FAFA} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations Meijer\MessageCheck.exe [2011-02-18] ()
Task: {8C1380F9-5B18-4E4B-8953-075B0FB8A1DB} - System32\Tasks\HP Photo Creations Meijer Communicator => C:\ProgramData\HP Photo Creations Meijer\Communicator.exe [2012-11-19] ()
Task: {91BCF70A-490C-4067-BA97-3BE5598B827C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {94110FCD-FD87-4A20-AB19-8AE1C10CCBFF} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-03-01] (Glarysoft Ltd)
Task: {98962102-FF8C-4ACF-91EA-84530F5E3303} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {9B686352-9592-4034-BCCC-598D3B313343} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {AB1B5998-2E95-4E9D-8B07-358F100EC132} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4586AF3-B90A-4F46-87C2-D905414A28F4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B4B72121-BA21-4872-8416-37697BA892F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {B6FDF304-F155-4685-8095-CF40DBB5BF78} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BA2B1FA2-1ED2-438A-9FE2-9E114656556F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {DCC7B1F1-CC97-431F-9A82-CA3C9EED32AF} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Meijer Communicator.job => C:\ProgramData\HP Photo Creations Meijer\Communicator.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations Meijer\MessageCheck.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Chris).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2010-01-15 07:13 - 2009-04-09 07:02 - 00393216 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2010-09-18 13:38 - 2009-08-19 19:49 - 00025600 _____ () C:\Windows\system32\lxducaps64.dll
2010-09-18 13:38 - 2009-08-19 19:49 - 01400320 _____ () C:\Windows\system32\lxdudrs64.dll
2010-09-18 13:38 - 2009-08-19 19:39 - 00054784 _____ () C:\Windows\system32\lxducnv464.dll
2007-10-30 20:51 - 2007-10-30 20:51 - 00492720 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2010-09-18 13:48 - 2010-02-04 04:10 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2009-12-04 06:41 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2010-10-22 08:03 - 2009-05-14 05:24 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL
2010-10-22 08:03 - 2010-02-04 03:40 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2010-10-22 08:02 - 2010-02-04 03:38 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\ipcmt64.dll
2010-09-18 13:41 - 2009-10-16 15:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2010-09-18 13:48 - 2010-02-04 03:52 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2010-09-18 13:48 - 2010-02-04 03:36 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2010-09-18 13:48 - 2010-02-04 03:35 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
2010-09-18 13:48 - 2010-02-04 03:52 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2010-09-18 13:48 - 2010-02-04 03:52 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2010-09-18 13:48 - 2010-02-04 03:35 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2007-10-29 19:53 - 2007-10-29 19:53 - 01328408 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-08-29 05:31 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 05:31 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 05:31 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 16:10 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 18:24 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 05:31 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 05:31 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-13 19:26 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2010-04-26 16:49 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-20 08:47 - 2014-11-11 13:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson printer Registration.lnk => C:\Windows\pss\Epson printer Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: DiscWizardMonitor.exe => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPSON PictureMate PM 225 => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFOA.EXE /FU "C:\Windows\TEMP\E_S796B.tmp" /EF "HKCU"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HLBackupScheduler => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 5600-6600 Series => "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: lxduamon => "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SansaDispatch => C:\Users\Chris\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3097217664-1659511971-2978430448-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3097217664-1659511971-2978430448-1004 - Limited - Enabled)
Chris (S-1-5-21-3097217664-1659511971-2978430448-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3097217664-1659511971-2978430448-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3097217664-1659511971-2978430448-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3097217664-1659511971-2978430448-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 04:23:59 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/30/2014 08:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LXDUwbgw.exe, version: 1.105.0.0, time stamp: 0x49f6d3d7
Faulting module name: LXDUuldr.dll, version: 1.88.0.0, time stamp: 0x49f6d364
Exception code: 0xc0000005
Fault offset: 0x0000000000018883
Faulting process id: 0x7e90
Faulting application start time: 0xLXDUwbgw.exe0
Faulting application path: LXDUwbgw.exe1
Faulting module path: LXDUwbgw.exe2
Report Id: LXDUwbgw.exe3

Error: (11/30/2014 08:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LXDUwbgw.exe, version: 1.105.0.0, time stamp: 0x49f6d3d7
Faulting module name: LXDUuldr.dll, version: 1.88.0.0, time stamp: 0x49f6d364
Exception code: 0xc0000005
Fault offset: 0x0000000000018883
Faulting process id: 0x2658
Faulting application start time: 0xLXDUwbgw.exe0
Faulting application path: LXDUwbgw.exe1
Faulting module path: LXDUwbgw.exe2
Report Id: LXDUwbgw.exe3

Error: (11/30/2014 02:59:56 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/30/2014 11:54:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LXDUwbgw.exe, version: 1.105.0.0, time stamp: 0x49f6d3d7
Faulting module name: LXDUuldr.dll, version: 1.88.0.0, time stamp: 0x49f6d364
Exception code: 0xc0000005
Fault offset: 0x0000000000018883
Faulting process id: 0x4154
Faulting application start time: 0xLXDUwbgw.exe0
Faulting application path: LXDUwbgw.exe1
Faulting module path: LXDUwbgw.exe2
Report Id: LXDUwbgw.exe3

Error: (11/29/2014 00:17:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/28/2014 08:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0001e642
Faulting process id: 0x245c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/28/2014 00:40:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/27/2014 01:03:23 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/24/2014 06:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LXDUwbgw.exe, version: 1.105.0.0, time stamp: 0x49f6d3d7
Faulting module name: LXDUuldr.dll, version: 1.88.0.0, time stamp: 0x49f6d364
Exception code: 0xc0000005
Fault offset: 0x0000000000018883
Faulting process id: 0x7254
Faulting application start time: 0xLXDUwbgw.exe0
Faulting application path: LXDUwbgw.exe1
Faulting module path: LXDUwbgw.exe2
Report Id: LXDUwbgw.exe3

System errors:
=============
Error: (12/03/2014 07:44:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (12/03/2014 07:44:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (12/03/2014 07:44:17 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (12/03/2014 07:44:17 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (11/30/2014 05:24:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/30/2014 05:24:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (11/20/2014 06:18:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (11/20/2014 06:18:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/19/2014 00:45:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (11/19/2014 00:45:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (05/03/2012 05:58:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2012 05:57:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2012 05:57:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/03/2011 09:21:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/17/2011 07:25:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2011 07:34:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2011 07:33:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/14/2011 06:15:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-06-22 19:16:37.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 19:16:37.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 18:59:44.062
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 18:59:43.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:39:50.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:39:50.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:36:38.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:36:38.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:32:31.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTEDSPSY.DLL because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 15:32:31.472
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTEDSPSY.DLL because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 60%
Total physical RAM: 4093.47 MB
Available physical RAM: 1609.75 MB
Total Pagefile: 8185.13 MB
Available Pagefile: 5173.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:463.7 GB) (Free:251.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=463.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 04 December 2014 - 11:00 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 05 December 2014 - 01:03 PM

wow, it said I'm clean! here are my 2 logs

I just am not trusting that by going back to an earlier restore point fixed it. 

Thanks! let me know

 

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Chris :: CHRIS-PC [administrator]

12/5/2014 7:21:42 AM
mbar-log-2014-12-05 (07-21-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 410453
Time elapsed: 21 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.166000 GHz
Memory total: 4292317184, free: 1772601344

Downloaded database version: v2014.12.05.05
Downloaded database version: v2014.12.03.01
Initializing...
======================
------------ Kernel report ------------
     12/05/2014 07:21:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpman.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\ccSetx64.sys
\SystemRoot\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\NISx64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nvm62x64.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\rusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141204.001\IDSvia64.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141204.023\EX64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141204.023\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR15
Upper Device Object: 0xfffffa800a80a600
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000123\
Lower Device Object: 0xfffffa800b2909a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004bfd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xfffffa8003cf49c0
Lower Device Driver Name: \Driver\nvstor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004bfd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bfba30, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8004bfdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bfd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045efc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003cf49c0, DeviceName: \Device\00000068\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 128457

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129024  Numsec = 4194304

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 4323328  Numsec = 972447744
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800a80a600, DeviceName: \Device\Harddisk1\DR15\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c6d330, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80047ef5e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a80a600, DeviceName: \Device\Harddisk1\DR15\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b2909a0, DeviceName: \Device\00000123\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-4323328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 06 December 2014 - 10:51 AM

So far, I'm seeing no signs of infections in your logs.  Let's run one more scan just to be sure:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 December 2014 - 07:31 PM

ok, got it to run

thanks for your patience

here is the log:

 

C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53regfft.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Program Files (x86)\Glary Utilities\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Chris\AppData\Local\iLivid\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\Users\Chris\AppData\Local\Temp\c0c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2K4UH3H\zq64x0e6hu[1].htm JS/Exploit.Agent.NHV trojan
C:\Users\Chris\Desktop\Tools\KeyFinderInstaller (1).exe Win32/OpenCandy potentially unsafe application
C:\Users\Chris\Downloads\ARO2011_tbt.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Chris\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
C:\Users\Chris\Downloads\Utilities\CLHelperSetup.zip probably unknown NewHeur_PE virus
C:\Users\Chris\Downloads\Utilities\FreeSoundRecorder.exe Win32/OpenCandy potentially unsafe application
C:\Users\Chris\Downloads\Utilities\gusetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 06 December 2014 - 07:55 PM

All but one of those detections are related to freeware that you have installed. ESET flags those as "potentially" unwanted or unsafe because they are ad driven or come bundled with toolbars or other software.  It is totally up to you whether or not you wish to keep those programs.  If you decide you don't want them, just uninstall them via Control Panel > Programs > Uninstall a program.

Please do this:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Users\Chris\AppData\Local\Temp\c0c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2K4UH3H\zq64x0e6hu[1].htm
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 December 2014 - 09:13 PM

  • post:

  •  

  • Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
    Ran by Chris (administrator) on CHRIS-PC on 06-12-2014 20:26:09
    Running from C:\Users\Chris\Desktop\Tools\FRST64
    Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
    () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-16] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
    HKLM\...\Run: [AsioThk32Reg] => %SYSTEMROOT%\SYSWOW64\REGSVR32.EXE /S %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
    HKLM\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595616 2007-10-30] (Acronis)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2007-10-30] (Acronis)
    HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
    HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader 64] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SetDefaultMIDI] => C:\Windows\system32\MIDIDef.exe [35840 2005-08-03] (Creative Technology Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [DellSystemDetect] => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {12995ec1-f6d3-11e2-a2b6-0022191402b8} - F:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {48179c7a-58b5-11e4-9f67-0022191402b8} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {c9b0d6fb-497d-11e3-a956-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - H:\LaunchU3.exe -a
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-03] (Microsoft Corporation)
    Lsa: [Authentication Packages] msv1_0 relog_ap

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
    SearchScopes: HKLM-x32 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> DefaultScope {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll No File
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uhhospitalsevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @DailyFitnessCenter_53.com/Plugin -> C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\NP53Stub.dll No File
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-02]
    FF HKLM-x32\...\Firefox\Extensions: [53ffxtbr@DailyFitnessCenter_53.com] - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin
    FF Extension: No Name - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2012-06-21]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-04]
    FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-10-23]
    FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-10-23]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
    FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
    FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20]

    Chrome:
    =======
    CHR HomePage: Default -> https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
    CHR StartupUrls: Default -> "https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch", "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Facebook Plugin) - C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-24]
    CHR Extension: (Google Cast) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-04]
    CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
    CHR Extension: (Logitech SetPoint) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-16]
    CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
    CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
    CHR Extension: (Spreed - speed read the web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2014-05-04]
    CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-12]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-16]
    CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-04]
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jmfmbeipcnbmgifkjkhppnjiffmpmpga] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
    R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-07-30] (AVerMedia) [File not signed]
    R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [393216 2009-04-09] () [File not signed]
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-02-05] (Macrovision Europe Ltd.) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
    S2 gupdate1caccabb97c9540; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-02-04] ( )
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware) [File not signed]
    S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
    R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492720 2007-10-30] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [508672 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-30] (Symantec Corporation)
    S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-08-27] (BitRaider)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151552 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [573952 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [738560 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [695808 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [208896 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [316928 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [169472 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [356864 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [9728 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [676864 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [284160 2005-08-03] (Creative Technology Ltd) [File not signed]
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    S3 emupia; C:\Windows\System32\drivers\emupia2k.sys [130048 2005-08-03] (Creative Technology Ltd) [File not signed]
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1300480 2005-08-03] (Creative Technology Ltd) [File not signed]
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141205.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
    S2 MCSTRM; No ImagePath
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\ENG64.SYS [129752 2014-11-09] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\EX64.SYS [2137304 2014-11-09] (Symantec Corporation)
    S3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [205824 2005-08-03] (Creative Technology Ltd.) [File not signed]
    R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [103936 2012-05-10] (Renesas Electronics Corporation)
    R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
    S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
    R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)
    S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [56832 2009-11-25] (Susteen, Inc.)
    S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-09-01 07:00 - 2099-09-01 07:00 - 01162664 _____ () C:\Users\Chris\Downloads\XPS630i-010013a.EXE
    2099-09-01 06:47 - 2014-11-10 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2099-09-01 06:47 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2099-09-01 05:19 - 2099-09-01 05:29 - 00000000 ____D () C:\email maessages 060113
    2099-09-01 02:13 - 2099-09-01 02:13 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
    2099-09-01 02:13 - 2013-06-22 08:23 - 00000000 ____D () C:\ProgramData\iolo
    2099-09-01 00:37 - 2099-09-01 00:39 - 00000000 ____D () C:\Users\Chris\Downloads\geforce 9800GT driver 060113
    2014-12-06 15:03 - 2014-12-06 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-12-06 08:52 - 2014-12-06 08:52 - 00000277 _____ () C:\Users\Chris\Desktop\Storie Marrakech 4 x 4 in - Natural Stone Ceramic Wall Tile - The Tile Shop.url
    2014-12-05 07:21 - 2014-12-05 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-05 07:21 - 2014-12-05 07:21 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-05 07:20 - 2014-12-05 07:20 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-04 09:22 - 2014-12-06 20:26 - 00000000 ____D () C:\FRST
    2014-12-04 07:08 - 2014-12-04 07:08 - 00000257 _____ () C:\Users\Chris\Desktop\How to create a screenshot and automatically save it as a file in Windows 8.url
    2014-12-03 13:10 - 2014-12-03 13:10 - 00000515 _____ () C:\Users\Chris\Desktop\origin com ea charged - Yahoo Search Results.url
    2014-12-03 13:09 - 2014-12-03 13:09 - 00000174 _____ () C:\Users\Chris\Desktop\Credit Card charged and I don't know why - Answer HQ.url
    2014-11-27 09:23 - 2014-11-27 09:23 - 00000242 _____ () C:\Users\Chris\Desktop\In-Lab Data Recovery  Seagate.url
    2014-11-26 07:56 - 2014-11-26 07:56 - 00000268 _____ () C:\Users\Chris\Desktop\Janus - Tax Center.url
    2014-11-25 08:23 - 2014-11-25 08:23 - 00000273 _____ () C:\Users\Chris\Desktop\▶ DIY Video 2 How to fix a broken hard drive Beeping noise Get your data Back! Best Kept Secret - YouTube.url
    2014-11-25 08:23 - 2014-11-25 08:23 - 00000206 _____ () C:\Users\Chris\Desktop\▶ How to fix a broken hard drive. Beeping noise or clicking GET YOUR DATA BACK FOR FREE! BEST TRICK - YouTube.url
    2014-11-25 07:44 - 2014-11-25 07:44 - 00000234 _____ () C:\Users\Chris\Desktop\seagate hard disk clicking - YouTube.url
    2014-11-23 13:28 - 2014-11-23 13:28 - 00000218 _____ () C:\Users\Chris\Desktop\Amazon.com Nike+ SportWatch GPS Powered by TomTom (Black-Volt) GPS & Navigation.url
    2014-11-20 06:51 - 2014-11-20 06:51 - 00000202 _____ () C:\Users\Chris\Desktop\Netcraft Fish Logo T Shirts - Black with Flo. Yellow Fish Logo.url
    2014-11-19 07:03 - 2014-11-19 07:03 - 00000200 _____ () C:\Users\Chris\Desktop\Lenovo Y50 Touch Review & Rating  PCMag.com.url
    2014-11-15 19:08 - 2014-11-15 19:08 - 00000243 _____ () C:\Users\Chris\Desktop\Lose the Pooch! The Best Exercises for Lower Abs.url
    2014-11-15 17:35 - 2014-11-15 17:35 - 00000244 _____ () C:\Users\Chris\Desktop\Tips for solving problems with USB devices.url
    2014-11-15 11:17 - 2014-11-15 11:17 - 00000536 _____ () C:\Users\Chris\Desktop\art glass series tile - Yahoo Search Results.url
    2014-11-15 11:00 - 2014-11-15 11:00 - 00000219 _____ () C:\Users\Chris\Desktop\Page 4  Stone Tiles for Kitchen & Bathroom Backsplashes  Tile Bar.url
    2014-11-14 08:36 - 2014-11-14 08:36 - 00000365 _____ () C:\Users\Chris\Desktop\Splashback Tile Roman Selection IL Fango Diamond 12 in. x 12 in. x 8 mm Glass Floor and Wall Tile-ROMAN SELECTION IL FANGO DIAMOND at The Home Depot.url
    2014-11-12 18:38 - 2014-11-12 18:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Acronis
    2014-11-10 08:27 - 2014-12-02 13:38 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-11-09 15:34 - 2014-11-09 23:05 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-09 13:02 - 2014-11-09 13:02 - 00000622 _____ () C:\Users\Chris\Downloads\TakeOwnership.zip
    2014-11-09 12:30 - 2014-11-09 12:30 - 04163057 _____ () C:\Users\Chris\Downloads\tdsskiller.zip
    2014-11-09 08:28 - 2014-11-09 09:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
    2014-11-08 16:59 - 2014-11-09 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-08 09:39 - 2014-11-08 09:39 - 00000241 _____ () C:\Users\Chris\Desktop\Ceramic Wall Tile - The Tile Shop.url
    2014-11-08 09:35 - 2014-11-08 09:35 - 00000242 _____ () C:\Users\Chris\Desktop\Quartzite Wall Tile - The Tile Shop.url
    2014-11-07 09:15 - 2014-11-07 09:15 - 00159679 _____ () C:\Users\Chris\Downloads\487560915545cd3f2674b68.31507079.gpx
    2014-11-07 09:14 - 2014-11-07 09:14 - 00178455 _____ () C:\Users\Chris\Downloads\262109689545cd39f1277a1.28225474.gpx
    2014-11-07 09:12 - 2014-11-07 09:12 - 00053199 _____ () C:\Users\Chris\Downloads\729546237545cd327053449.95577951.gpx

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-09-01 12:44 - 2012-12-19 10:23 - 00000000 ____D () C:\NBRT
    2099-09-01 00:43 - 2006-12-31 23:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\NVIDIA
    2014-12-06 20:23 - 2012-11-19 16:40 - 00000366 _____ () C:\Windows\Tasks\HP Photo Creations Meijer Communicator.job
    2014-12-06 20:01 - 2012-11-19 16:39 - 00000270 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
    2014-12-06 19:28 - 2010-03-26 01:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-06 19:27 - 2013-01-24 07:40 - 00000000 ____D () C:\Users\Chris\Desktop\Tools
    2014-12-06 17:24 - 2010-01-23 13:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6FB57EC-4DF3-4850-8878-7975C2CC2651}
    2014-12-06 12:11 - 2014-08-27 11:11 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Chris).job
    2014-12-06 11:51 - 2009-11-29 08:33 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-06 10:30 - 2009-11-28 18:40 - 01471059 _____ () C:\Windows\WindowsUpdate.log
    2014-12-05 22:28 - 2010-03-26 01:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-05 09:39 - 2010-09-03 11:16 - 00002044 ____H () C:\Users\Chris\Documents\Default.rdp
    2014-12-05 06:40 - 2009-12-04 06:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\CutePDF Writer
    2014-12-04 19:20 - 2014-08-03 15:35 - 00000000 ____D () C:\Users\Chris\Desktop\deacon
    2014-12-03 18:48 - 2013-03-15 06:10 - 00000000 ____D () C:\Users\Chris\Desktop\kitchen
    2014-12-03 07:47 - 2009-07-14 00:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-02 07:32 - 2014-06-19 12:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
    2014-12-02 07:31 - 2012-12-06 06:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-02 07:31 - 2012-12-06 06:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-30 20:15 - 2010-09-18 13:50 - 00000000 ____D () C:\ProgramData\Lx_cats
    2014-11-30 20:15 - 2009-12-01 20:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
    2014-11-30 17:22 - 2013-01-14 15:53 - 00016896 _____ () C:\Users\Chris\Desktop\pw jean.xlsx
    2014-11-28 15:57 - 2013-03-03 18:34 - 00000000 ____D () C:\Users\Chris\Documents\TurboTax
    2014-11-28 15:40 - 2013-01-08 07:17 - 00000000 ____D () C:\Users\Chris\Documents\MSG
    2014-11-28 15:14 - 2011-11-22 09:05 - 00000000 ____D () C:\Users\Chris\Documents\flash drive 1
    2014-11-28 14:28 - 2011-05-01 08:17 - 00000000 ____D () C:\Games
    2014-11-27 09:59 - 2013-03-28 11:40 - 00000000 ____D () C:\Users\Chris\.VirtualBox
    2014-11-26 17:55 - 2014-01-22 11:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
    2014-11-26 10:31 - 2010-03-26 01:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 18:02 - 2014-06-03 09:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
    2014-11-19 17:12 - 2012-08-07 14:42 - 00000000 ____D () C:\Program Files (x86)\Diablo III
    2014-11-19 17:10 - 2014-06-03 09:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-11-19 12:46 - 2011-07-23 08:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Spotify
    2014-11-19 12:45 - 2012-07-13 12:38 - 00000000 ____D () C:\Temp
    2014-11-19 12:45 - 2012-04-27 18:52 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2014-11-19 12:45 - 2011-06-13 06:02 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
    2014-11-19 12:44 - 2014-01-25 20:14 - 00009556 _____ () C:\Windows\setupact.log
    2014-11-19 12:44 - 2013-06-02 15:20 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-11-19 12:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-17 04:38 - 2012-02-26 11:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-16 17:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-16 17:37 - 2014-06-02 08:49 - 00000000 ____D () C:\ProgramData\WeCareReminder
    2014-11-13 22:23 - 2010-03-26 01:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-13 22:23 - 2010-03-26 01:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-10 11:01 - 2014-11-02 15:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-10 11:01 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Services
    2014-11-10 10:59 - 2013-06-16 17:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2014-11-10 10:59 - 2010-05-08 23:24 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
    2014-11-10 10:59 - 2009-11-29 10:42 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
    2014-11-10 10:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
    2014-11-10 10:57 - 2012-12-06 06:40 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-11-10 10:57 - 2011-02-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
    2014-11-10 10:57 - 2010-01-18 06:39 - 00000000 ____D () C:\Windows\SysWOW64\0
    2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
    2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
    2014-11-10 10:56 - 2014-06-02 08:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\OpenCandy
    2014-11-10 10:56 - 2012-03-27 20:54 - 00000000 ____D () C:\Users\Chris\Documents\tdsskiller
    2014-11-10 10:56 - 2010-08-21 09:43 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
    2014-11-10 10:55 - 2014-08-11 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-11-10 10:55 - 2012-06-21 17:34 - 00000000 ____D () C:\Program Files (x86)\DailyFitnessCenter_53
    2014-11-10 10:55 - 2011-06-13 06:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
    2014-11-10 10:55 - 2009-11-29 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-11-10 10:55 - 2009-11-28 14:58 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-10 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-11-10 10:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2014-11-10 09:41 - 2010-08-21 09:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-10 09:25 - 2012-05-03 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-11-10 08:26 - 2009-11-28 13:12 - 00000000 ____D () C:\Users\Chris
    2014-11-09 08:10 - 2009-12-23 13:13 - 00007612 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg

    Some content of TEMP:
    ====================
    C:\Users\Chris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
    C:\Users\Chris\AppData\Local\Temp\ose00000.exe
    C:\Users\Chris\AppData\Local\Temp\SlimCleanerPlus.x64.exe
    C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
    C:\Users\Chris\AppData\Local\Temp\_is6D5B.exe
    C:\Users\Chris\AppData\Local\Temp\_isC846.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-05 00:37

    ==================== End Of Log ============================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
    Ran by Chris (administrator) on CHRIS-PC on 06-12-2014 20:26:09
    Running from C:\Users\Chris\Desktop\Tools\FRST64
    Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
    () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6440480 2008-07-16] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-16] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
    HKLM\...\Run: [AsioThk32Reg] => %SYSTEMROOT%\SYSWOW64\REGSVR32.EXE /S %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
    HKLM\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595616 2007-10-30] (Acronis)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2007-10-30] (Acronis)
    HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
    HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader 64] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SetDefaultMIDI] => C:\Windows\system32\MIDIDef.exe [35840 2005-08-03] (Creative Technology Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [DellSystemDetect] => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {12995ec1-f6d3-11e2-a2b6-0022191402b8} - F:\MotorolaDeviceManagerSetup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {48179c7a-58b5-11e4-9f67-0022191402b8} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {c9b0d6fb-497d-11e3-a956-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-15] (Spotify Ltd)
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - H:\LaunchU3.exe -a
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-03] (Microsoft Corporation)
    Lsa: [Authentication Packages] msv1_0 relog_ap

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x900C39465770CA01
    HKU\S-1-5-21-3097217664-1659511971-2978430448-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 - (No Name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll No File
    SearchScopes: HKLM-x32 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> DefaultScope {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {613982E4-F788-4A99-BB39-C8D6AA09201A} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm245^S10474^us&si=CD9606&ptb=D6EBDB99-1AD8-406A-BDDE-D45DE0BDA87B&ind=2014082607&n=780c762f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNxdm002YYus&ptnrS=YNxdm002YYus&si=CK-b7YOx4LACFQZtKgodEE_S0g&ptb=EECFFB55-A31C-4060-B8A1-B4243EBBCEDB&ind=2012062118&n=77eda1a6&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60185
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {1DA8798F-58D5-444C-B332-EDC879CC151F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120417,17118,0,18,0
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll No File
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> No Name - {A6547405-A964-4600-8326-E91C95218964} -  No File
    Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uhhospitalsevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @DailyFitnessCenter_53.com/Plugin -> C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\NP53Stub.dll No File
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-02]
    FF HKLM-x32\...\Firefox\Extensions: [53ffxtbr@DailyFitnessCenter_53.com] - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin
    FF Extension: No Name - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2012-06-21]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-04]
    FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-10-23]
    FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-10-23]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
    FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
    FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20]

    Chrome:
    =======
    CHR HomePage: Default -> https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
    CHR StartupUrls: Default -> "https://search.yahoo.com/?type=903578&fr=spigot-yhp-ch", "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> search.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Facebook Plugin) - C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-24]
    CHR Extension: (Google Cast) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-04]
    CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
    CHR Extension: (Logitech SetPoint) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-16]
    CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
    CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
    CHR Extension: (Spreed - speed read the web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2014-05-04]
    CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-12]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-16]
    CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-04]
    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jmfmbeipcnbmgifkjkhppnjiffmpmpga] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
    R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-07-30] (AVerMedia) [File not signed]
    R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [393216 2009-04-09] () [File not signed]
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-02-05] (Macrovision Europe Ltd.) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
    S2 gupdate1caccabb97c9540; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-02-04] ( )
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware) [File not signed]
    S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
    R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492720 2007-10-30] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [508672 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-30] (Symantec Corporation)
    S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-08-27] (BitRaider)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151552 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [573952 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [738560 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [695808 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [208896 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [316928 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [169472 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [356864 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [9728 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [676864 2005-08-03] (Creative Technology Ltd) [File not signed]
    S3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [284160 2005-08-03] (Creative Technology Ltd) [File not signed]
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    S3 emupia; C:\Windows\System32\drivers\emupia2k.sys [130048 2005-08-03] (Creative Technology Ltd) [File not signed]
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1300480 2005-08-03] (Creative Technology Ltd) [File not signed]
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141205.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
    S2 MCSTRM; No ImagePath
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\ENG64.SYS [129752 2014-11-09] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\EX64.SYS [2137304 2014-11-09] (Symantec Corporation)
    S3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [205824 2005-08-03] (Creative Technology Ltd.) [File not signed]
    R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [103936 2012-05-10] (Renesas Electronics Corporation)
    R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
    S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
    R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)
    S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [56832 2009-11-25] (Susteen, Inc.)
    S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-09-01 07:00 - 2099-09-01 07:00 - 01162664 _____ () C:\Users\Chris\Downloads\XPS630i-010013a.EXE
    2099-09-01 06:47 - 2014-11-10 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2099-09-01 06:47 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2099-09-01 05:19 - 2099-09-01 05:29 - 00000000 ____D () C:\email maessages 060113
    2099-09-01 02:13 - 2099-09-01 02:13 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
    2099-09-01 02:13 - 2013-06-22 08:23 - 00000000 ____D () C:\ProgramData\iolo
    2099-09-01 00:37 - 2099-09-01 00:39 - 00000000 ____D () C:\Users\Chris\Downloads\geforce 9800GT driver 060113
    2014-12-06 15:03 - 2014-12-06 15:03 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-12-06 08:52 - 2014-12-06 08:52 - 00000277 _____ () C:\Users\Chris\Desktop\Storie Marrakech 4 x 4 in - Natural Stone Ceramic Wall Tile - The Tile Shop.url
    2014-12-05 07:21 - 2014-12-05 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-05 07:21 - 2014-12-05 07:21 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-05 07:20 - 2014-12-05 07:20 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-04 09:22 - 2014-12-06 20:26 - 00000000 ____D () C:\FRST
    2014-12-04 07:08 - 2014-12-04 07:08 - 00000257 _____ () C:\Users\Chris\Desktop\How to create a screenshot and automatically save it as a file in Windows 8.url
    2014-12-03 13:10 - 2014-12-03 13:10 - 00000515 _____ () C:\Users\Chris\Desktop\origin com ea charged - Yahoo Search Results.url
    2014-12-03 13:09 - 2014-12-03 13:09 - 00000174 _____ () C:\Users\Chris\Desktop\Credit Card charged and I don't know why - Answer HQ.url
    2014-11-27 09:23 - 2014-11-27 09:23 - 00000242 _____ () C:\Users\Chris\Desktop\In-Lab Data Recovery  Seagate.url
    2014-11-26 07:56 - 2014-11-26 07:56 - 00000268 _____ () C:\Users\Chris\Desktop\Janus - Tax Center.url
    2014-11-25 08:23 - 2014-11-25 08:23 - 00000273 _____ () C:\Users\Chris\Desktop\▶ DIY Video 2 How to fix a broken hard drive Beeping noise Get your data Back! Best Kept Secret - YouTube.url
    2014-11-25 08:23 - 2014-11-25 08:23 - 00000206 _____ () C:\Users\Chris\Desktop\▶ How to fix a broken hard drive. Beeping noise or clicking GET YOUR DATA BACK FOR FREE! BEST TRICK - YouTube.url
    2014-11-25 07:44 - 2014-11-25 07:44 - 00000234 _____ () C:\Users\Chris\Desktop\seagate hard disk clicking - YouTube.url
    2014-11-23 13:28 - 2014-11-23 13:28 - 00000218 _____ () C:\Users\Chris\Desktop\Amazon.com Nike+ SportWatch GPS Powered by TomTom (Black-Volt) GPS & Navigation.url
    2014-11-20 06:51 - 2014-11-20 06:51 - 00000202 _____ () C:\Users\Chris\Desktop\Netcraft Fish Logo T Shirts - Black with Flo. Yellow Fish Logo.url
    2014-11-19 07:03 - 2014-11-19 07:03 - 00000200 _____ () C:\Users\Chris\Desktop\Lenovo Y50 Touch Review & Rating  PCMag.com.url
    2014-11-15 19:08 - 2014-11-15 19:08 - 00000243 _____ () C:\Users\Chris\Desktop\Lose the Pooch! The Best Exercises for Lower Abs.url
    2014-11-15 17:35 - 2014-11-15 17:35 - 00000244 _____ () C:\Users\Chris\Desktop\Tips for solving problems with USB devices.url
    2014-11-15 11:17 - 2014-11-15 11:17 - 00000536 _____ () C:\Users\Chris\Desktop\art glass series tile - Yahoo Search Results.url
    2014-11-15 11:00 - 2014-11-15 11:00 - 00000219 _____ () C:\Users\Chris\Desktop\Page 4  Stone Tiles for Kitchen & Bathroom Backsplashes  Tile Bar.url
    2014-11-14 08:36 - 2014-11-14 08:36 - 00000365 _____ () C:\Users\Chris\Desktop\Splashback Tile Roman Selection IL Fango Diamond 12 in. x 12 in. x 8 mm Glass Floor and Wall Tile-ROMAN SELECTION IL FANGO DIAMOND at The Home Depot.url
    2014-11-12 18:38 - 2014-11-12 18:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Acronis
    2014-11-10 08:27 - 2014-12-02 13:38 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-11-09 15:34 - 2014-11-09 23:05 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-09 13:02 - 2014-11-09 13:02 - 00000622 _____ () C:\Users\Chris\Downloads\TakeOwnership.zip
    2014-11-09 12:30 - 2014-11-09 12:30 - 04163057 _____ () C:\Users\Chris\Downloads\tdsskiller.zip
    2014-11-09 08:28 - 2014-11-09 09:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
    2014-11-08 16:59 - 2014-11-09 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-08 09:39 - 2014-11-08 09:39 - 00000241 _____ () C:\Users\Chris\Desktop\Ceramic Wall Tile - The Tile Shop.url
    2014-11-08 09:35 - 2014-11-08 09:35 - 00000242 _____ () C:\Users\Chris\Desktop\Quartzite Wall Tile - The Tile Shop.url
    2014-11-07 09:15 - 2014-11-07 09:15 - 00159679 _____ () C:\Users\Chris\Downloads\487560915545cd3f2674b68.31507079.gpx
    2014-11-07 09:14 - 2014-11-07 09:14 - 00178455 _____ () C:\Users\Chris\Downloads\262109689545cd39f1277a1.28225474.gpx
    2014-11-07 09:12 - 2014-11-07 09:12 - 00053199 _____ () C:\Users\Chris\Downloads\729546237545cd327053449.95577951.gpx

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-09-01 12:44 - 2012-12-19 10:23 - 00000000 ____D () C:\NBRT
    2099-09-01 00:43 - 2006-12-31 23:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\NVIDIA
    2014-12-06 20:23 - 2012-11-19 16:40 - 00000366 _____ () C:\Windows\Tasks\HP Photo Creations Meijer Communicator.job
    2014-12-06 20:01 - 2012-11-19 16:39 - 00000270 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
    2014-12-06 19:28 - 2010-03-26 01:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-06 19:27 - 2013-01-24 07:40 - 00000000 ____D () C:\Users\Chris\Desktop\Tools
    2014-12-06 17:24 - 2010-01-23 13:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6FB57EC-4DF3-4850-8878-7975C2CC2651}
    2014-12-06 12:11 - 2014-08-27 11:11 - 00000366 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Chris).job
    2014-12-06 11:51 - 2009-11-29 08:33 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-06 10:30 - 2009-11-28 18:40 - 01471059 _____ () C:\Windows\WindowsUpdate.log
    2014-12-05 22:28 - 2010-03-26 01:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-05 09:39 - 2010-09-03 11:16 - 00002044 ____H () C:\Users\Chris\Documents\Default.rdp
    2014-12-05 06:40 - 2009-12-04 06:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\CutePDF Writer
    2014-12-04 19:20 - 2014-08-03 15:35 - 00000000 ____D () C:\Users\Chris\Desktop\deacon
    2014-12-03 18:48 - 2013-03-15 06:10 - 00000000 ____D () C:\Users\Chris\Desktop\kitchen
    2014-12-03 07:47 - 2009-07-14 00:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-02 07:32 - 2014-06-19 12:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
    2014-12-02 07:31 - 2012-12-06 06:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-02 07:31 - 2012-12-06 06:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-30 20:15 - 2010-09-18 13:50 - 00000000 ____D () C:\ProgramData\Lx_cats
    2014-11-30 20:15 - 2009-12-01 20:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
    2014-11-30 17:22 - 2013-01-14 15:53 - 00016896 _____ () C:\Users\Chris\Desktop\pw jean.xlsx
    2014-11-28 15:57 - 2013-03-03 18:34 - 00000000 ____D () C:\Users\Chris\Documents\TurboTax
    2014-11-28 15:40 - 2013-01-08 07:17 - 00000000 ____D () C:\Users\Chris\Documents\MSG
    2014-11-28 15:14 - 2011-11-22 09:05 - 00000000 ____D () C:\Users\Chris\Documents\flash drive 1
    2014-11-28 14:28 - 2011-05-01 08:17 - 00000000 ____D () C:\Games
    2014-11-27 09:59 - 2013-03-28 11:40 - 00000000 ____D () C:\Users\Chris\.VirtualBox
    2014-11-26 17:55 - 2014-01-22 11:28 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
    2014-11-26 10:31 - 2010-03-26 01:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-25 14:21 - 2009-07-13 23:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 18:02 - 2014-06-03 09:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
    2014-11-19 17:12 - 2012-08-07 14:42 - 00000000 ____D () C:\Program Files (x86)\Diablo III
    2014-11-19 17:10 - 2014-06-03 09:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-11-19 12:46 - 2011-07-23 08:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Spotify
    2014-11-19 12:45 - 2012-07-13 12:38 - 00000000 ____D () C:\Temp
    2014-11-19 12:45 - 2012-04-27 18:52 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2014-11-19 12:45 - 2011-06-13 06:02 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
    2014-11-19 12:44 - 2014-01-25 20:14 - 00009556 _____ () C:\Windows\setupact.log
    2014-11-19 12:44 - 2013-06-02 15:20 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-11-19 12:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-17 04:38 - 2012-02-26 11:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-16 17:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-16 17:37 - 2014-06-02 08:49 - 00000000 ____D () C:\ProgramData\WeCareReminder
    2014-11-13 22:23 - 2010-03-26 01:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-13 22:23 - 2010-03-26 01:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-10 11:01 - 2014-11-02 15:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-10 11:01 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-10 11:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-11-10 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Services
    2014-11-10 10:59 - 2013-06-16 17:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2014-11-10 10:59 - 2010-05-08 23:24 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
    2014-11-10 10:59 - 2009-11-29 10:42 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
    2014-11-10 10:59 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
    2014-11-10 10:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
    2014-11-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
    2014-11-10 10:57 - 2012-12-06 06:40 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-11-10 10:57 - 2011-02-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
    2014-11-10 10:57 - 2010-01-18 06:39 - 00000000 ____D () C:\Windows\SysWOW64\0
    2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
    2014-11-10 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
    2014-11-10 10:56 - 2014-06-02 08:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\OpenCandy
    2014-11-10 10:56 - 2012-03-27 20:54 - 00000000 ____D () C:\Users\Chris\Documents\tdsskiller
    2014-11-10 10:56 - 2010-08-21 09:43 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
    2014-11-10 10:55 - 2014-08-11 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-11-10 10:55 - 2012-09-03 07:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-11-10 10:55 - 2012-06-21 17:34 - 00000000 ____D () C:\Program Files (x86)\DailyFitnessCenter_53
    2014-11-10 10:55 - 2011-06-13 06:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
    2014-11-10 10:55 - 2009-11-29 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-11-10 10:55 - 2009-11-28 14:58 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-10 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-11-10 10:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2014-11-10 09:41 - 2010-08-21 09:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-10 09:25 - 2012-05-03 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-11-10 08:26 - 2009-11-28 13:12 - 00000000 ____D () C:\Users\Chris
    2014-11-09 08:10 - 2009-12-23 13:13 - 00007612 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg

    Some content of TEMP:
    ====================
    C:\Users\Chris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Chris\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
    C:\Users\Chris\AppData\Local\Temp\ose00000.exe
    C:\Users\Chris\AppData\Local\Temp\SlimCleanerPlus.x64.exe
    C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
    C:\Users\Chris\AppData\Local\Temp\_is6D5B.exe
    C:\Users\Chris\AppData\Local\Temp\_isC846.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-05 00:37

    ==================== End Of Log ============================



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 07 December 2014 - 11:15 AM

You either ran a scan instead of the fix I posted, or you posted the wrong log.  I'm looking for the fixlog.txt report - If you don't see that, please follow the instructions in post #10 again.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 December 2014 - 02:01 PM

Sorry about that, I ran the fix and a reboot.

Here is the fixlog.txt contents

I really appreciate all of your time and help

Thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01
Ran by Chris at 2014-12-07 12:06:03 Run:1
Running from C:\Users\Chris\Desktop\Tools\FRST64
Loaded Profiles: Chris & UpdatusUser (Available profiles: Chris & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Chris\AppData\Local\Temp\c0c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2K4UH3H\zq64x0e6hu[1].htm
EmptyTemp:
*****************

C:\Users\Chris\AppData\Local\Temp\c0c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2K4UH3H\zq64x0e6hu[1].htm => Moved successfully.
EmptyTemp: => Removed 7.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 07 December 2014 - 07:22 PM

Is your computer running normally?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 December 2014 - 08:53 PM

yes, it seems to running much better






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users